Are you CyberSmart? Review these important cyber-security questions for business owners
If you own a business, review these questions to learn whether CyberSmart can help your organization harden your systems, people and processes to make your business a tough target for cyber-crime. To discuss your issues, please call CyberSmart Law to schedule an appointment.
Q: Do you work with clients who are part of a regulated industry such as finance, utilities, or health care?
If so, hackers may consider you to be the weak link and the ideal path to getting their hands on your customers’ regulated information. If hackers do get credentials to access protected information because of a weakness in your organization, will it destroy your customer relationships and maybe your business?
Q: Do you have a designated person in charge of your business security issues?
IT experts now say that being the victim of data theft is no longer a question of “if” but rather “when.” Does your business know who the go-to person is in case a security incident occurs?
Q: If so, are they overwhelmed with the thought of a data breach?
Creating a plan or play-book for how to respond to information security threats, including having a short-list of experts to call for help, is invaluable when a fast-moving security incident is in progress. Are you ready?
Q: Does your company store sensitive information on web-based applications or in a cloud-like environment?
If so, do you have good contractual protections for the security of your information, and the ability to audit the security measures of your cloud provider?
Q: Are you in a highly competitive industry where employees are recruited by competitors?
If so, you should have an employee hiring checklist to assure they are not bringing inside information with them – and placing your business in line for a lawsuit from their former employer and your competitor. Do you have an exit checklist and procedures in place to take all possible steps to detect and prevent employees from walking out the door with your valuable know-how?
Q: What gives your company its competitive advantage? Who else is watching your special know-how? Is it valuable to your competitors or your clients’ competitors?
Don’t think that you won’t get hacked because you aren’t a Target, Sony, or a bank. Experts now believe that being hacked is inevitable for any business, big or small, particularly those that are not primed and looking after the security of their sensitive information. In fact, if you are a supplier for a large company that seems to be a likely target for a breach, you may be a hacker’s dream-target for a pathway into the systems that store your customer’s sensitive data.
Q: Do your employees know what “phishing” is?
If not, they could be your biggest security weakness, falling prey to sophisticated hackers who specifically target them to gain information that will help the hackers successfully infiltrate and steal sensitive information from you or your customers. Are your employees CyberSmart?
Q: Do your employees know how to spot suspicious activity? Are they aware that their Facebook posts might put company information in jeopardy?
Employee carelessness is overwhelmingly the major cause for data loss in any organization. Today’s hackers are patient and will use social engineering and social media to steal employee login credentials or ferret out vulnerabilities that they can use to access your systems and do damage. Are you prepared?
Q: Do you understand social engineering and how it can harm your business through your employees?
Social engineering is a technique used to elicit information from people. Most social engineering relies upon using a small nugget of information that makes the human target feel like the requestor can be trusted and, as a result, provide more information to the requestor. That information is then used to elicit additional information to further the bad actor’s goals. The process repeats until the bad actor has the information s/he is after. This can result in disclosure of trade secrets, confidential information, or information that will allow the bad actor to access your systems and gain access to your (or your customers') information. Are your employees trained to identify this?
Q: What are your vendors, subcontractors or ancillary service providers doing to protect the business information you share with them?
Best practices for vendor management include requiring your vendors, subcontractors, or ancillary service providers to utilize security measures to assure that your information will have protections for confidentiality, integrity, and availability at a level that you define, not them. Can your vendors show evidence that they are complying with the security levels you desire?
Q: Are your overwhelmed when you think about how to manage and secure your sensitive information?
CyberSmart Law can help you identify and prioritize sensitive information, sift through the systems and procedures you have in place to protect sensitive information, identify vulnerabilities, and create a plan that works in your environment to improve security. Are you ready to get started?
Q: Do you think breach or security breakdowns won’t happen to you?
In today’s dynamic IT environment, information security and IT experts no longer believe that it is possible to isolate and lock down your most sensitive information to prevent losses. Instead, they now believe that every company will experience security incidents; therefore, taking preventive measures to mitigate the impact of the now-inevitable security breach is essential. Can you protect your business and keep it up and running?