How to protect against, detect and act on a data breach at your business

Data breach: How to protect your tribal company

6 signs your business is about to have a data breach

Here’s some news that may keep you up tonight: More than 70 percent of cyber attacks target smaller businesses, resulting in a data breach and stolen data. And some 60 percent of hacked small and medium-sized businesses go out of business after six months. Add to this the recent news that the chips used in computers, phones and tablets all contain a major vulnerability flaw, and you’re facing a recipe for disaster. How can you protect against, detect and act on a data breach quickly to guard your company?

What are the six signs of an impending data breach?

1. You don’t have IT help and robust security software. It’s crucial in today’s cyber age to have someone, whether on staff or a consultant, to audit your risks, install software, monitor activity and ensure updates and patches are installed across the board. At the same time, it’s just as vital to subscribe to security applications such as those provided by McAfee or Norton. They’re inexpensive and run constantly in the background, checking for viruses, infected websites, malware and more. You need both: good security software AND IT help. It’s not an and/or.

2. Your employees are often in the field and/or use their own devices. If your team carries company data on their smart phones, tablets or laptops out in the field, they represent a greater vulnerability, particularly if they use unprotected WiFi hotspots such as those at a coffee shop or hotel. And even if they work in the office, if you allow them to use their own devices at any time, this can create security issues. Why? Because typically, our personal devices aren’t as well-secured as those at our company. That means it’s a good idea to install remote management software to create a secured entry point. Your IT point person can help monitor those extra electronic devices.

Related: Tribal laptop and mobile device security measures

3. Your employees aren’t trained in detection. We all know not to click on that link from the Nigerian prince who’s offering us millions, but what about links or attachments in emails that look OK? It’s highly recommended to bring in your IT consultant a couple of times a year to train employees on the latest threats and how to detect them.

4. Your turnover is high. Disgruntled employees sometimes take sensitive data with them – sometimes by accident; sometimes on purpose. They know all your passwords as well. Careful hiring procedures and all you do to promote employee satisfaction can help you eliminate this weak link to your cyber security.

5. Some of your computers or operating systems are old. Frankly, the older your operating system on each computer, the more vulnerable that computer is. Just one older computer can be the weak link for a hacker to enter your system. The fix? Instruct your IT help to ensure all computers run the most recent versions of Windows or iOS, and updates are uploaded, pronto.

6. You have no system for securing data. This is crucial for tribal governments and clinics. When you handle health, financial and other personal information, it must be secured. Not only that, but you’ll need procedures and policies regarding safeguarding this data: Who has access? How is it locked down? Once you’ve determined your procedures, be sure to train employees on compliance and proper safeguards, such as never leave the computer screen or program open when you walk away from your desk; never let another client be able to see someone else’s information, etc.

While many businesses have the proper security in place – anti-virus, malware detection, fire walls and data encryption, they stop right there, assuming all the protection they need is in place. However, this only represents maybe five percent of a data breach threat, said Thomas Koulopoulos in an Inc.com article.

Your next step is to assume a breach will happen. Now what’s the plan? “It’s even more important to have a plan that details how you will respond in the face of a cyber attack that includes unknown threats,” he explained.

By far the most damage done in a hack attack or data breach is because the company didn’t have a response plan in place. Those 60 percent of small-to-medium businesses that were hacked never recover, largely because they didn’t understand how crucial it is to have an “after the data breach” plan in place.

“It’s like putting a guard at the front door to ward of bank robbers without giving him or her training on what to do in the event of an actual robbery,” Koulopoulos elaborated.

What you need to include in a data breach plan

These steps are crucial to your plan, says Koulopoulos.

  • A “fully redundant system for accessing their applications and data, both live and online, as well as regular offline backups stored in multiple onsite and offsite locations.”
  • Cyber security training for employees. Make it detailed, make it ongoing, and make it high profile, showing that you consider it to be of utmost importance. Why? Because 95 percentof cyber attacks involve social engineering in some form – using people to voluntarily but unknowingly allow an attack to occur. It’s critical to train employees on how to avoid and recognize cyber threats.
  • Follow up the training with regularly scheduled simulations. For instance, you can create a phishing email to employees with a link that allows you to track who clicked on it, or include an attachment and track how many open it.

Related: Social engineering fraud: How to protect your tribal business

What about those latest Spectre and Meltdown bugs discovered in computer processor chips?

This issue is still so new that security experts are still weighing in on the matter. In the meantime, Microsoft, Intel, Apple and other tech companies are rushing to create patches to fix the vulnerabilities.

What do we know right now? So far, there’s no evidence that hackers have breached any websites using these bugs. But no doubt they will. So at the risk of repetition: Install all security updates directly from your supplier’s website(s) now. Don’t necessarily trust an email; go directly to their website to download the latest updates.

Cyber experts agree: It’s much easier to hack a website than to protect a website. Hackers are constantly getting more adept at breaching the most secure sites. That means the security landscape is constantly changing: You may be secure today, but not next month. It pays to constantly be on guard, adding software updates, changing passwords, training employees and planning for a data breach that you hope never happens.

Resources:

Hackers will try to exploit Spectre and Meltdown bugs. What you need to know.

9 Signs Your Small Business is About to Get Hacked