What’s your reaction when you hear about a business being damaged—or even destroyed—because of a cyberattack? Do you breathe a sigh of relief, glad it wasn’t you, and go about your business as usual? Or, do you use the news as a reminder that maybe your company isn’t as safe as it could be?
No business is 100 percent safe from cyber-intrusions. But that shouldn’t stop you from doing the best that you can to prevent one. Here are the four steps we suggest.
Identify, Educate, Repeat
The first step you should take involves learning where your exposure to attacks lies. It goes without saying that you need to protect your computers and networks. But the solution is bigger than maintaining effective antivirus software. Who comes in contact with your digital data, wherever it might be stored? Employees. Customers. Suppliers. Third-party software and data storage services. Determine where your points of weakness are.
Once you’ve done that, don’t keep it to yourself. You should make your universe of connections aware that cybersecurity is a priority for you, and that you expect them to follow prescribed safety protocols.
You never really complete this step for good. Your assessment of your vulnerabilities should be ongoing.
Turn Your Awareness Into Action
We’re talking about policies and people here. Cybersecurity should not be something that’s simply discussed in meetings and maybe mentioned occasionally in emails and newsletters. It should be built into your corporate culture in concrete ways, like these:
- Designate one staff member as the point person for this continuous effort. He or she doesn’t necessarily need to be the most technically savvy employee, but should demonstrate commitment to the problem and the willingness to consult with experts when needed.
- That individual should set up training when warranted and communicate immediate threats and safety tips to employees. He or she might actually hold periodic drills. What is expected of staff when an attack is suspected? How do they protect the data that’s within their reach?
- Outline employee responsibilities in job descriptions and evaluate them as part of the periodic review process. Make it clear that because they use the company’s technology, they have a responsibility to keep all data that they touch as safe as possible.
Know How To Document An Incident
What if the worst happens and your company has become the victim of a cyberattack? How will you handle the press release? We’re not speaking literally here. But you need to have a written plan in place that lays out the individuals and companies that must be contacted.
If information belonging to customers and/or suppliers has been compromised, they certainly must be notified. The language that you use is important here, whether you’re having to call just a few on the phone or dispatch the critical message to thousands in writing. Also important is the delivery vehicle. You must be absolutely certain that anyone who’s been affected gets the information – and as quickly as is reasonably possible.
Are there any state or local or federal agencies that need to be apprised of the situation? If consumer data was breached, this is likely. Know ahead of time what your responsibilities are.
Obviously, there will have to be a thorough, highly-detailed report outlining what happened, how it may have happened, and what your response was. And, of course, what steps you’ve taken and will continue to take to prevent a future occurrence.
Enlist A Fresh, Informed Set Of Eyes
You may be able to accomplish all of this on your own. But sometimes an outside expert can spot cracks in your armor that no one in the company has seen. He or she may also have suggestions for solutions that haven’t occurred to you. We’d be happy to provide you with a cybersecurity review and assessment. Contact us to set up a consultation.