You read the headlines and hear how cybercrime has become a real threat to consumers and businesses. For example, CSO recently reported the biggest data breaches of the 21st century, and the companies impacted were huge: Equifax, Yahoo, Home Depot, and Target, just to name a few. To protect data, more has to be done.
And, it appears that cybercrime will continue growing. A roundup of statistics by CSO predicted “cyber crime damage costs [will] hit $6 trillion annually by 2021.” As a result, companies are expected to spend more than $1 trillion between 2017 and 2021 trying to fight it. Yet despite the investment, the same article estimates that global ransomware damages will exceed $5 billion in 2017 alone.
With those figures in mind, you might be wondering how you as a small business owner can hope to protect your company’s data, including email data, when even large enterprises are becoming victims of data breaches. You probably don’t have anywhere near the amount of money to throw at cybersecurity that they do.
Fortunately, there are still ways to protect your data that you as a business owner should start considering now:
1. Use an Email Encryption and Security Solution
Email encryption helps to ensure that your emails — and the vital business information they contain — will be read only by intended recipients. According to David Wagner, CEO of Zix, a leader in email data protection and advanced threat detection, “Hackers are developing more sophisticated attacks, but as we saw with the ransom threat faced by HBO in 2017, they’re also evolving their business model to steal corporate information with even more value than customer data. Companies need to re-evaluate and prioritize the security of data that is most critical to their success and growth, whether it be intellectual property they’re storing in the network or confidential corporate information they’re communicating in email.”
Modern email encryption solutions are easy to use and seamlessly integrate into commonly used email platforms. No wonder financial institutions, health insurance providers, and hospitals are incorporating email encryption to protect data.
Consider using a service that also continually scans for suspicious emails and stops them from landing in your inbox. This prevents you or your team members from inadvertently opening and clicking on anything potentially harmful.
2. Establish a Security Policy and Conduct Due Diligence
To protect data, it goes beyond just relying on available software solutions. As Wagner further explains, “With a better understanding of their data’s value, companies then need to strengthen their corporate governance structure to regularly and consistently account for the security required for their systems, people, and partners. Ensuring your cloud providers are conducting assessments and exceeding security standards will enable you to protect all critical access points.”
Take the time to formalize any security strategies you use in your organization, even if you only have a few freelancers or a couple employees on staff. A formal security policy will let everyone know how to properly deal with company data.
In addition, do your due diligence with the companies you are using to store your data. Don’t just assume the cloud providers you have selected have your back. Ask them what they do in terms of security and how often they reassess their security standards. Even if you have to switch cloud providers to get the security you need, it’s well worth the investment.
3. Back Up Critical Data
If you haven’t added cloud storage as a backup location for your data, now is the time. When a computer or server is attacked by hackers, it is very likely that your data has been compromised, and you may need to reinstall your systems to maintain the integrity of your device. If you have not backed up critical data, it is possible that it will be unrecoverable.
Go a step further and ensure that your files are also backed up on one or two physical storage devices (such as an external hard drive). This is an ideal strategy for combating ransomware. With your data backed up both in the cloud and on physical storage media, you can tell those ransomware thieves a resounding “no” when they send their financial demands. Don’t forget to disconnect the backup device after you have stored your files. That’s because it can get attacked, too.
4. Keep Systems and Software Up-to-Date
When your computer or mobile device tells you there’s an update, don’t ignore it because you’re too busy to deal with it at the moment. Those older versions of systems and software you’re using are the ones the hackers have been practicing on. To combat the risk, it’s best to ensure your operating system and antivirus software programs are up-to-date. Security patches and updates protect your system from malware or ransomware. Think of those updates as additional walls you have erected that can decrease your likelihood of becoming the victim of an attack.
Select a time of the week to update all your systems when there are new versions available. Scheduling this activity each week makes it a habit and enables you to protect data.
5. Train and Educate Your Team
Many of the large data breaches, such as the one at Target, came down to the fact that the companies involved did not train their employees on security issues. They unknowingly aided the hackers.
That’s why education and training are as critical as any security technology you deploy. Cybercriminals use tactics that may look legitimate, so you’ll need to explain to your employees how these criminals operate and what to look for in terms of suspicious activity. Also, give those working remotely for your company an email security list of best practices. These include using strong password protections, changing passwords often, and checking network security. This is especially important when they use their own personal devices for work.
This is not just a one-off training session, either. Regularly hold learning sessions about harmful software, new security risks, and new software you are using to protect data. Be diligent about training and education!
An Ounce of Prevention Is Worth a Pound of Cure
All these security measures for protecting your data sound like a lot of work. Plus, you may risk upsetting staff with the limitations and restrictions. However, it is better to be safe than sorry. You don’t want to have to apologize to customers or other stakeholders about a data breach. And you really don’t want to apologize to your employees for having to shut down because you got hit with fines and penalties that have ruined your business. It’s that serious, and it’s worth the investment of time and money to protect data.