Malicious hackers and cybercriminals can often count on complacency and lack of awareness as their partners in crime. Fortunately, the month of October brings an opportunity for potential targets to reboot their attitudes about cybersecurity.
This October marks the 13th National Cyber Security Awareness Month (NCSAM). A coalition led by the Department of Homeland Security and the National Cyber Security Alliance has organized a series of live and virtual events aimed at informing and engaging the public. Each week will focus on a different theme, with Oct. 10-14 dedicated to cybersecurity in business.
The timing of NCSAM is advantageous. Trends and recent events suggest that no enterprise is too big, too small or too busy to ignore the potential threat.
Technology sharpens a double-edged sword
Information technology systems have revolutionized the way businesses connect with consumers, but digital commerce can also make sensitive data more vulnerable to prying eyes.
Think of the electronic paper trail left every time a consumer fills a virtual shopping cart or uses online bill pay. This digitally stored data can present a tempting target for hackers who sell personal information to identity thieves — credit card numbers, billing addresses and more. Hackers can also go after the company itself, in the form of its intellectual property and financial information.
Additionally, the growth of web apps and mobile platforms has created more "attack surfaces" for hackers to exploit. Businesses may be struggling to keep pace with all these technological advances from a security standpoint.
Signs of overconfidence despite troubling news
In February, a report on cyber crime against businesses estimated the yearly cost to the global economy at $450 billion. Cyber criminals have hit Oracle, Premier HealthCare and many other businesses this year. Although it wasn't revealed until two years after the fact, Yahoo announced in September that hackers had stolen data from at least 500 million user accounts.
Despite the grim news, research suggests that businesses may still run the risk of being overconfident about their vulnerability and under-invested in their protection. Recent surveys suggest a lack of urgency about cybersecurity in sectors including health care, finance and retail.
Strategies for responding to the threat
The good news is that businesses may be able to reduce their risk by taking some proactive measures.
Protect the company from the inside out
A company's employees may pose as much of a threat as outside aggressors, whether intentionally or through carelessness. A good starting point is to maintain training and education efforts for the workforce at all levels and consistently monitor data systems for irregularities.
Employers can also remind workers that cybersecurity is in their personal interest. The typical company's data storage probably includes employee information, such as Social Security numbers and bank account numbers used for direct-deposit payroll, in addition to customer data.
Remember that big names aren't the only targets
When you think of data breaches, companies such as Target and Home Depot probably come to mind. However, smaller companies may face an outsize risk. Hackers have been known to focus on small or mid-size businesses as entry points into the larger corporations they do business with.
Consider insurance as an added layer of defense
No security plan is foolproof, which helps explain why cyber security insurance has been growing in popularity in recent years. A cyber risk policy can help offset the financial fallout from a data breach, which may include legal liability and court fees, regulatory fines and the cost of providing affected customers with identity theft monitoring services.
Cyber security is worthy of year-round attention
National Cyber Security Awareness Month offers a prime opportunity for businesses to increase awareness and strengthen their defenses. The greater opportunity is for businesses to apply their learnings year-round.
Written by: Barry Bridges
Culled from: HomeInsurance.com
No comments:
Post a Comment