What’s Your Cyber Exposure?
Most of us probably don’t give much thought to what could happen if our sensitive data is compromised. I mean, we’ve got a firewall, an IT department, an insurance policy that must cover cybercrime, possibly a business attorney on retainer…somewhere in there, our exposure is minimized, right? Unfortunately, the bad guys just keep getting more creative.
I recently went to a seminar on this topic, and what I found was that I, like most business owners, didn’t really think I was at risk. The bottom line is any entity storing electronic information on just their employees (current/former and potential) could experience a data breach, which Wikipedia simply defines as, “A security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”
Not convinced it’s for you, yet? Maybe you outsource your payroll to a third party service provider, and the sensitive employee information doesn’t reside on your server. You’re safe! Come on, you didn’t think it would be that easy, did you? No, if you own that sensitive information, the liability still falls on you. And, the reality is, that while your service provider doesn’t want your sensitive information falling into the wrong hands any more than you do (it’s no walk in the park for anyone involved if this occurs), it can happen, and it does happen. Could be the result of a hack, a rogue (disgruntled) employee, lost/stolen laptop…
So, what is defined as sensitive data? It’s any data that can identify a unique individual. Examples of the most common are: name, date of birth, social security #, email address, mailing address, telephone number, bank account number, clinical information, claims information. This can be employee information, clients/customers, patient info (healthcare cybercrime has seen a recent surge), business partners, etc.
While there’s no way to absolutely prevent an incident from taking place, there are some things we can do to minimize exposure. A few tips from the experts:
- Have a plan. Know what steps you will take in the event something does happen to prevent business from coming to a halt and curtail losses. Consider conducting a cyber-attack simulation. Who will you call? In what order? What and where are your most critical assets that could be attacked? What is their value?
- Provide employee training. Many incidents start with an employee clicking on one bad link. Before you know it, your data is encrypted, and you’re receiving ransom messages demanding money in exchange for decrypting your own data. Help keep employees keep informed on what to look for and educate them on why it’s important to be cautious.
- Depending on the nature and volume of data you own, look into a specific cyber insurance policy.
In the meantime, do what you can to stay safe and recognize that everyone is in the same boat. If you do get hacked, don’t beat yourself up; we’re all rowing our boats in a stormy and uncharted sea of cyber hits, attacks, hackers, ransomware, malware, viruses, and so much more. We owe each other a desperate loyalty to give tips for staying afloat when we learn them…
+Carolyn Kanabrocki is a consultant with Morrison, providing business valuations, business planning (including budgeting, cash flow forecasting, and strategic planning), feasibility studies, interim controller services, recruitment, competitive grant writing and special projects that don't fit into any conventional category. You can contact Carolyn directly at firstname.lastname@example.org or via telephone at 530-893-4764 ext. 212.