We see it in the news on a regular basis. Major corporations like Anthem, eBay, Sony Pictures, and Target have all suffered major data security breaches. But these breaches don’t only happen to major businesses. Companies of all sizes are targets. Sometimes, smaller companies are even bigger targets because protections may be lax.
So how do businesses of all sizes go about data breach prevention and cyber security? Here are seven tips to strengthen your business against a data breach.
1. Train employees and users on data breach prevention
Human error is often to blame for most breaches. The easiest way for a hacker to invade your network is by preying on an employee who doesn’t recognize the risk. Whether through a malware email attachment, or by downloading a document from an unreliable resource, there is a wide variety of easy phishing attempts that can lead to a data breach. The key to prevention is teaching your employees how to avoid making these common mistakes. Also, include a technology protocol section in your employee handbook where your team can easily access it. This section should cover proper steps to take to protect your technology, especially anything that could be considered a trade secret, or private customer/client information and data.
2. Store customer data in an encrypted database
Another tip for data breach prevention is to use a secure database and encrypt any items containing customer/client information or trade secrets. The encryption process converts that information or data into a code, which then works to prevent unauthorized access. A common example of this process is the one used when you make an online purchase. Once you enter your payment information onto an ecommerce website and it has been approved, your information is encrypted before it is stored on the website. When you later go back to the website to make another purchase from your account, your information is ready to use.
3. Improve cybersecurity with two-factor authentication
Two-factor authentication adds an extra layer of protection to logging into a website. After a user inputs the required login and password, an extra step is initiated to ask the user for another piece of information that only he or she would have. For example, a text message with a one-time code may be sent to the user’s phone, which is tied to the account. Two-factor authentication is very important for data breach prevention if your business has devices that go in and out of the office, such as tablets or laptops, making sure they are secure in the event they become lost or stolen.
4. Malware detection software on both servers and workstations
Each workstation inside your business, as well any servers, need to have malware detection software installed to help with data breach prevention. The detection software prevents malware from being installed. Malware can be hidden in a variety of formats, the detection software helps scan each item to ensure its safety. There are a variety of different software packages available for businesses, depending on the level of security needed.
5. Perform regular vulnerability checks
It’s critical that you perform regular vulnerability checks to minimize the risk and prevent data breaches. For example, it’s important that firewall configurations be reviewed regularly with penetration testing, to make sure only trusted networks are given access. Software updates may also vary with your malware protection software. There are programs that can run regular checks, or you can look to a third-party IT company for assistance. It’s also important that you continue to test and train employees through phishing emails to ensure they stay vigilant.
6. Require frequent remote data backups
Whether routinely completed on the cloud or on an external hard drive, remote data backups ensure that your data is stored securely. A routine backup allows you to have a reference point if your data is breached in the future. Most backup providers allow you to pick the frequency of the backup, time of day it occurs, and what level of information detail you would like to store.
7. Have a disaster plan ready in case of a data breach
Protecting your business against a data breach is an ongoing process. Under the Michigan Identity Theft Protection Act, in the event of a data breach that is likely to cause harm or result in identify theft, a business must provide a notice of the security breach to each affected Michigan resident, customers and vendors affected by the breach, as well as consumer reporting agencies. Keep in mind, the notifications must be precise and meet certain statutory requirements.
Unfortunately, even with planning, a cyberattack can still happen. Be prepared by having a disaster plan ready, and be sure to include the proper steps for employees to take both during and after an attack. Review the plan as an internal team frequently to ensure that everyone has a clear understanding of timelines and responsibilities. Time is of the essence during a data breach, and having a disaster plan prepared will make that stressful time more efficient.
To learn more, contact an attorney at Fraser Trebilcock at 517.482.5800 or by clicking here to fill out this form on our website.
A critical overview of laws and regulations governing businesses of all sizes.