In participation with the National Cybersecurity Alliance and in celebration of Cybersecurity Awareness Month, CyberPolicy is proud to promote cybersecurity education by providing resources for small business owners to plan for, prevent, and insure against cyber crime.
Cybersecurity can be a complex and intimidating topic for many business owners. But, what may seem too large for any one person to solve can actually be a very manageable task with a little knowhow. In truth, the foundations of cybersecurity are decidedly non-technical and highlight the role of the individual internet user. With some basic understanding and a little guidance, you can see that cybersecurity relies on the collective actions of individuals within an organization rather than complex or expensive software.
Read on to learn how you can own your role in cybersecurity and strengthen the integrity of your operation.
Hackers are primarily after identity data, credit card information is their secondary target.
Identity data is any information that can be used to identify a specific user, employee, contractor, client, or consumer. This includes names, addresses, email addresses, social security numbers, and more. In many cases, a name, SSN and birthdate are enough to steal someone's identity causing immense financial and credit damage.
While stolen credit cards are bad news, stolen identity data such as medical records are much worse. Hackers love to pilfer healthcare information to resell on the dark web. Digital black-marketers actually prefer medical records to stolen credit cards. Credit cards can be canceled and they expire, offering a limited window of value. This is not the case for SSNs, names or birth dates, which live on indefinitely. Even a deceased person’s identity data can be used for nefarious purposes. If your business handles customer identity data, it is your job to protect that information.
Knowing exactly what cyber criminals are looking for makes it easier to safeguard that valuable information and protect your business. Here are handful of non-technical approaches that will enable your business to better shield identity data:
-Understand that not all data needs to be saved. Protect your customers by not saving some information. After all, it can't be stolen if you don't have it. Many CRM and POS applications collect more customer data than is needed to complete a transaction. Adjust the default settings of any apps that your business uses to retain only the information that is needed to process a transaction and maintain a relationship with a client.
-Train your staff to be skeptical. Phishing and social engineering scams are used by hackers to fool employees into sharing personal or financial information. Email is the primary tool that hackers use to deliver scams to unsuspecting recipients, so this is where you want to be on the lookout. Train your staff to identify suspicious emails. As a general rule: Be weary of all messages from unknown senders and NEVER share information, click links, or download attachments from anyone that you don’t know.
-Silo your data based on who needs it most. Not every member of your organization needs access to identity data. Segment employee access based on a need-to-know basis. Fewer access points to sensitive data offers fewer opportunities for a hacker to weasel in and cause problems.
Any business conducted online or with a connected device carries a certain set of risks. That’s the reality of the tech-enabled world that we work in today. Literally every company that hires employees or contractors, processes payments, or stores customer data needs to consider the possibility of a data breach. As a business owner, the outcome of any breach falls squarely on your shoulders. Data is one of the most valuable and vulnerable assets that any business manages. Unfortunately, many business owners don’t learn this fact until it's too late, because anytime there is a data breach, lawsuits can be expected to follow.
A cyber insurance policy covers your business in the event of a hack or data breach that results in financial damages - both direct and litigatory. This type of business insurance covers an organization’s intangible assets like digital files and data. Cyber insurance may seem novel to many business owners, but it has become a necessary form of coverage for companies that use the internet.
Common sense cybersecurity practices and training are the first line of defense. Cyber insurance is the final piece. Visit us online or give us a call at (800) 590-7292 to learn how cyber insurance can protect your business.