The headlines almost feel commonplace at this point: “Data Security Breach at Company X."
We see it happen all the time, but what's really at stake?
Valuable data, both personal and corporate. Value associated with the integrity and trustworthiness of a brand. And money, lots of money.
In fact, according to the IMB-sponsored 2018 Cost of a Data Breach Study conducted by Ponemon Institute, the global average cost of a data breach now reaches $3.86 million. If that figure doesn't encourage you to protect your company's data, I don't know what will.
But you already knew you need to focus on your business and data security, right? Let's examine several sound strategies to ensure your company is as safe as you can make it.
1. Use and maintain good antivirus and spyware protection.
This one's simple as can be, but there are companies that just flat out fail on this data security strategy.
Buy the product.
It's that simple.
There are many good options: Avast, Symantec, McAfee and AVG are just a few. If you have a computer, you need antivirus and spyware protection.
2. Make data security part of your company's culture.
Real, comprehensive business security depends on two factors:
- You making it a priority as the head of your company and
- You getting buy-in from your entire staff.
Sure, you can establish security policies and procedures, but unless you sell the importance of data security to your staff, they're just going through the motions.
Connect the dots between data security and the health and security of your business. Make it clear why data security is vital for every member of the organization.
3. Back your information up.
If your company's computers or mobile devices are hacked, it's not just the financial and personal data that's at risk. You also risk losing all your files and history.
Just take a moment to imagine everything you'd have to do to reconstruct if you walked in tomorrow to find files wiped clean. Think of the labor. Instead of kicking yourself for not backing up your information...
Back. It. Up.
I set Word and Excel files to automatically back up to the cloud and we do regular, system-wide physical backups as well. Best-case scenario, you'll never need that backup.
If you do, though, you'll be glad you took business security seriously.
4. Establish role-based access.
Even if your company is small, you need to think about which employees need and should have access to what information. (Your personnel files, for example, shouldn't be accessible to everyone, and access to bank accounts must be limited.)
Don't forget to manage security on devices employees use to access information from home or on the go.
But there's more to genuine business security than making sure only certain people are authorized to sign checks. Who has access to IT data? Who can access client information? What parts of your computer infrastructure can each employee password provide access to?
These important questions get at the heart of this strategy. Make sure information and access is available to only the roles that require it. And one more thing related to access: For heaven's sake, don't forget to change passwords and revoke access for employees who leave the company.
5. Focus on physical devices and remote access.
So you've got amazing antivirus software. You've emphasized just how important data security is, and you've got your employees on board. Don't forget to manage security on devices employees use to access information from home or on the go.
Laptops, tablets, mobile phones… Even if they're not company property, if they can get into your system, you need them to be secured. Take the extra step of purchasing antivirus software for your staff to help ensure your data security is intact.
6. Perform a data risk assessment.
Maybe you think you've got it all locked down. Maybe you're not really convinced you need to lock it down at all. Or maybe you're looking to get buy-in from investors or partners to spend the money on data security. A data risk assessment can be a valuable tool, identifying vulnerabilities and helping you manage and mitigate risks.
Your business may or may not require a data risk assessment, but it you're on the fence or having trouble selling the expense for proper business security, then the assessment can be the tool that encourages action.
As a business owner, you shoulder big responsibilities—to your family, your employees and your investors. One of those responsibilities is the security of your company's data. Protect yourself and your company by taking data security seriously.
Read more articles on cybersecurity.
Photo: Getty Images