It’s October and you know what that means – cybersecurity awareness month!
You know data breaches can be costly and time-consuming. But how do you protect your business against cyberthreats?
"...cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world." Ginni Rometty, IBM Chairman, President and CEO.
It’s that time of the year again – National Cybersecurity Awareness Month. This year, the Department of Homeland Security has broken down each week of October into a specific theme to educate the public on all things cybersecurity:
- October 2-6, 2017 – Simple Steps to Online Safety
- October 9-13, 2017 – Cybersecurity in the Workplace is Everyone’s Business
- October 16-20, 2017 – Today’s Predictions for Tomorrow’s Internet
- October 23-27, 2017 – The Internet Wants YOU: Consider a Career in Cybersecurity
- October 30-31, 2017 – Protecting Critical Infrastructure from Cyber Threats
Even if October wasn’t already dedicated to raising awareness about the importance of cybersecurity, this is the perfect time of year to focus on keeping confidential and proprietary information safe. It’s when, quite frankly, we can drop the ball on being diligent about the cybersecurity threats in the world due to the approaching holidays and planned time out of the office. This is part of the reason why more cybercrime attempts are made between November and February than any other time of the year.
Speaking of confidential and proprietary information, I’m sure you are fully aware of the Equifax cybersecurity incident (data breach) that was announced on September 7, 2017. The Equifax cybersecurity incident was one of the largest in U.S. history with approximately 143 million records exposed (you can visit the Equifax website for more information). That’s twice as large as the Target breach in 2013. According to the Identity Theft Resource Center (the industry watch dog that tracks and reports U.S.- based data breaches), nearly 1,100 breaches were reported in 2016…that’s a 40 percent increase over 2015 and the highest number ever reported. And unfortunately, 2017 is on track to surpass 2016 volumes.
Plus, data breaches can cost a lot of money. In the latest edition of the Ponemon Institute’s annual study titled 2017 Cost of a Data Breach Global Overview, the average cost to a company for each lost or stolen record is $141. However, in the United States, the costs are typically higher. Domestically, it can cost as much as $225 per record and the average total organizational cost is $7.35 million. In addition to the high cost, it takes time to identify and contain a data breach. On average, it can take 191 days to identify a data breach and 66 days to contain it. So if you are doing the math and counting the days, the Equifax data breach could continue to be a problem all the way up to almost the end of the year.
This is why during October, and throughout the year, businesses of all sizes in all industries should consider reviewing and implementing preventative measures to keep confidential information safe:
- The best defense is a strong offense. Make sure your company has cybercrime and incident response plans in place. These should cover items such as business continuity and resumption, disaster recovery and incident management. It’s critical to note that while having these plans in place is a good first step, preparation doesn’t end there. It’s just as important to test the plan(s) at least annually and make sure all employees have been properly trained.
- Use online security industry best practices when on PCs, phones, e-mail and social media. From a business standpoint, be as familiar as possible with your customers, vendors and employees. Anyone who makes a legitimate business request over email or online will usually be available, and will not normally be upset, to confirm his or her identity or answer security questions as it is for their own protection.
- Keep in mind there are several cybercrime threats impacting businesses around the world. Most of them are originated by malware infections through phishing attempts. However, each require diligence in understanding what they are, how to defend against them and how to deal with them if they are successful. In addition to data breaches, threats can include business e-mail compromise incidents and ransomware. Each focuses on compromising and exposing data in one form or another, and using that data to misappropriate funds or defraud the owners of the data. It’s called cybercrime for a reason – criminals are looking to steal your most important assets.
- If you believe your business has been a victim of cybercrime, go to the FBI’s Internet Crime Complaint Center (IC3) and file a formal complaint. Contact your information technology (IT) security department to start the investigation process and implement your incident response plan(s) immediately.
Lastly, we’re all in this together. When we spend the time and resources to protect ourselves and our companies from cybercrime, it protects everyone, including employees and customers. It’s an insurance policy that covers everyone in the entire ecosystem; even just one small, exposed vulnerability can bring down the entire house of cards.