It’s a startling new reality. Cyber security attacks, which cause billions of dollars in losses every year, are on the rise. With more sophisticated, professional hackers aiming to disrupt a global brand, country or even an individual consumer shopping at their favorite store, shipping a package or doing their online banking, no one is immune.
Although medical records are today’s main cyber security commodity due to the vast amount of information found in the data, an emerging trend is connected devices or the “Internet of Things,” also known as IoT. Think of a smart home. We have now connected DVD players, microwave ovens, televisions, thermostats, refrigerators, and even cars to the Internet, making an unprecedented opportunity for hackers. In fact, research company Gartner predicts there will be 20 billion connected devices by the year 2020. Put another way, for every human being on the planet, there will be between two and three connected devices.
If you don’t think a refrigerator can be hacked, think again.
How is anyone, let alone a small business, able to protect itself from the onslaught of cyber threats and hackers? As a security professional, I see first-hand the malicious attempts and incidents we track on a daily and weekly basis. Protecting company and customer data must be the highest priority for organizations of all sizes and industries.
Here are the top five tips I’ve garnered through my experience developing CopperPoint’s corporate security strategy:
1. Education is Key
Unfortunately, people are the weakest link in cyber security, not devices. Employees need to be responsible for protecting a company and that means being vigilant. Educate employees on standard practices such as never opening an attachment from someone you don’t know or opening an attachment you aren’t expecting. We see innocent looking emails with malicious attachments every week. Employees are expected to send any unfamiliar or suspicious emails to our Help Desk or security team for investigation. A toll-free, 24/7 alert line and a breach response plan are also in place to counteract threats.
2. Fill the Toolbox
Utilize all the tools the cyber industry offers such as firewalls, anti-virus and anti-malware software. At CopperPoint, we utilize many pieces and parts to look at all our computer activity. We block foreign countries we don’t do business with, thereby only allowing internet providers from North America. This approach stops millions of attempted connections a month, a staggering amount for a company of our size.
3. Protect Your Passwords
You’ve heard it before, but password protection is vital. Change your passwords frequently and think beyond the standard eight characters. I suggest passwords at least 15 characters long. Rather than the street you live on or the names of your kids, pick a song lyric or line from a movie as a suitable password. I like KeePass, a free, secure site to keep track of all your different passwords.
4. Review Policies Annually
Ask all employees to read and be familiar with the company security policies you’ve created and update them annually. Our company, CopperPoint Insurance, holds a quarterly security awareness campaign throughout our offices to keep security top-of-mind. Posters, news articles and on-boarding sessions are simple, cost-effective ways to make sure employees are your best defense.
5. Get Insured!
CopperPoint is in the workers compensation business, but cyber security insurance is one of the fastest growing sectors in the insurance market. Did you know a company’s executive board members can be held personally liable if there is a data breach and they didn’t do enough to protect the company? It’s risky business, so make sure you’ve done everything you can to protect yourself and your company.
Cyber security attacks are not slowing down. Take the time to learn, understand and create strong policies to protect your company and your most valuable asset-your customers.
Dave Schroeder is IT Security Manager for CopperPoint Insurance Companies, a leading provider of workers compensation insurance and property and casualty insurance products. He is a Certified Information Systems Security Professional and a member of the Arizona Cyber Threat Response Alliance.