With last year reporting the highest level of cyberattacks yet, this year is a year of prevention. Companies are taking the time to understand how to keep their customer information safe from a cyberthreat and putting in place solid measures that can thwart any attack to their data.
As a business owner, you need to consider the importance of protecting your customers’ confidential information to prevent it from getting into the wrong hands. To understand how your company can assess its cybersecurity and repair any potential sources of risk, entrepreneurs from YEC weighed in.
Name one step business owners can take to accurately assess their company’s level of cybersecurity risk and begin to tackle it.
Their best answers are below:
1. Identify basic threats.
Hackers and anyone who poses a cybersecurity threat feed off a lack of information on your part. You should have a plan for basic threats like unauthorized access before you even start, and plan to keep learning about cybersecurity your whole career. – Michael Dash, Parallel HR Solutions, Inc.
2. Operate like you expect an attack.
Be aware of the data that is leaving your business and whether it would be attractive to cyberattackers. Make sure your team has the resources to conduct risk assessments regularly and develop a multi-layered strategy that includes solutions, such as privilege management. – Blair Thomas, eMerchantBroker
3. Look at employee behavior.
Start with employees, including the remote team, and how they connect and use your network. Also, consider how they use passwords and view security threats. Often, the risk comes from staff that don’t realize the threat. – Peter Daisyme, Calendar
4. Use two-factor authentication.
We hear of a new data breach every day. Assume your passwords will be leaked at some point in the future and plan for it. Require all employees use two-factor authentication when accessing any important accounts. This is the simplest way to minimize risk. – Francois de Lame, Policygenius Inc.
5. Commit to an audit.
If you’ve gotten to the point that you are certain you want to validate your security risks, you need to commit to getting an audit done. There are lots of good cybersecurity consultants that can do this. Another option is to consider hiring a chief information security officer. – Nicole Munoz, Start Ranking Now
6. Have a strong offboarding policy.
It’s important to have a strong offboarding policy when employees leave, to mitigate the risk of a potential cybersecurity threat. Offboarding should include returning ID badges, company credit cards, mobile devices and laptops, as well as deleting their email address and changing passwords if not encrypted. – Syed Balkhi, OptinMonster
7. Start with what’s important.
What would be the most vulnerable thing to have leak out or lose? Start with that. Check how it’s accessed by staff and that it can’t be accessed by outside sources. Audit your procedures around storing that information to make sure you’re protected where it matters. – Jürgen Himmelmann, The Global Work & Travel Co.
8. Conduct a risk assessment.
It’s simple. Most businesses should be conducting a cybersecurity risk assessment once every couple of years. This will ensure important risk mitigation is in place, and priorities can be made and tasks completed. Risk management should be an ongoing activity and fall into a standard cadence to ensure the business is not exposed. – Baruch Labunski, Rank Secure
9. Hire a professional.
Hire a ‘white hat’ hacker who will do their best to try and breach your systems. They will try everything from code vulnerabilities and brute-forcing passwords, to manipulating your employees for sensitive data. They’ll tell you the results and probably also help you fix them. – Karl Kangur, MRR Media
10. Consult the FINRA checklist.
The Financial Industry Regulatory Authority (FINRA) has created a valuable cybersecurity checklist for small businesses. It’s available for download on their website. It’s a four-part list that focuses on prevention, detection, planning for a possible security breach and recovery of lost or stolen assets in the event of a security incident. It’s an excellent place to start. – Thomas Smale, FE International
11. Calculate your risk rating.
Calculating your risk rating for each identified threat will help you determine which areas you need to focus on first. Each threat will receive its own value and risk calculation of low, elevated or severe. – Jared Atchison, WPForms
12. Don’t rely on ad-hoc security processes.
Security depends on knowledge — a business has to understand where it may be exposed to risk before it can implement effective security policies. First step: systematically audit your networks. Build a comprehensive overview of the hardware and software you have in play. Next, use the results of your audit to implement security policies and processes that reduce the risks you have identified. – Justin Blanchard, ServerMania Inc.
13. Use decentralized blockchain applications.
I recommend leveraging blockchain decentralized applications. There are various blockchain applications offerings and different blockchain solutions for better security compared to a centralized model. – Matthew Capala, Alphametic
14. Inquire about a cyber insurance policy.
Certain companies now offer insurance policies for cyber attacks. This may or may not be a good investment for your own business. However, simply inquiring about such policies and getting an estimate will help you better understand your level of risk. As with any type of insurance, the cost of the policy depends on your risk factors. – Kalin Kassabov, ProTexting