Is Every Business Breachable?

Why your business is likely failing when it comes to IT Security.

It doesn’t take much to see that businesses and individuals, alike, are increasingly falling victim to massive data breaches. The recent Equifax breach continues to raise questions around how vulnerable business organizations are to cyberattacks. On a daily basis, new reports of cybercrime are released for public record. Breach information compromising social security and credit card numbers, insurance information, bank data, and other personal or sensitive information are peppering headlines across the Philadelphia metro and news outlets nationwide.

Any data breach could compromise either (1) your business’ reputation or public trust in you, (2) your staff’s personal identities, or (3) your business’ coffers.

We are just lately realizing that past breaches are even bigger than originally suspected!

Remember back in 2013 when Yahoo had a massive data breach? Well, the company recently disclosed that the number of affected individuals was much greater than their first report of 1 Billion. In fact, 3 BILLION people were impacted. Yahoo simply called ‘their bad’ on a ‘minor miscalculation’ that tripled the amount of affected accounts!

If breaches in the last couple of years have taught us anything, it’s that cybercrime is becoming the most monumental problem for business. All your data is at risk at all times. Even if your business is taking steps to protect yourself, any partnering businesses may not.

Consumers are becoming increasingly aware and skeptical of companies that have been breached. The latest statistics show that nearly 80% of businesses fail within 2 years of an attack. Your chances of surviving an attack are pretty dismal.

There are some very simple things you should be doing to set up a first line of defense:

Know what information you are storing and where it’s stored—many of the major breaches, including Yahoo, failed to properly curate their sensitive information before their breach. As a consequence, it took them years to understand the extent of their data breach.

Just as you wouldn’t put every single document you’ve ever handled into a safe deposit box, the same goes for protected electronic files. Make sure you have what is classified or sensitive information in protected places on your network and that you know exactly where these locations are (i.e., avoid having diffuse file stores containing bits of sensitive info. Rather, keep sensitive files in discrete areas). Know what of your sensitive information is most valuable and keep priority over these parts being secured, monitored and stored (encrypted) properly.

If you were to get into an incident where there was a breach, you should be able to know what was accessed and when. Your IT Support team should be in control of your data to the point that you should be alerted if someone had even attempted to access sensitive files.

Keep your data clean—after prioritizing the most important data, your IT Support team should understand how best to keep that data sanitized. Maybe it’s simply eliminating former employee access to sensitive files. Or perhaps it’s limiting access of those files to your team. Maybe you need to update passwords regularly for those with access to sensitive files. The list of checks goes on, but my point is to understand and be confident that your most protected files are hard to access. By keeping a clean perimeter to your data, you are more likely to understand when unwarranted breaches are occurring.

Line up your defenses—single line defenses may have worked in the 20^th Centuries, but in the 21^st Century, multiple lines of defenses are critical to protecting your data. Simply having a perimeter—say, a firewall—is not sufficient nowadays from keeping data safe. Firewalls often give business owners false sense of security that their data is safe, even though their IT Support is neglecting to protect and monitor their network from multiple vantage points. IT Support should be detecting and mitigating risks from outside (and inside) attacks. Having security at every point in your network—down to every single switch—will make it hard for attackers to successfully breach.

If nothing else, what should you take from all of this?

If you’re remotely concerned about your individual or business’ cybersecurity, assume the worst and take the appropriate steps to protect yourself, your team and your business.

(1)    Get expert 3^rd Party security advice as to how to rectify business security issues and remediate outstanding issues. Very least, use an external audit to make sure your IT Support team is doing everything they say.

(2)    Inform your staff on how to protect their information (including sensitive business information) from phishing attacks. Your IT Support should be emphasizing immediate importance to identifying common attacks and preventing targets within your organization.

(3)    Have a business disaster recovery plan in place in case something happens. As we’ve seen above, one crucial part of being ready for cyberattacks is knowing how to respond when one happens. More often than I’d like to admit, businesses sit on attacks far too long. Being indecisive when it matters (when you’ve had a breach) leads to larger leaks and greater public scrutiny. Having a disaster recovery plan can remediate unknown consequences of a breach because you will have exhibited complete preparedness.

 October is National Cybersecurity Awareness Month. But cybersecurity does not stop in October!

While I want to make sure businesses in and around Philadelphia are secure in October, I also worry about your security in November through September as well. What I want you to start thinking about today, if you haven’t already, is: Are You Vulnerable To Attacks? Is My Data Safe? Am I Doing Everything In My Power To Keep My Business Secure?

If you’re concerned that your data might not be as secure as you want it or have concerns that your IT Support might be overlooking steps to protect your data, contact us TODAY for a free 3^rd party security assessment.