Insurance Blog Header Image

How to Protect Your Company from a Data Breach

January 23, 2019

With data breaches happening at a rapid pace, it’s vital to make sure your business’s data is secure. If your data is not secure, you are opening yourself to a tremendous amount of risk. While a Cyber Liability insurance policy can help in the event of a data breach, it’s best to avoid one in the first place. Let’s take a look at some things that can be done to help minimize the risk of a data breach.

Educate Employees About Their Role In Securing Data

Securing company data should be every employees’ responsibility. But it’s important to remember, you’re only as strong as weakest point. That’s why it’s important to build awareness throughout the company on the importance of cyber security company policies. Exact company policies will vary by company, but here are some to consider.

  • Keep only the data you need. Having large amounts of data that aren’t used by the company is opening you up to needless risk. Know what you keep and where you keep it.
  • Keep physical files and records locked and restricted to only the employees that need to have access to them.
  • Always destroy before disposing data. For physical files, you’ll want to cross-cut shred and use a service to completely destroy CDs, DVDs, or external storage devices. For digital files, deleting or formatting hard drives is not enough. You’ll want to use software designed to permanently wipe data from drives or physically destroy the drive itself.
  • Make sure employees are never allowed to use personal email addresses or storage account for business use.

Protect Data At Your Workspace

One of the most likely places of a data breach is your workspace. When you step away from your desk, always make sure your sensitive business information is not easily accessible. For physical papers make sure you either bring them with you or you lock them away in a file cabinet.

For data on your computer, make sure you lock it when you are not actively using it. Also, while traveling with things like a company laptop, make sure your computer is never out of site and you do not join public wifi networks. Password Management and 2 Factor Authentication Having the same passwords for multiple services or having them shared throughout the company is very risky. Additionally, using strong passwords and changing them regularly makes it harder for thieves to access information. The best way to institute a password system is using a Password Manager. A password manager helps you securely store unique, long, and complex passwords for each service your company uses. We recently posted “How You Can Use A Password Manager to Protect Your Data.” Check it out!

For added security, it’s highly recommended to use 2-Factor Authentication (2FA). 2FA means you need two ways to prove who you are. This is traditionally done by using your password as one factor and then a one-time code texted to your phone or supplied through a 2FA app like Google Authenticator. Using 2FA is especially important to help prevent Phishing schemes.

Phishing Scheme Awareness

Phishing is when a hacker tries to appear as a trusted source in order to get you to give them sensitive information. Hackers do this mostly through email and phone calls trying to get credit card numbers, identity documents, passwords, company information, or even gain control of your computer. The best way to protect yourself is to not respond to or open suspicious emails. Before you open an email or respond to any requests to download files or click on links, make sure that it:

  • Comes from someone you know.
  • Is something you were expecting.
  • Does not look odd.

When in doubt contact the company directly using publicly available information to confirm their request.

Taking all of this into consideration can greatly reduce your chances of having a data breach. If your company doesn’t currently have a cybersecurity policy a great place to start is with the FINRA Small Firm Cybersecurity Checklist. This checklist, made by the Financial Industry Regulatory Authority, will help you “identify and assess cybersecurity threats, protect assets from cyber intrusions, detect when your system and assets have been compromised, plan for the response when a compromise occurs, and implement a plan to recover lost, stolen, or unavailable assets.”