Many business people enjoy running a company in the digital age. They can take advantage of lower barriers to marketplace entry via the internet. There's also the ease in measuring marketing results, streamlined servicing of customers and lower employee and other operational costs. But there is one thing that is more difficult to do now than before—managing overall company risk. That's why it's important to formulate and constantly update business risk assessments.
In the past, a lot of information about companies, their employees and customers were either kept manually on paper or in a computer that was not attached to the internet. As a result, business risk assessments focused on physically locking up information in a desk, cabinet or specific location.
If it was stored on a desktop computer, procedures were put into place to consistently rotate the passwords of these devices. Stealing information on paper or hacking an individual computer, while not difficult, was time consuming and localized.
However, now that most companies' data are stored on the Internet through cloud service providers and individual smartphones (that are always connected to the Internet), almost all information a company has stored is repeatedly at risk.
The following areas are worth examining when formulating a business risk assessment plan to safeguard any company's digital assets. And remember, after any major incident, all business risk assessments need to be revisited, evaluated and revised.
Customer Data
Every company has collected a lot of vulnerable data: customer names, addresses and perhaps social security and credit card numbers.
It seems that hackers are always finding new and creative ways to stay ahead of the defenses implemented by companies. A business risk assessment should be done for all devices that can be connected to the internet including desktop computers, tablets and smartphones.
Possible solution: Products like Norton Security or McAfee can help guard against intrusions. But with so many devices connected from vast array of users, something is bound to go wrong.
Every company needs to have a plan to execute when their digital assets get hacked. This includes taking steps to get infected computers offline while things are being restored. Companies might be forced to reformat hacked computers in the network and restore data with offsite backups. In rare instances, brand new computers may need to be installed.
If passwords were compromised, additional complex procedures may need to be added when revising the company's business risk assessments to safeguard these access points.
Websites and Social Media Feeds
Part of a company's reputation is based on the information they share through their website and social media accounts. If anyone of these tools gets hacked and controlled by an outsider, it can be very detrimental to the business.
Possible solution: Determine how these resources are going to be constantly checked on at least an hourly basis. Companies like Sitelock and Trustwave can monitor and prevent malware from getting into a company's website.
There are also many free tools like Hootsuite and TweetDeck that can monitor all of a company's social media feeds in a dashboard fashion.
Backups
What happens when digital assets are hacked? The company needs to have backups of this data in multiple places to recover as part of their business risk assessments.
Possible solution: There are many cloud service providers, like Carbonite and Azure from Microsoft, that will provide off-premises backups. They need to be regularly tested before any incident actually occurs.
Staff Training
All of the best technical precautions can be taken, but there is still room for “user error" (e.g. an employee opens a malware email or clicks through to a suspect site). This is something that is easily left out of a typical company's business risk assessments.
Possible solution: Users need to be trained about what malicious attempts to infiltrate a company's computer network looks like. Hackers' tactics change regularly, so consider doing this training at least quarterly or when a new threat is identified.
Crisis Communication
When something does happen, companies must have an instantaneous way to communicate to their staff what happened and to explain the actions that are being taken to stop the problem.
Possible solution: There are crisis communication platforms that can provide this that won't be compromised by the current situation, like RockDove and Athoc.
Read more articles on cybersecurity.