It is becoming commonplace to hear of big security breaches. Consumers wonder how this keeps happening. It would seem like every company should be taking their data security very seriously. After all, a data breach typically costs millions of dollars and tarnishes the company’s reputation.
After the Target data breach of 2013, shoppers were wary about returning to the retail giant to shop. To date, the breach has cost Target over $90 million, and there’s no way to measure the damage to their reputation. Target stores, like many other brick and mortar stores, are already suffering from the consumer trend to buy everything online. Numerous surveys confirm that patrons are reluctant to shop online at smaller stores. The overall belief is that larger stores have better cybersecurity.
This theory was certainly questioned when the nation’s largest banker, JP Morgan Chase, lost the names, addresses and personal information of 76 million of its customers. Breaches like this erode the public trust and cause consumers to back away from doing business online altogether.
So how can you stop this from happening to your company? Is anyone really safe nowadays? Below, we discuss six solidly proven ways to prevent cyber security breaches from occurring at your company.
1. Limit access to your most valuable data.
In the old days, every employee had access to all the files on their computer. These days, companies are learning the hard way, to limit access to their more critical data. After all, there’s no reason for a mailroom employee to view customer financial information. When you limit who is allowed to view certain documents, you narrow the pool of employees who might accidentally click on a harmful link. As corporations move into the future, expect to see all records partitioned off so that only those who specifically need access will have it. This is one of those common-sense solutions that companies probably should have been doing all along.
2. Third-party vendors must comply.
Every company does business with a wide array of third-party vendors. It’s more important than ever to know who these people are. Companies can even open themselves up to lawsuits by allowing strangers to enter their premises. What if the guy who delivers office supplies just got out of prison? It’s something to think about. In addition, be sure to limit the types of documents these vendors can view.
Though precautions like this can be a hassle for the IT department, the alternative could be a multi-million-dollar data breach. For those companies that are allowed to view your important data, demand transparency. Make sure they are complying with privacy laws; don’t just assume. Ask for background checks for third-party vendors who must enter your company on a regular basis. CEO’s need to get tougher on security if they really want to instigate change.
3. Conduct employee security awareness training.
According to recent surveys, employees are the weakest link in the data security chain. In spite of training, employees open suspicious emails every day that have the potential to download viruses. One mistake that employers make is thinking that one training class about cybersecurity is enough. If you’re serious about safeguarding your important data, schedule regular classes each quarter or even monthly.
Believe it or not, employees have been known to leave those classes, return to their desks and open suspicious emails without even thinking twice. Marketing studies show that most people need to hear the same message at least seven times before it begins to change their behavior.
4. Update software regularly.
Professionals recommend keeping all application software and operating systems updated regularly. Install patches whenever available. Your network is vulnerable when programs aren’t patched and updated regularly. Microsoft now has a product called Baseline Security Analyzer that can regularly check to ensure all programs are patched and up to date. This is a fairly easy and cost-effective way to strengthen your network and stop attacks before they happen.
5. Develop a cyber breach response plan.
What would you do if you went to work tomorrow and learned that a data breach had occurred? Surprisingly few companies have a sound breach response plan in place. It either hasn’t occurred to them that they may need one someday soon, or they feel they can handle the response as necessary. There’s a significant fallacy in this thinking. In the past, large companies that had cybercriminals break in and steal records were slow to make this public. They were also reluctant to share the truth about how much data and what type of data was stolen.
The government’s OPM break-in was handled very poorly. It was months after the breach before FEMA made a public announcement. When they did announce that a data breach had occurred, they downplayed how serious it was, issuing incorrect information about exactly how many records had been compromised. It was several years before the true nature of the breach was exposed.
For consumers, this is unacceptable. People feel they have a right to know exactly when the breach occurred and what was lost. Though it took several years to learn this, government employees were finally told the truth: over 21 million records were stolen. Most of them contained names, addresses, social security numbers, and fingerprints.
Developing a comprehensive breach preparedness plan enables both the employees and the employer to understand the potential damages that could occur. An employer should be very transparent concerning the scope of the breach; employees want to know the truth. A good response plan can limit lost productivity and prevent negative publicity. Employees feel angry when they find out that the company they work for had a data breach six months ago and told no one told them about it.
Your response plan should begin with an evaluation of exactly what was lost and when. Find out who is responsible whenever possible. By taking swift, decisive action, you can limit damages and restore public and employee trust.
6. Difficult to decipher passwords
In the past, businesses rarely got involved with how often employees had to change their passwords. Recent cyber breaches have changed all that. When security experts come to your company to educate your employees, one thing they will stress is the need to regularly change all passwords. Most of the public has discovered the importance of making passwords difficult to decipher. Even on our home computers, we’ve learned to use upper case letters, numbers and special characters when formulating passwords. Make it as difficult as possible for thieves to break in and steal your stuff.
Reassure your customers.
Online shopping now represents over $80 billion in sales for American businesses. People seem to love to shop online. It’s so easy and convenient. The future looked bright for online sales until data breaches at stores like eBay and Amazon occurred. Recent surveys of consumers across America show that 56% have cut back on their internet purchases due to fear of their personal info being stolen. This equates to lost sales in the millions of dollars.
This has now become such a prevalent problem that companies create marketing campaigns to reassure shoppers that it’s safe to shop online again. But, it can take years to restore the public’s trust once it’s lost. If customers see that your company is doing its best to prevent cyber theft, they may feel better about buying from you.