The news on hacking, data breaches, and the state of cyber security is largely gloomy. Consider that a record number of companies dealt with significant data breaches last year and that the cost per compromised customer record keeps going up.
Indeed, research by the Ponemon Institute reflects a reality of data breaches that borders on inevitability. But all hope is not lost! Getting a flu shot isn’t absolute protection against the flu, but it’s still a smart preventative measure that can help even if the worst happens. Having the right controls in place to ward off a data breach is similarly wise.
Train your staff — The hacker stereotype of shady foreigner or maladjusted teenager may be true in some cases, but increasingly, data breaches are occurring because well-meaning, untrained staff inadvertently take simple actions that cause complex problems. Clicking a link in a phishing email that appears to be from a vendor or colleague can expose your systems to viruses and or worse. Train new AND current staff in email protocol and password best practices. Reinforce the training with quarterly refresher sessions and encourage staff to be vigilant about anything digital that seems even slightly unusual. Use the concept of “if you see something, say something” to create a culture where it becomes everyone’s job to help prevent a data breach. Your IT department can’t do it alone.
Get expert advice — Cyber security is a field that changes rapidly, with new threats emerging in almost real time. Most organizations need to supplement their in-house tech staff with outside expertise. This doesn’t have to mean hiring high-priced consultants. For example, Chubb offers customers its eRisk Hub, which contains a wealth of best practices on network security and data breach prevention.
Make sure you’re covered — When you’re caught in the rain, it’s much better to have an umbrella, but you’re quite likely to survive either way. In a data breach storm however, having comprehensive cyber liability protection can mean the difference between a company’s life and death. These policies help manage cyber risk by providing liability coverage against third-party (hackers) and first-party (insiders) data breaches. Depending on the breadth of your policy, they will cover your legal liability, income lost from business interruption, and help with other expenses such as public relations fees. Data breach costs are substantial, an average of $145 per record last year, up 9% from 2013.
Some cyber liability policies will also provide you with a network security risk assessment that can help you find and fix vulnerabilities before a peril occurs.
As with the flu, sometimes no matter what you do, you find yourself stricken with a data breach. But having controls and sound risk management in place will help take away the sting and quickly get your company back to health.