National Preparedness Month is happening right now. It’s the perfect time to take action for you and your community. It’s all about making plans to remain safe, and when disasters do strike, to keep communications going. September 30th is the culmination of NPM, with the National PrepareAthon! Day.
If a burglar sees your Facebook status that you are traveling on vacation and then enters your house, and takes $10,000 worth of valuables, it’s safe to say you as the homeowner facilitated the theft. This is no different than leaving your doors unlocked when you head to the store. This lack of attention to security is why crime often happens.
These lapses in judgement are akin to how human error enables data breaches. Even worse, for a small business, employee behavior accounts for a significant number of hacking incidents – and the costs of data breaches are tremendous.
A study from CompTIA says that human error is the foundation of 52 percent of data breaches. The CompTIA report also says that some of the human error is committed by IT staff. Funnily enough, it also points out that typically, businesses rank human error pretty low on the priority list of potential problems.
Some important things to remember:
- Security awareness training is crucial for employees.
- A strong incident response system must be in place.
- Appointing a CISO (chief information security officer) will also help.
The high price of human error can include lost or stolen mobile devices, slow notification of a data breach, a weak security structure and response plan, and lack of a CISO. To avoid these and protect your business, you should:
- Implement an aggressive security awareness training program for employees
- Develop a data breach response plan
- Implement strong authentication practices
- Use encryption
- Implement a data loss identification system
And all companies should take note of the following safeguards:
- Vigorously train employees in safety awareness that pertains to the “bring your own device” policy. Many data breaches occur when someone conducts business on their personal mobile device.
- Security awareness training isn’t just about telling employees the facts. It also should include staged attempts at a data breach (by hired white hackers) to see who takes the bait. This also includes staged attempts by people posing as vendors or other executives trying to gain access to sensitive information.
- Back up all data on a frequent basis, ideally on a local drive in combination with a cloud service.
- Computers should be replaced every two to three years. This will make it easier for businesses because the computers at this point will still be functioning.
The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”
#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Data security policies need teeth to be effective
Bottom line: If you have a data security policy in place, you need to make sure that it’s up to date and contains all of the necessary elements to make it effective. Here are 10 essential items that should be incorporated into all security policies: 1. Manage employee email Many data breaches occur due to an
- How Data Breaches happen and how to respond
Here’s four chief ways how data breaches happen: Illegal access to information or systems. Personal Identifying Information (PII) data can be illegally accessed via technology such as computer hacking or infecting computers with viruses, Trojans or worms—leading to stolen data or malfunctioning systems. An inside job. Employees (past or present) can commit data breaches. Also, an innocent
- Data Breach Response Planning 101
Don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, it’s time for you to develop a response plan. After all, a security system that’s impenetrable has yet to be invented. What’s even more, an amazing number of businesses don’t even have the best security system available.
- Mobile Employees Are a Security Risk
Not too long ago, the office computer filled an entire room. Now, it fills the palms of one-third of employees—those workers who use only the mobile device for their jobs. Security, however, lags behind in keeping up with this growing trend. This is the BYOD generation: bring your own device (to work). IT departments need to
- Sales Staff Targeted by Cyber Criminals
Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the