I recently received a letter from a medical group stating that my personal data may have been stolen as a result of a hacking attack. I’d been to this doctor once in only the past five years, but nonetheless, my personal information had been acquired by someone who was not authorized to possess it. Admittedly, I was not happy about it, but what could I have done differently? More importantly, what could the medical office done differently?
I was asked to speak to a local auditors’ association chapter about cyber crime. The focus of my presentation was how a business could be better protected in the event of a cyber attack. The news is full of stories about companies being hacked; from Sony to Target to the U.S. Government, even the most sophisticated systems are regularly being compromised.
One stunning item I discovered in my research was that many of the hacking events involved e-mails. Recipients often click on a link that can open the door for a thief to take your data. This results in not only data loss, but system infection from a virus or data corruption. Yikes!
As a business owner, there are steps you can take to help safeguard the data you are expected (and sometimes required) to protect:
- Be Proactive! Assume that you are a target for an attack. Check your internal procedures for maintaining and safeguarding data, and update your equipment and virus scanning software.
- Use passwords that include complex strings and expiration periods. Keep the thieves guessing!
- Have a data backup plan and a disaster recovery plan in place.
- Train your employees on internal policies and expectations for the accessing and handling of data. They need to know your expectations and guidelines for managing this valuable corporate asset.
- Monitor your internal processes – is your staff following your established guidelines?
- Utilize IT or system security personnel whenever possible to ensure the experts are helping you safeguard your data.
All business are essentially in the data industry, regardless of the type of company you are: a shoe store, a gas station, or a medical office. Failing to protect this asset can place your company, your customers, and your reputation at great risk.
The more vigilant you are about protecting your data, the less of a target your business and customers become. How are you protecting your business from cyber crime? Tell me your story below!