With the enormous amount of sensitive information stored digitally, companies need to take appropriate measures to ensure this data is not compromised. Ultimately, it is the responsibility of business owners to protect their clients’ data. Understanding the risks involved with data security can help you prevent a privacy breach.
Know the Risks
The first step in protecting your business is to recognize types of risk:
- Hackers, attackers and intruders. These terms are applied to people who seek to exploit weaknesses in software and computer systems for their personal gain. Their intentions are usually malicious and their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to damaging activity (stealing or altering a client’s information).
- Malicious code. This is the term used to describe code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.
- Viruses: This type of code requires that you actually do something before it infects your system, such as open an email attachment or go to a particular Web page.
- Worms: This type of code propagates systems without user interventions. They typically start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers.
- Trojan horses: Trojans hide in otherwise harmless programs on a computer, and much like the Greek story, release themselves to cause damage. A popular type of Trojan is a program that claims to speed up your computer system but actually sends confidential information to a remote intruder.
IT Risk Management Practices
To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions use industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:
- Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, their importance to the organization and the data stored and processed.
- Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems, the facilities where systems are stored changes or other conditions occur that may affect the impact of risk to the organization.
Due Diligence When Selecting an ISP
Your organization should take precautionary measures when selecting an internet service provider (ISP) to use for company business. An ISP provides its customers with Internet access and other Web services. In addition, the company usually maintains Web servers, and most ISPs offer Web hosting capabilities. With this luxury, many companies perform backups of emails and files, and may implement firewalls to block some incoming traffic.
To select an ISP that will reduce your cyber risks, consider the following:
- Security – Is the ISP concerned with security? Does it use encryption and SSL to protect any information that you submit?
- Services – Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
- Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
- Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that their services will be unavailable, does it adequately communicate that information to its customers?
- User supports – Are there any published methods for contacting customer service? Do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
- Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
- Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?
Protection is our Business
Contact your broker today to ensure you have the proper coverage to protect your company against a data breach.
© Zywave, Inc. All rights reserved