CNA’s most recent blog post, Everyone Is a Potential Target for a Cyber Attack: 5 Critical Steps to Protecting Sensitive Data covers five steps that every company, regardless of size and industry, should take to better protect themselves from cyber-attacks.
The five key steps to strengthen a businesses risk management strategy are outlined by CNA’s David Hallstrom, director of Information Risk Insurance.
- Perform a risk assessment. A critical first step in enhancing your data security is to identify system vulnerabilities and understand how your data is managed and secured. You should have a thorough inventory of the kind of information you have, how much of it you have, and where you have it.
- Educate your team. Everyone is accountable in managing cyber risks, including temporary workers and contractors. Implement a sound internal communication and training strategy on the protection and proper use of sensitive data, including how to recognize and report security threats. Integrate cyber security into employee orientation, with an emphasis on the consequences of sharing passwords, falling for email phishing scams, exposing laptops and USB storage devices to theft, and otherwise neglecting to observe data security policies.
- Know your vendors. When entrusting personal information to third parties, implement reasonable measures to ensure they have the capacity to protect this information. This means selecting only service providers that are capable of maintaining safeguards for personal information equal to or better than yours, and contractually requiring them to maintain such safeguards. You should also require your vendors to show proof of insurance to provide you with protection if they are the cause of loss.
- Address portable devices. Accidental loss and theft of laptops, smartphones and tablets are leading causes of compromised data. It is crucial to encrypt these devices to render the protected information unreadable and unusable in the event of a breach.
- Make sure you’re properly covered. Insurance is an important weapon in this war. According to the Ponemon Institute, the average security breach costs organizations almost $200 for each record that’s stolen, or about $5.5 million for the typical company breach. A claim that size could cripple a business without adequate insurance coverage. Ideally, it never gets to that point.
Additionally, Hallstrom added that “developing an effective plan to identify possible exposures and measures to minimize risk is vital to the success of any business. The potential consequences of a single data breach can range from sizable monetary penalties and negative publicity to the interruption of daily operations and loss of public trust.”