Cybersecurity preparedness for your business
As we increasingly rely on technology, what can you be doing to ensure your company is protected?
In the 25th episode of our Sharing Knowledge Series, host Kevin Vonderau sits down with David Howard and Brandon Pauley to discuss the proactive steps your business can take to protect your data, privacy, and mitigate threats and disruption to your business’s operations. David is the director of technical services at V2 Technology, Brandon is a partner at the Brennan Manna Diamond law firm, and Kevin is our chief lending officer.
Below are some of the highlights from the discussion with Brandon and David.
The most common types of cyber-attacks you should be aware of
Cybersecurity breaches that involve individual users, such as business email compromises where an employee accidentally provides confidential information to a bad actor, are the most common type of cyber-attack companies experience. There are also instances where someone unauthorized gains access to systems and company-wide data. When it comes to cybersecurity breaches caused by individuals within an organization, this is where Brandon stresses the importance of having educational training and written policies in place to protect an organization's data and systems. Organizations looking to implement best practices can turn to resources like National Institute of Standards and Technology (NIST) for the most up to date recommendations.
Don’t panic, have a plan
"If we have an event, how would we respond to it?" is the main question organizations should be asking themselves, David says. By thinking through the different scenarios that could potentially arise, organizations can have a gameplan in place to limit the damage from a cybersecurity breach. By having a playbook for employees to follow and educating them on the steps to follow in the event of an incident, they’ll be less likely to panic and make the situation worse than it has to be. "Preparation is key. The only way you don’t panic is if you’re prepared for the incident and prepared for the aftermath,” Brandon adds. “It’s not what happens in the five minutes after you find out what the incident is. It happens in the months and years before that incident to ensure your organization and people are prepared." Part of being prepared is having a cyber insurance policy, which has become a much more cumbersome process to qualify for in recent years as threats are on the rise. It’s critical that organizations are proactive about finding the right insurance policy before it’s too late.
Vendor management – knowing your cyber position
Organizations should have a thorough understanding of what they are agreeing to when signing a contract with a vendor, Brandon reminds us. He notes that just because an organization isn’t directly involved in a particular industry, it doesn’t necessarily mean they don’t have to adhere to other industry standards. For example, even if an organization is not a hospital or medical provider, it still might have healthcare-related cybersecurity implications that need to be addressed. This means if an organization has formal affiliations with other businesses in the medical field, that organization’s cybersecurity needs to be in line with the requirements of that industry. This isn’t just in an organization’s best legal interest, but also in the best interest of being a good community partner that’s protecting data that it’s been entrusted to handle, Brandon adds. For these reasons, small business should take the time to assess the history and cybersecurity practices that each of their vendors have in place.
Implement remote work tools and protocols
The rise of remote work, in recent years, adds additional cybersecurity concerns for employers to consider. David advises that companies with a remote workforce think through the implications regarding:
- The devices that employees use to work at home
- The network connection used by employees in their homes to connect to the company’s network
- The VPN or remote access tools employees use to securely conduct business remotely
Implementing cybersecurity measures can seem like a daunting and complex task, but Brandon keeps things in perspective. iPhone users, for example, have become accustomed to using the biometric face-scan ID to unlock their phones. It’s now commonplace to have multi factor authentication when signing into both personal and business accounts. Ultimately, cybersecurity measures for businesses aren’t much more complicated than everyday security features.
Call your lawyer first
"You should call him first," David says in reference to Brandon. David believes that while technology experts might be aware of a cybersecurity issue first, turning to the legal team should be prioritized in the event of a breach. When a business realizes there’s been a compromise, legal expertise can help significantly curb technological costs by advising what to do in this scenario.
Collaborate with trusted and proactive partners
Safeguarding sensitive data, critical infrastructure, and personal privacy hinges upon a proactive approach to cybersecurity. By assembling a knowledgeable team of advisors and consultants, small businesses can tap into a wealth of expertise to navigate the landscape of cyber threats. These experts provide invaluable insights, recommend best practices, and create tailored strategies for companies to strengthen defenses and ensure readiness and resilience in the face of ever-adapting cyber challenges.