5 Easy Ways Employers Can Protect Themselves from Cyber Threats by David McCullough, on January 18, 2018 Let’s face it, cyberattacks are common place in business today. Global cybercrime is projected to reach $2 trillion by 2019.1 Chances are, someone you know has fallen victim to some sort of scam or online threat in the past eighteen months. The fact is your data and business information is valuable, and not only to you. No matter your line of business, your systems contain information on your employees, often times referred to as Personally Identifiable Information (PII), your customers, and your partners. If you pay your bills online, your systems contain banking information as well. Hackers would love to have access to all of this data, as identity theft affects over 17 million consumers each year. There is a common mentality among business owners with smaller companies: "I'm too small to target." This is often quite the opposite, as hackers expect smaller businesses to have more relaxed cybersecurity measures. These lax protocols are often in the form of outdated software, which can be very easy for criminals to manipulate. If there are vulnerabilities in your environment, it doesn’t take them long to get in. In fact, in their 2016 Data Breach Investigations Report, Verizon found that in 93% of breach cases, it took the attacker minutes to infiltrate the network, and organizations weeks to identify the actual breach. You don’t need a high dollar consultant to begin the process of protecting your business from these threats. Securing your business from cybercrime is one of the most important things you can ever do, and if you and your internal team have the resources you need, you can play a significant role in the reduction of your chances of becoming a target. The best way to prevent this scenario in the first place is by taking the proper security precautions. While there are plenty of steps you can take on your own as a business owner, here are five simple things you can start with: 1. Assess: You don’t know how vulnerable you are until you take a look at the information you have and the security measures that you have in place currently to protect it. Do you have an Intrusion Prevention System (IPS), Intrusion Detection System (IDS), and a Data Loss Prevention (DLP) solution in place currently? Can you identify and control who accesses your network? Your employees will have access to information that must never be shared with people outside of the company, therefore remember to assess what training your staff is receiving in order to keep current regarding the threats to the data. If you have your own servers and your workers have their own logins, you should also make sure they are creating secure passwords that they change often. This will help prevent any internal issues from arising. 2. Plan: Once you have been able to identify where the exposure is in your infrastructure, the next step is to devise a plan to fill them. Questions such as – What software and hardware solutions do I need to invest in to ensure that I am protected? Outdated software is often the reason people are able to access information that the company wishes to keep private. Many entrepreneurs forego security updates because they fear it will cause them to lose productivity. But, not doing so puts them at risk and can result in even more lost productivity. Which team members, or outside resources will implement and support our plan? Who needs to be trained, (and then continually retrained), regarding security measures and threats? – these questions should be a part of building your plan. 3. Test: Once you have collected all of the necessary feedback, software and hardware solutions, and a training plan, it is now time to test the programs and processes. Testing will include the IPS, IDS, and DLP, should you choose to include all three, as well the training classes that are developed to inform your staff. 4. Implement: Once testing is complete, it is time to roll out the plan. Implementation can be tricky as you will need to fine-tune the security gateways that you create in order to allow day-to-day business to proceed without unnecessary interruption. Don’t forget that training takes time and not everyone will “get it” when it comes to why this is important and how they can contribute to a secure environment. Be sure to be open to all perspectives but remain firm in your quest to shut down security vulnerabilities. Keep in mind when implementing this cyber security plan that viruses are not the only type of threat: Theft occurs in the workplace on a daily basis, and it isn’t always money that people are looking for. Keep track of what employees have access to information, and no matter how much you trust them, keep an eye out for potential loopholes. 5. Reassess: This isn’t a one-time exercise. Protection from cyber threats requires continual reassessment. New threats arise daily and you must ensure that the solutions that you put in place are keeping up with them. Training should be scheduled at least annually, (twice a year is better) so that the staff remains informed of the latest developments and how they can reduce the risk of a breach. If vulnerabilities are identified, start at step 2 and go through the process again. There they are, the five easy ways to protect your business from cyber threats. Remember to occasionally take time to research any current viruses or software security breaches that you need to know about. This will keep help your data safe (along with your employees' and clients'). I know they take time, money, and resources to implement, but everything in business takes time, money, and resources. Just know that the investment that you make now can prevent a multitude of issues, expenses and sleepless nights down the road. Register for our FREE upcoming webinar, Sex, Drugs and Human Resources: What Every Employer Needs to Know in 2018, happening Tuesday, January 23 at 10 a.m. CST. David, along with other experts, will discuss sexual harassment in the workplace, medical marijuana, employees on social media, cybersecurity, HR trends they see coming, and so much more! 1 www.securityintelligence.com David McCullough David McCullough serves as the Chief Administrative Officer for LandrumHR. Prior to joining LandrumHR in 2017, David spent twenty five years in the technology, PEO and staffing industries with roles in sales, operations, client relations and executive management. David is active in many nonprofit organizations and is a founding member of the Atlanta chapter of Georgetown University’s Woodstock Business Conference. He also acts as a board member of the Catholic Charities Atlanta Leadership Class. David holds a B.S. and M.Ed. from Auburn University. He resides in Atlanta, GA with his wife and three children. View more blogs by David McCullough 2 Related Articles How to Avoid Social Media HIPAA Violations What Can You Do If Your Employees Are Discussing Work Conditions on Social Media? 5 Important Facts About Employer Background Checks Professional Goal Setting: The Sky is the Limit in 2018! 3 Steps to Help You Nail Your Next Interview