Let’s face it: no one likes to think about bad things happening to them, much less plan for them. Disasters can include natural causes but incidents can also happen due to cybercrime or employee mistakes. Since September is National Disaster Preparedness Month, we want to give you a quick “brush-up” on some simple things you can (and should!) be doing to protect your business.
Consider how your organization would respond or be protected from the following:
- If you had a rogue employee or staff mistake that led to the disclosure of “sensitive data”, how would your organization respond or comply with Arizona and Federal regulations?
- If a bad actor gained access to your system and used a specialized program (keyloggers) to track what you type when logging into your bank account, how would your organization be reimbursed for the unauthorized transfer of funds?
- If you or an employee opened an email or attachment that contained ransomware and this ransomware spread throughout your network encrypting your servers and data so you can’t access applications and files to run your business, how would you pay the Cyber extortionists the money they are looking for in order to decrypt your files to get your business back up and running?
Here’s a checklist of some easy first steps to get started:
- Review Your Business Insurance Carefully. Most businesses carry some type of general liability insurance that would pay them if their building and the things in it were damaged. However, many businesses do not have enough coverage to replace all the computer equipment and devices, desks, art, supplies and other things they’ve accumulated over the years that are housed in their office. Make sure you review your policy every year and keep in mind new additions and assets you’ve accumulated during that year.
- Get the Proper Cyberbreach Insurance Coverage. Any company that handles, maintains, or processes Personally Identifiable (Driver’s license numbers, Social Security numbers, dates of birth, email addresses and more) or Protected Health Information needs their own CyberBreach Insurance to protect the organization. The policy will protect against claims arising from Ransomeware, a rogue employee, a staff mistake, a phishing attack, theft of hardware, lost or stolen devices, and other causes. As you do your annual check-up on your preparedness, be sure to review the policy coverage amounts to ensure your policy meets your risk preparedness.
- Consider Cloud Computing. One of the biggest advantages of cloud computing is that your data and assets are stored off-site in a highly secure, high-availability data center, with failover and redundancy built-in. That means that if your building were destroyed and you had to evacuate, or if your server melted down due to an unexpected hardware failure, everything you’ve worked so hard to create over the years is safe and not a sitting duck in your unsecured closet or server room.
- Secure Your Data. Making sure that your data is protected from theft is a never-ending battle you don’t want to lose. Companies that get hacked and expose sensitive client and employee data can face severe penalties, lawsuits and massive loss of credibility in the marketplace. Make sure you never have to send an e-mail to your customers explaining the bad news that a hacker accessed their info through you. Further, if you keep any sensitive information (even passwords to portals containing sensitive information) on portable laptops, phones and other devices, make sure you have a way of controlling and safeguarding that information.
- Write A Simple Disaster Recovery Plan. The key word here is “simple.” If your plan gets too complicated or difficult, you won’t do it. But at a minimum, think of the disaster that is most likely to happen and that would have a severe and negative impact on your company’s survival. Click here for more information on preparing a disaster recovery plan.
- Review Your Employee Internet Policy. With so many people “addicted” to Facebook and Twitter, it’s important that your employees know where the line is in what they can and can’t post online. We also recommend content-filtering software to block content and web sites you don’t want employees visiting during work hours.
If you would like a complimentary review of your plan, contact us for a consultation.