10 Tips to Reduce Your Risk of a Data Breach
Cybersecurity is important and ever-changing.
Major data breaches are a common topic in news today. It is estimated that $150 billion is lost annually by businesses of all sizes due to data and identity theft.(1) Only 1 in 4 organizations feel they are highly immune to cyberattacks.(2)
The best way to prevent a cybersecurity attack is to know what can be done now to protect your data. Finding and using an expert in the cybersecurity field is always a good idea.
Data breaches can cause irreversible security and relational damage. Customers are likely to terminate a relationship with a business if they feel their information is susceptible to attack. Not to mention the large cost a cybersecurity attack can bring to an organization. The average cost of a data breach is $4 million – up 29% from 2013.(3)
Before you say you and your company doesn’t need to worry about a cybersecurity attack, read these statistics:
- 58% of malware attacks are against small businesses.
- The average cost of a cyberattack against a small and medium sized business is $2,235,000.
- 93% of cyberattacks are delivered via email.(4)
The reality is you data is too valuable not to be targeted.
So how do you protect yourself and your customers’ information from security threats? Be sure your organization is exercising all of the best practices below to help minimize the chance of a data breach and all the consequences that follow.
- Control passwords carefully
Partake in strong password management software so only authorized personnel have access to network and systems you use. Make sure to have procedures for removing access to personnel that no longer require access as well.
- Change any default passwords
Before using any new device, be sure to change any default usernames and passwords. Cybersecurity criminals are able to access a list of default passwords for any provider/manufacturer. Ensure to make your personalized passwords intricate, using uppercase letters, numbers and symbols. Avoid passwords that would be easy for someone to guess.
- Use two-factor authentication
Use two-factor authentication in any place that someone has remote access to your environment (including all service providers). Two-factor authentication uses something the user knows (as in a password or username) and something the user has (as in a code or token). This should be implemented throughout all of your organization’s systems.
- Do not allow browsing on systems that don’t require it
Do not allow internet browsing on any systems that do not require it as well as any device that connects to those systems. Any malicious link that is clicked on online could lead to malware or viruses.
- Avoid skimming
Avoid skimming, or fraud, by conducting daily checks of your devices. Always use tamper proof hardware and attach unique markings or stickers to quickly identify overlays. Criminals are intensifying their efforts to steal card information by creating convincing skimming device overlays.
- Increase security of remote access
Protect remote access applications and create two-factor authentication as required. Remote access should not be turned on at all times, only on demand. If upgrades to your system are needed from a vendor, make sure to schedule the upgrade and provide remote access to a known IP address for that scheduled time.
- Keep anti-virus software updated
Ensure all anti-virus software is updated with the latest anti-virus signature files. These files are very important. They enable anti-virus software to recognize and remove new malware and viruses.
- Keep device software updated
Ensure you are updating software applications to the latest versions and software application patches. The more timely and diligent you are in updating your devices’ software, the less vulnerable you are to malware attacks.
- Protect yourself against phishing
Educate associates to not click on links in emails. These links could lead to harmful malware or viruses on computers. Educate associates to notify the proper security department of your organization when suspicious emails are received.
10. Use encryption and tokenization
Implementing encryption can protect client/customer data as it’s in transit after point of entry. Tokenization then replaces certain data with a random-generated value or “token”. This token will be stored in your system with less concern as the data won’t show the exact data.
Need a business consultant?
At ATLAS CPAs & Advisors, our advisors are equipped with the experience and expertise to get you and your business where you want to go. We will walk alongside you throughout the journey of your business, solving problems and creating solutions every step of the way. Your success is our success and we strive to provide exceptional value.
Contact us today to find out how we can serve you.
This article was co-created with Rain.Tech Custom Cloud & Managed IT (ATLAS Alliance Member).
- McAfee 2013 Study: “The Economic Impact of Cybercrime and Cyber Espionage”. [http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf]
- 3 out of 4 organizations admit they aren’t ‘resilient’ to cyberattacks (September 2015). [http://fortune.com/2015/09/18/schneier-cyber-resilience/].
- Ponemon Institute’s 2016 Global Cost of a Data Breach Study. [http://media.newsnet5.com/uploads/Data%20Breach%20Report%202016.pdf]
Verizon 2018 Data Breach Investigation Report, 11th Edition