Setnor Byer Insurance & Risk
Small businesses spend a lot of time and money to protect their sensitive and confidential information, and rightfully so. Data breaches can lead to crippling, often insurmountable financial and reputational harm. Unfortunately, many businesses overlook the most basic security measures. Cyber criminals, for example, pose the biggest threat to data security, so most businesses focus almost exclusively on cybersecurity while paying little or no attention to physical (site) security. This can prove disastrous because sophisticated firewalls and advanced security software cannot stop someone from stealing a flash drive or paper file containing sensitive information.
According to the Federal Trade Commission, cybersecurity begins with strong physical security that effectively protects sensitive or confidential information in paper files and electronic devices (hard drives, flash drives, laptops, point-of-sale devices, etc.). The FTC offers the following tips for maintaining physical security.
- Store paper files and electronic devices containing sensitive information in a locked cabinet or room to keep them secure.
- Train employees to put paper files in locked file cabinets, log out of networks and applications before leaving and never leave files or devices with sensitive data unattended.
- Limit physical access to records or devices containing sensitive data to only those who need it.
- Keep track of documents and devices containing sensitive data so they can be handled accordingly.
To protect sensitive data stored on devices,
- Require passwords that are long, complex and unique.
- Require multi-factor authentication, like a password and a temporary code, to access sensitive information.
- Limit the number of incorrect login attempts allowed to unlock devices.
- Encrypt portable media, including laptops and thumb drives, that contain sensitive information.
Sensitive and confidential business data can be stolen online or onsite, so businesses must make physical (site) security a key component of their cybersecurity protocols. Since security measures aren’t always enough, small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches