When it comes to data security breaches, things aren’t getting any better. According to Risk Based Security’s 2019 MidYear QuickView Data Breach Report, more than 3,800 data security breaches were reported in the first six months of 2019. More than 4.1 billion records were compromised. When compared to midyear 2018, the number of reported breaches is up 54%. The number of exposed records is up 52%.
Breaches involving big businesses make the headlines, but small businesses are at risk too. According to the Federal Communications Commission, every small business needs a cybersecurity strategy to protect their business, their customers and their data from constantly growing and evolving cybersecurity threats. The FCC has the following tips for small businesses.
Train Employees. Educate employees about data security. Establish basic security practices, policies and Internet use guidelines that include specific penalties for violations.
Protect Data, Devices and Networks. Using the latest security software, web browsers and operating systems can help defend against viruses, malware and other threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
Protect Mobile Devices. Mobile devices, particularly those with sensitive data or network access, can create significant security risks. Require employees to password-protect devices, encrypt data and install security apps to protect data on public networks. Implement and enforce reporting procedures for lost or stolen equipment.
Backup Sensitive Data. Require regular backups of critical data, including documents, spreadsheets, databases, financial files, human resources files and accounting files. Backup data automatically if possible, or at least weekly. Store backups offsite or in the cloud.
Secure Wi-Fi Networks. Make sure networks are secure, encrypted and hidden. Network names should not be broadcast. Routers should be password protected.
Limit Access and Authority. Employees should only have access to data needed to do their jobs. Employees should not be able to install any software without permission.
Passwords and Authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain access.
Data security threats have become a constant concern for small businesses. Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws.
Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.