Information is power. Getting at information has been the most important task the opposition has attempted since the invention of the substitution cypher. We build better mousetraps. They build better mice.
Data breaches in different industries continually make headlines. Regardless of your specialty, I cannot stress enough how critical cybersecurity is to your company’s success — especially since it’s a reactive part of the business world. Cybersecurity adapts and grows by responding to malicious acts and acting as if a breach will occur under your watch is the first step to blocking it.
Though there are several kinds of valuable information, they are all sensitive and potentially costly. Three different, oftentimes related types include:
Private: You’ve undoubtedly seen how distraught Ashley Madison’s members-come-victims have been. Moral ambiguity aside, their privacy has been compromised, which possibly stemmed from a $20 deactivation fee. Most of the businesses out there are not designed to enable infidelity or pseudo-romantic trysts. However, there are hobbyist companies, schools and organizations’ sites, just to name a few, that contain private information.
Even though we’re now in a culture where photos of everyone’s meals are posted online, individual privacy is valued nearly above all and that pertains to affiliations and memberships. Anyone can sue you if their information is obtained due to your negligence.
Posting a disclaimer that a visitor can check off is not a Kevlar vest.
HIPAA/Health Care: Whether you operate a hospital, walk-in clinic, a nursing service or are any type of doctor, government regulation stipulates that you will respect the privacy of your patients. However, your computers and servers unknowingly have not, and hackers certainly will not honor the morass of regulation that government has put into place to protect us from our better angels.
Just like the legal industry, medical records are being digitized and you never know who’s digging for dirt on one of your patients or your office. It’s a whole different headache, because it potentially involves health care providers, insurance companies, pharmacies and businesses. All the entities that routinely put you on hold will be banging down your door should information leak.
Financial: If you accept and hold bank account numbers, credit card pins, personal statements and automatic payments from customers, you should be installing some fail-safes. Learn from Target’s mistakes. If a red flag is raised, investigate it like someone’s breaking into your house.
This was a public relations nightmare for the retail giant and it only survived because it has the insurance and reputation to do so. That they compensated customers who were victims of fraudulent charges is also in their favor. Imagine how many heads rolled on top of all the legal fees gearing up for lawsuits while stocks and consumer trust plummeted. I’m assuming you’re not a mega-retailer and even if you are, you should never risk that.
What you can do
Take your clients’ information seriously do not risk any exposure.
- Enact a two-factor authentication process for users/employees accessing outside the office. Similarly to using a bank card with a pin number, it involves both a device and a special login code. The card can be substituted with a fingerprint or a rotating password. The idea behind it is that “it should be something you have and something you know.” It’s justifiably cautious.
- Require customer/clients passwords include numbers, and have employees’ change theirs quarterly.
- Invest in qualified IT professionals and cybersecurity consultants. They don’t have crystal balls but they are your eyes and ears on the ground.
- Your accounting department manager should collaborate with HR and IT to establish the best programs and protocols for your business accounts payable and receivable.
This is a thankless part of operating a business and it’s expected that you will hold this information as something sacred. While there’s no guarantees in this ever-evolving field, you get what you pay for, so do not skimp on protection. Being behind the times in terms of cyber-protection could set you further back and will likely diminish your credibility. You want to retain and attract clients, not lose them and your business due to shortsightedness. And certainly not because of an extortion-like deactivation fee.
To discuss more ways to protect your business’ online and digital presence, contact Brinen & Associates here.