We hear and read the news stories all the time, so it’s no secret that cyber security threats are increasingly frequent, complex, and costly. And, it seems like no one is safe. If you conduct business online, communicate via e-mail, or even have computers connected to the Internet, you may be exposed to the threat of a cyber attack.
Consider the following:
- An employee accidentally (or deliberately) sends an e-mail containing confidential business or private customer information.
- A company-owned laptop or phone containing confidential business or private customer information is lost or stolen.
- A hacker gains unauthorized access to your network and steals intellectual property files or private customer and employee information
With just about everyone that uses office technology facing cyber risk, businesses and organizations need to understand the seriousness and complexity of these security threats, and what they can do to protect themselves.
Sinking Expectations and Concerns
According to a recent Citrix and CyberEdge Group report, more than half (52%) of IT professionals expect their organization to be negatively affected by a successful cyber attack in 2015, which is up from 39% the prior year.
However, despite the heightened sensitivity to external threats, Experian points to industry research that claims human error, employee mistakes / negligence, and malicious insiders are the leading cause—nearly 60%— of security incidents, but remain the least reported issue.
Small Business Becoming Bigger Target
While massive breaches at Target, Home Depot, JP Morgan Chase, and Anthem Health make headlines, it’s not just large corporations that are at risk. Statistics from Symantec show that 1 in 2.2 (45%) small businesses—with 1 to 250 employees—were targeted by cyber attacks in 2014. That number has dramatically increased in just a year’s time, with 1 in 5 (20%) being target in 2013.
The possibility of a cyber attack is real regardless of the size of your organization, and the worst thing you can do is ignore the risk.
High Cost for Inexpensive Data
In a recent joint study, IBM and the Ponemon Institute found that within the United States, an average data breach involves approximately 28,000 exposed or compromised records. Furthermore, according to the benchmark findings, data breaches cost companies an average of $217 ($143 indirect; $74 direct) per compromised record—a new record high.
And, to cause even greater concern, Experian analysts report stolen information can be acquired for approximately one-tenth of what it costs an organization in losses—with a single Twitter account being worth more on the black market than a credit card number, and stolen online identities / credentials selling for less than $25 per record.
Planning for the Road Ahead
Keeping pace with changes to both your computing and networking environment as well as the threats acting against it can prove difficult. In fact, Hewlett-Packard (HP) has cited research that shows, on average, it takes more than 240 days for an organization to detect a breach.
While thwarting every attack is unrealistic, it is perhaps more important to focus on awareness, knowledge, early resolution, and prevention.
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’left’ custom_border=’av-border-thin’ custom_width=’50px’ custom_border_color=” custom_margin_top=’30px’ custom_margin_bottom=’30px’ icon_select=’yes’ custom_icon_color=” icon=’ue808′ font=’entypo-fontello’ av_uid=’av-46pb49′]
Become Aware:
Conducting a cyber security assessment (self-evaluated or partner-led) is one of the first steps you can take in understanding what is at risk. Organizations must have a firm grasp on the nature and sensitivity of their data, the damage (e.g. costs) a cyber attack could do, and the level of susceptibility to a data breach.
Educate Employees:
It is absolutely vital to educate staff on what data needs to be protect as well as how to keep that data safe from accidental exposure. Also, teach your employees about smart password habits, malware and phishing scams / e-mails, securing sensitive data on personal devices, and destroying hardcopy documents.
Monitor Activity:
A single data breach could mean financial ruin for a massive international enterprise as well as a locally-owned SMB. Nowadays, organizations large and small face the same threats, so cyber security firms have made it easier and more affordable than ever to prevent, detect, and respond to malicious activity.
Plan Ahead:
Similar to monitoring, all organizations should have a clearly defined path for reacting to a cyber breach. Understandably, some plans will be more complex than others, but having a defined process in place can help you identify the breach and its source, address the issues that allowed the incident to happen, and take corrective measures to limit the severity.
Insure Yourself:
Cyber insurance has become more important to organizations’ preparedness plans. Policies range in price—depending employee size, industry, amount of data, existing security, etc.—and can help cover the costs associated with breach investigation, customer notification, crisis management, lost revenue, and credit monitoring services.
[av_hr class=’short’ height=’50’ shadow=’no-shadow’ position=’left’ custom_border=’av-border-thin’ custom_width=’50px’ custom_border_color=” custom_margin_top=’30px’ custom_margin_bottom=’30px’ icon_select=’yes’ custom_icon_color=” icon=’ue808′ font=’entypo-fontello’ av_uid=’av-2920rt’]
Cyber security is critical for all organizations. Customer records, payment information, personal files, intellectual property—all of this data can be next to impossible to replace if lost, and can be extremely dangerous in the hands of a criminal.
In the end, all organizations should develop and enforce policies for handling and safeguarding critical business data and sensitive customer information, protecting their reputation, and educating their employees on proper security awareness and behavior. Likewise, having a well-defined plan of action and knowing what to do for when a cyber event does occur can minimize damage and keep everyone involved protected.