Cybersecurity rules can sometimes seem like overkill, but it’s important to follow them to the letter to keep customers’ data safe.
“The result of data breaches can be costly, especially for small and midsize companies that cannot weather the costs and damage to their reputation,” says Steven Shapiro, a lawyer who has worked as chief privacy officer at a bank holding company and is now in private practice. “The cost can be in dollars lost in compliance to pay for the release of ransomware, loss of customers, dismissal of critical employees and in repairing one’s IT infrastructure.”
Here are four reasons why following IT rules is so important, every time.
1. It’s the Law
As technology advanced and it became easier to store — and disrupt — large electronic files, the U.S. government enacted legislation to regulate the storage and sharing of information. For those in the financial industry, provisions in the Gramm-Leach-Bliley Act require financial institutions to have a written plan that describes how they protect nonpublic personal information of clients, past or present. These cybersecurity risk management plans must include risk analysis, testing requirements and periodic re-evaluation of safeguards to determine whether changes are needed to keep up with technology.
If your organization faces an investigation into a data breach, the organization’s cybersecurity risk management program goes a long way toward protecting it from legal action, says William Roberts, chairman of Shipman & Goodwin’s privacy and data-protection team. “Detailed, thoughtful and regularly updated policies can be used to demonstrate that a company has taken commercially reasonable actions to protect data and has not been asleep on the job,” he says.
2. You Are the First Line of Defense
While we all like to think we wouldn’t fall for a poorly spelled request for passwords or access codes, the fact is a lot of people do. It’s much easier for phishers or hackers to send an email that asks for information directly from an employee, rather than trying to break through an organization’s technical defenses — and it’s much more likely to get a response. A Verizon report in 2015 said up to 70% of cyberattacks used phishing or hacking techniques and involved a secondary victim, such as an employee.
“If you examine the largest data breaches, phishing scams and companies held hostage by ransomware in 2015 and 2016, technology did not protect the vast majority of these companies,” says Mike Baker, principal at Mosaic451, a managed security services provider. “In each case, data was breached due to hackers or phishers successfully exploiting humans — employees — typically at the edge of the network.”
3. The Rules Help Trace Breaches
If information is compromised, the cybersecurity risk management program can help determine how it happened and how to make sure it doesn’t happen again, experts say. When employees can access only those systems and data that they absolutely need to perform their jobs, and only through unique IDs and authentication, all activity can be traced to a particular user, Baker says. In the event of a breach, it’s easier to shut down, contain, determine how much information has been compromised and develop new policies and tech fixes to prevent a repeat of the breach.
“Each employee should have a unique access ID and should be authenticated using a strong password or passphrase, biometrics or a token device or smart card,” Baker says. Don’t share your passwords with anyone, and make sure you keep other security items safe in your possession.
4. Your Devices Create a New Point of Risk
More companies are allowing employees to use their own devices at work, but that makes cybersecurity risk management even more complex, experts say. “The proliferation of mobile devices like smartphones and tablets has also made the human element even more vulnerable because this area of security is often overlooked and is in fact, the weakest link,” Baker says.
Your employer may ask you to install a profile or management tool to add another layer of protection to the device, experts say. Follow the recommended protocols to keep information at your company safe.
If you’d like help setting up your SmartOffice security settings or want more information about all the ways SmartOffice keeps your business safe reach out to us anytime!