October is National Cyber Security Awareness Month (NCSAM), and raising cybersecurity awareness has never been more critical.
In fact, the U.S. Department of Homeland Security says cybersecurity has become one of the most important national security priorities.
The worldwide web of computers, data and websites is now an integral part of day-to-day life – from banking, shopping and keeping in touch to business conferencing, inventory control and sales. But being constantly connected increases the risk of fraud, theft and other crimes, with finances, identity and privacy all at stake.
In the workplace specifically, the 2015 Cost of Data Breach study estimates that data breaches cost U.S. organizations an average of $6.5 million.
Despite this, the 2015 Annual Shred-it Security Tracker Survey shows that information security is still a declining priority among American businesses. Here’s what you should know:
The risk of a data breach is huge. The Ponemon Institute has shown that more than 78 percent of organizations had experienced at least one data breach over the previous two years.
Your data is more valuable than you think. Cyber thieves are after personally identifiable information, intellectual property, authentication credentials and insider information. They also look for access to your supply chain.
Information security is the law. Privacy laws and legislation require that all businesses protect the private information they collect and create. Failure to comply can result in huge financial losses, including fines and lost business.
Information security is an ongoing investment. Small businesses face the same cyber threats as large enterprises, but more than 40 percent don’t have adequate IT security budgets, according to a 2013 Ponemon survey of IT practitioners in small businesses. Protection includes firewalls, antivirus software, anti-spyware programs, intrusion prevention systems and gateways. Keep it all updated and current.
Document management is key. “We only collect what we need and delete it as quickly as we can,” said a small business office manager in Texas. The Federal Trade Commission recommends creating an inventory of private documents (in paper and electronic form) and a secure storage and disposal system for both too.
Employee negligence is a huge risk. Educate employees about all the different ways they can protect information in and out of the workplace – for example, don’t open unknown attachments or leave their computers unattended. The 2012 Trend Micro-sponsored Ponemon Institute Study on small business security risks recommends policies for the use of social media and personal email, as cyber attacks often start there.
The mobile workforce needs security guidelines too. Research shows 56 percent of employees often store sensitive data on their laptops, smartphones, tablets and other mobile devices. A data breach may occur if devices are lost or stolen. A data security plan must include mobile device protection.
Use regular security audits to assess security issues. The Security Tracker found that almost half of small business owners surveyed do not conduct regular audits of their security protocols, while three in 10 have never even performed an audit.
You can find more information on creating a culture of security in your organization here. For more information security tips and to learn how to create a culture of cybersecurity in your organization, follow along during the #ChatSTC Twitter chat this Thursday, Oct. 8, at 3 p.m. EDT/noon PDT.
About the Author
Shred-it is the world leader in document destruction providing services around the world to customers who value the protection of their information, their reputation, and the environment. For more information visit shredit.com.