Tags: Cyber Law

What makes your customers want to do business with your company? Your reputation; customers are looking for a brand they know and can trust. Data breaches and leaks of confidential information error customer confidence, and can cause a loss of faith in your company that negatively effects brand equity. No matter how long your company has been in business or its financial track record, any breach can call past success and customer loyalty into question in a matter of hours.

It’s crucial that your company be proactive rather than reactive towards cyber threats posed by hackers. Use the checklist below as a starting point for assessing your security position. You may think that some of these are no brainers, but many of these are often overlooked. If your company is hacked, you don’t want to have to explain to the media why your company failed to take basic precautions against a cyber-attack.

What can you do to prevent major damage from a breach?

  1. Update old information and secure your communications:

Consistent review of your databases and hardware allows you to catch outdated information such as old passwords or ex-employee accounts that are no longer used. Unusual activities, or spikes in site traffic often signal hackers are probing your company’s security. Be sure to monitor your emails and delete those that contain sensitive information and are no longer needed. Train your employees and update training for new threats. Don’t leave any weaknesses for hackers to find.

  1. Create a breach response policy:

A breach response plan won’t prevent an attack, but it can minimize the reputational damage that can be done by a breach. Getting the hackers out of the system is the first priority. The faster that your company can seal a breach and inform affected customers before your breach makes headlines, the better. Have a plan in place with specific duties assigned as to who will lead the effort, who will draft content, who will generate hard copies, and who will figure out who to contact. In the middle of a crisis, you won’t have time to figure this out before the breach makes the nightly news.

  1. Limit access to necessary personnel:

Know who can access your servers or files and why. Having a limited number of people using a system limits the chances of leaked information or internal fraud going undetected. If a breach should occur this will also reduce the time it will take to pinpoint how and where it occurred.

  1. Limit the use of company devices and manage BYOD policies:

Smartphones and tablets have insured that we carry work around with us wherever we go. While undoubtedly pragmatic, they also pose certain risks. Taking devices back and forth between home and work that can access, or contain confidential information, increases the chances that a leak or hack will occur. Employees that download apps to a work place device, or a use BYOD that can access company data pose a risk to your company’s data security. Create an employee device usage policy that restricts the ways in which employees can use company computers, phones, tablets, etc. to reduce the threat.

  1. Have Employees create individual unique passwords for each account:

Avoid master passwords or a common password used across multiple devices or accounts. Common sense dictates that the passwords be complicated and not easily guessed. Do not allow passwords such as “password” or “123456”. Instead create passwords that combine letters, numbers, and special characters randomly and then change those passwords every three months.

  1. Avoid Public Access:

Accessing company data or system via public computers or public Wi-Fi connections are an invitation to hackers to access company accounts/information from these sources. Employees are easily and commonly hacked at airport cafés or waiting areas where masses of people access public computers or Wi-Fi connections from company devices.

  1. Always Encrypt Files:

All of your company’s files should be encrypted. This means that the code contained in the file cannot be accessed in readable script without the proper codes. Even if a hacker gets access to your hardware, there is no usable information without the encryption key. Encryption is an absolute must and is unfortunately ignored by many small businesses.

  1. Securely delete files no longer in use:

When a file is deleted from the Microsoft desktop, all of the references to that document are deleted. However, the document itself actually remains on the system’s memory and can still be accessed by hackers. A third party software program can be used to securely “shred” all deleted files. There are companies that, similar to paper documents, contract this service out to businesses.

  1. Physical assets are still vulnerable too:

Physical documents that store personal data are also valuable to hackers. Shredding and secure storage of paper documents are easily overlooked as valuable anti-hacking tools. Physical theft occurs because it is easy. Paper stored in plain sight, or left unsupervised are easy targets. Thankfully, protecting physical documents is relatively inexpensive and simpler to achieve than protecting electronic media.

  1. Assume you are always at risk:

Assume that your business is a prime target for attack. Too many breaches occur because people tell themselves that this would never happen to them and that their business is too small to represent a target. Criminals follow the path of least resistance and to them an open door is an open door. Be especially wary if your business operates in the banking, financial, or health care industries, as these are prominent holders of personally identifiable information. A stolen credit card number, no matter where it comes from, can fetch $4 to $5 dollars on the black market. Health care records can command up to $84 each. In other words, no business is too small to target when the return on investment is so large.

Have you or your business taken the necessary precautions against a potential cyber breach? For more information related to this article and others like it, visit out blog pages at Goosmann Law Firm or contact us as at info@goosmannlaw.com or (712) 226-4000.

 

Subscribe Our Blog

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.