According to a 2018 IBM-sponsored study by the Ponemon Institute, the global average for a data breach is $3.86 million. That means roughly $150 per stolen file. If you’re a small or medium-sized business, you may not think statistics like these apply to you. But out of 17 industries represented in the report, the most impacted sectors were financial, service, and manufacturing. Therefore it is imperative that you take steps to protect your business from cyber attack. Here are some steps that you can take to begin to cover you bases.
Control who has ACcess your information
Create a list of employees with their respective access and their business accounts. Also include their types of access that they have either your building or passwords.
Another recommendation would be to have any business electronics have a lock screen when not in use. Ensure that any visible screen is not visible from any public eye view.
Do not allow physical access to computers or systems by unauthorized personnel, such as:
Cleaning crews or maintenance personnel
Unsupervised computer or network repair personnel working on systems or devices
Unrecognized individuals that walk into your office or shop floor without being questioned by an employee
It only takes seconds for a criminal to access an unlocked machine. Don’t make it easy for them to steal your sensitive information.
conduct background and Security checks for all employees
Background checks are essential to identifying your cybersecurity risks. Full nationwide searches should be conducted for all prospective employees or others who will have access to your computers and company’s systems and equipment.
These checks should include:
- Criminal background checks
- Sexual offender checks
- References to verify dates worked for previous employers
- Education and degree verification
You may also consider conducting a background check on yourself, which can quickly alert you if you have unknowingly become the victim of identity theft.
require individual user accounts for each employee
Setting up individual user accounts assist if there ever is a breach to identify and quarantine any machine or account that has been compromised. Set up a separate account for each employee and contractor that needs access. Require them to use strong, unique passwords for each account.
Limit the number of employees who have administrative access, especially if it isn’t required for them to perform their daily job duties. Consider guest accounts with only Internet access for visitors or customers at your facility.
create cybersecurity policies & Procedures
While creating your first cybersecurity policy may seem like a daunting task, there are plenty of easy-to-follow tips from the MEP National Network that can help you get started. You may also want to consult with a legal professional familiar with cyber law to review your policies to make sure you’re complying with local laws and regulations.
Your new cybersecurity policy should include:
- Your expectations from your employees for protecting company information
- Essential resources that need to be protected and how you expect your employees to protect that information
- A signed agreement from each employee to confirm they’ve read the policy and understand it.
Keep the signed agreement in each employee’s HR file. Review the policy at least once a year and make updates when you make any changes to your company’s technology. You can then use your cybersecurity policy to train your new employees on their information security responsibilities and set acceptable practices for all your business operations.
Overall these are some basic steps to begin to protect your business from cyber attacks. There are also technical steps to take to further safeguard your business. With these protocols it is a step in the right direction to further prevent any data loss and protect your business from further exposure.2