Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 “spring cleaning” tips to make sure your company is prepared in case of an attack.
1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your data is stored? Having a disaster recovery plan in place can help your company answer these questions and allow for as little disruption as possible when a disaster strikes. If you already have such a plan in place, take 30 minutes to review it and make sure everything is up to date.
2. Incident Response Plan– Data breaches are becoming an all too familiar occurrence in today’s digital world. Preparing in advance for a breach can allow your business to limit its liability, reduce potential damage to your reputation, and get your business back up and running quickly. If you already have an Incident Response Plan, take one hour to review it make sure all of the contact information is current, that personnel have not changed, and your procedures have not become outdated.
3. Cyber Insurance– Nearly all states have a breach notification law that is triggered when a business loses control of customer data either accidentally or when it is illegally taken. Even a business that has an Incident Response Plan, and took cybersecurity seriously will have to comply with the notification laws. This is not an inexpensive endeavor, and can easily cost tens to hundreds of thousands of dollars. Having cyber insurance can help cover these costs associated with breach notification, and other aspects such as legal support and cyber vendors who specialize in responding to breach incidents. Spend 30 minutes to make sure your business not only has cyber insurance, but the right coverage and the steps required to notify the carrier in the event of an incident.
4. Human Resources Training– Human resource employees are favorite targets for criminals looking to steal personal information about your employees. A common scam around tax season is to impersonate someone in management and request they email them employee W-2 forms. These forms contain valuable personal information like social security numbers. Take one hour to make sure your business trains your HR staff in proper procedures to follow when requests for W-2s, personal information, or other valuable information is requested. Check with your HR employees and make sure they are aware of these scams, and that they check with you before sending personal information.
5. Employees and Phishing Scams– Many attempts to break a company’s technological defenses rely on some form of the human element. Frequently, this will come in the form of emails that contain a malicious link that allows someone to gain unauthorized access to a company’s network. These emails could be very generic in nature, which is called a phishing email, in that it relies on sending out a vast number of emails and only requiring a few bites to be successful. The email could also be crafted to target an individual and thus appear more authentic. They may be able to gather information about the employee from social media, company websites, and other resources to craft an email that appears legitimate. Employees need to be trained to know how to spot these emails, what to do if they think they have received one, and to be more generally aware of their existence. Take an hour and check if this type of training is part of your orientation for all employees. Schedule periodic refreshers on the latest trends in phishing email scams.
These 5 spring cleaning tips will help your company maintain its cybersecurity resilience. Taking a few hours now to run through these tasks could go a long way towards preventing a cybersecurity nightmare down the road.