Protect your business and clients with these cybersecurity tips
Having an online presence is now a must to run and grow a business. With that necessity and convenience also comes the responsibility to protect your business and clients' information. Not taking the proper steps for protection could cost you. The average cost associated with a cyberattack against businesses with less than 500 people is $2.35 million.
The Federal Trade Commission (FTC) has developed 10 cybersecurity tips to help you recognize vulnerabilities that could affect your business and reduce the risks they pose.
- Start with security. Factor it into the decision making in every department of your business — personnel, sales, accounting, information technology, etc. Only collect personal information you need and hold on to that information only as long as you have a legitimate business need for it.
- Control access to data sensibly. Once you've decided you have a legitimate business need to hold on to sensitive data, take reasonable steps to keep it secure. You'll want to keep it from the prying eyes of outsiders, of course, but what about your own employees? Not everyone on your staff needs unrestricted access to your network and the information stored on it. For your network, consider steps such as separate user accounts to limit access to the places where personal data is stored or to control who can use particular databases.
- Require secure passwords and authentication. If you have personal information stored on your network, strong authentication procedures can help ensure that only authorized individuals can access the data. Insist on complex and unique passwords that are stored securely. Implement a policy to suspend or disable accounts after repeated login attempts to reduce the risk of cyberattacks.
- Store sensitive personal information securely and protect it during transmission. Use strong cryptography to secure confidential material during storage and transmission. The method will depend on the types of information your business collects, how you collect it and how you process it.
- Segment your network and monitor who's trying to get in and out. When designing your network, consider using tools like firewalls to segment your network, thereby limiting access between computers on your network and between your computers and the internet. Another useful safeguard: intrusion detection and prevention tools to monitor your network for malicious activity.
- Secure remote access to your network. If you give employees, clients or service providers remote access to your network, take steps to secure those access points and limit access to only what's needed to get the job done.
- Apply sound security practices when developing new products. Early in the development process, think through how customers will likely use the product. If they'll be storing or sending sensitive information, is your product up to the task of handling that data securely? Before going to market, consider security involving product development, design, testing and roll ‑out.
- Make sure your service providers implement reasonable security measures. Keep a watchful eye on your service providers — for example, companies you hire to develop apps or to process personal information collected from customers. Take reasonable steps to select providers that are able to implement and verify appropriate security measures and monitor that they're meeting your requirements. Put it in writing as part of your contract with them.
- Put procedures in place to keep your security current and address vulnerabilities that may arise. Securing your software and networks is an ongoing process that requires you to keep your guard up. If you use third ‑party software on your networks, or if you include third ‑party software libraries in your applications, apply updates as they're issued. Heed credible security warnings and move quickly to fix them.
- Secure paper, physical media and devices. Implement a policy to securely store documents. Securing information stored on your network won't protect your customers if the data has been stolen through the device that collects it. So not only do you need to keep your office secure, you need to think about laptops, external hard drives and mobile devices that may be used on the road. Dispose of sensitive data by shredding, burning or pulverizing documents to make them unreadable and by using available technology to wipe devices that aren't in use.
Start taking cybersecurity steps today.
Try these tips from the FTC to help protect your business and client information. The FTC also has a cyber planner for small businesses. It's a great online tool you can use to start building a custom cybersecurity plan. You can choose from a menu of expert advice to help with your business needs and concerns.
This information is brought to you by Athene — where innovative annuity solutions are powered by unconventional thinking.