from – azcentral.com – by Mark Pribish
Even with all the government, retail and health-care breaches of personal information in the news seemingly every week, we still need to hear and be reminded of the critical basics of managing cyber – and ID-theft risks.
Every business and industry likely has varied ID-theft and cybersecurity needs. Regardless of the information you collect, transfer and receive, here are my five critical basics I recommend every business should be doing:
- Create an information-security and governance policy.
- Put your information security and governance policy into a written plan.
- Update plan annually and on an as-needed basis when major threats are revealed.
- Test your policy annually, including penetration testing and a simulated data-breach event.
- Annual employee education should be the No. 1 priority. Individuals, not hackers, are the cause of most data breaches.
Once you complete these five critical tips, you’re not done. For example, if your information security and governance plan is two years old, chances are your business is five to six years behind the cyberthreat cutting edge.
In addition, your plan should include an information-security and governance committee – where department heads and not just “IT” are helping lead the information security policy and planning. If you own a small business, then you should include business partners and/or key employees to support your information-security objectives.
Managing your company’s cyber -risk depends on your staying up to date on current and future threats and trends.
What’s a recent example of the current threat landscape? According to Krebs on Security, “The FBI has warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.” According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.
Another trend that I have personally seen with business clients (and consumers) – especially small- to medium-size businesses – is the general complacency of business owners and employees concerning information security.
Whether it’s online risks or risky behavior including phishing e-mails, smartphones, social media, the use of public Wi-Fi hotspots – both businesses and consumers are underestimating how vulnerable they are to today’s cyberthreat environment.
Do not follow in the footsteps of high-profile giant organizations that have been data-breached. A breach in your business – especially if it’s a small business – can be put you completely out of business.
Mark’s Most Important: Follow my five critical basics of ID theft and data breach threat and protections: Have a policy, plan, update, educate, test and be vigilant.