United States e-commerce sales topped $146 billion in the second quarter of 2019, according to the U.S. Department of Commerce.
The rise of the online marketplace has moved in lockstep with the explosive growth of the internet over the past two and a half decades: Google now receives more than 5.5 billion searches a day and an average of one million new users gain access to the internet every 24 hours.
The numbers are staggering and present a stark reality for business owners: adapt online or struggle to survive.
It is now clear, though, that a major component of online business success is the ability to prioritize cybersecurity and safety – the U.S will account for half of all breached data in the world by 2023, when an estimated 33 billion records will be stolen by cybercriminals.
In a recent survey of business decision makers, only 37 percent expressed cyber risk as their top business concern. Here are three ways you can start prioritizing cybersecurity in your organization.
Build a Security-Aware Organization
Cybersecurity isn’t simply about having the right preventative technology in place – it requires the awareness and participation of everyone within an organization. A security-aware organization has the following key components in place:
- A written information security plan. This plan should identify the organization’s security policies, goals and priorities. It should also include policies for network security and use of company email, social media, and the Internet. Many state regulators request written information security plans when investigating organizations that have experienced a security breach.
- An inventory of the business’s core assets and sensitive data. Identify where this information is stored and who within the organization has the authority to access it.
- Access control. Limit access to computers, company networks and confidential data to only those who require it.
- Employee training programs. Employee training on basic security practices and policies is essential.
Establish Security Safeguards
The following baseline measures are recommended to help safeguard business’s sensitive data:
- Password protection and authentication controls. Passwords are the primary means for controlling access to sensitive data resources. Change passwords regularly and consider multi-factor authentication.
- Be suspicious of unexpected emails. Phishing emails are designed to gain information or install malware on a device. Businesses should educate employees on the dangers of opening unexpected emails.
- VPN (virtual private network) for remote access. For organizations with remote users, VPN provides a secure channel through the Internet to the organization’s private network.
- Vendor security. Businesses need assurance that any vendors with which they share company information makes security a priority.
Prepare for the Worst
A security breach is a near certainty for businesses today. For businesses of all sizes, preparedness is key to surviving the fallout.
An incident response plan (IRP) prescribes the way a business will respond to and manage the effects of a security attack. An IRP should include the following components:
- Identification of an incident response team
- Clear delineating of possible incidents and how to identify and contain them
- Procedures for eradicating the root cause of the attack, restoring data and software, and monitoring systems for any remaining signs of weakness.
Source: The Hartford, “Prioritizing Cyber Security for Business Owners” https://www.thehartford.com website. Accessed December 28, 2020. https://www.thehartford.com/resources/business-cyber-security-prioritization-tips
© Copyright 2020. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.