3 Critical Cyber Security Measures
Be honest, have you ever found yourself saying that? Chances are you have and, naturally, this article will tell you why you need to pay attention to what is going on in the cyber security world. Last year, I attended a Cyber Risk Seminar and learned that 69% of data breaches occur from a negligent insider (or former insider). That means someone inside your company either clicked a bad link, emailed a virus or unknowingly allowed a hacker into your computer system.
Before discussing the ways to minimize your cyber liability, I want to highlight a few areas of exposure that every tree service has. As with any exposure to loss, there are internal and external risks that a business faces.
External Cyber Risks
1. Transmitting a Virus to a Customer/Vendor – Tree care companies rely on email to communicate with their customers and vendors. Email is the most efficient method of communication and also presents the easiest way for your company to be liable for a cyber breach. If one of your employees sends an email that contains a virus to a customer or, worse, your entire customer database, you could be facing a huge unexpected expense. It costs anywhere between $100 – $350 to remove a virus from an infected computer and that cost does not include if any personal data was compromised or any business shutdown occurred because of it.
2. Customer’s Personal Data – Every tree service has some personal information from their customers. Names, addresses, phone numbers, email addresses and credit card numbers are all considered Personally Identifiable Information (PII) and is therefore information that must be protected from a data breach. If a hacker gets into your computer system and gains access to this basic customer information, you will be responsible for notifying the customer of the breach and providing credit monitoring for one year.
In 2016 the average cost for a data breach was $158 per record – How much would a breach cost your business at that price point?
Internal Cyber Risks
1. Employee’s Personal Data – When hiring someone onto your team, there is a lot of personal information that you gather – Social Security numbers, birthdays and driver’s license numbers, to name a few. Do you have a direct deposit payroll system set up? If so, your employee’s bank information is in your system. As the business owner, you clearly have a responsibility to protect your employee’s data. What would happen to your employee loyalty if you failed at keeping their information safe?
2. Business’ Computer System – Interruptions seem to happen fairly often when using technology for your business. Sometimes the internet goes out due to a cut wire down the street. Your phone system may suffer a break in service due to something on the provider’s end. Those are out of your control, however, what you can do something about is your internal business system. Is your computer network backed up in the cloud or off-site? What would happen if your system got hacked and held for ransom from a cyber-attack?
Now that you know the common cyber exposures that all tree services face, here are three areas to focus on to reduce the chance of a cyber liability event. Implementing these changes can reduce your chances of a breach by almost 70%!
1. Inbox Security – Studies have shown that 93% of all computer hacks begins with email phishing. Email phishing is a tactic that hackers use to get the email user to click an infected link embedded in an email to gain access to their system. These can be specific to an individual and look VERY similar to an email that you would get. I’m sure you have received these before but may not have even realized it – an email from UPS about a package delivery or that your Amazon order needs more information. They look very real and ask you to take action by clicking the link included in the email to resolve the issue. Once you click the link, your system is compromised. Working with a proactive IT company will help you get the proper email controls in place to limit the phishing attempts on your employees.
2. Browser Security – The next part of cyber security is enabling the proper security features on your internet browsers. This can again be controlled by your IT firm and will help you restrict access to potentially damaging websites. We’ve all heard stories of how one employee used a work computer to search for something that wasn’t work related and the shady website that was viewed infected the computer and it spread to the other networked computers. Tighten up what sites can be opened and this exposure disappears.
3. Employee Behavior – Training employees on what to look for from a phishing attack or questionable website is the best way to limit the accidental “oops, I shouldn’t have opened that email.” In our agency, we signed our employees up for a six part training on email phishing. As the owner of my company, I need to do whatever I can to make sure my team understands how these schemes work so we don’t cause a data breach.
The world of cyber security can be overwhelming, however, if you focus on these three simple areas, you will drastically limit your exposure to a crippling data breach.
For more information on how to properly protect your business against a cyber event, contact our agency.
Written by: Eric Petersen