With more people telecommuting and the likelihood of it becoming a permanent part of the work environment, cybersecurity is moving to center stage again. Studies show that with employees working remotely, the risk of a breach increases, breaches are harder to identify, and the costs of the breaches increase. Data breaches are expensive. The current estimate according to IBM is $150 per each record accessed, 237 days to identify and contain, and an average total cost of over $8 million. If you have not reviewed and updated your cybersecurity policies and procedures or you do not currently have them, now is the time to act.
A good policy should have administrative, physical, and technical components. Start with a comprehensive policy. Do not download malware. Train your employees to identify malware and suspicion phishing attempts. Purchase a third-party email scanner that identifies malware before it gets to the employees’ inboxes.
Security procedures are crucial. Passwords are a must. Avoid biometric access. Two-factor authentication is best and within that, key code generation is the optimal solution to prevent hacking. Avoid using email or text codes unless your email and text are encrypted (most are not). Do not write passwords on paper and store it by the computer. If you need to save passwords, purchase a password manager software as it will store the passwords in a hash format making them more difficult to retrieve by a bad actor. Limit network access to specific assets based on the job. Segment your network. A single log-on to multiple applications is preferable as to reduce the chance of missing one when it is time to revoke authority or make changes.
Backup is important and often overlooked. Have you actually tried to restore from your backup? Backup should be done to a cloud resource and a local physical storage device that can be removed from your network easily and quickly. When you sign up for cloud usage, review the agreement to verify their security procedures. If you are in a regulated industry (think HIPAA), does that vendor meet the regulatory requirements for the security of health care data?
A scheduled review of your cyber policies and procedures helps to ensure that you are staying current and addressing changes in technology. We all know how fast things change and evolve.
Lastly, consider purchasing a cybersecurity insurance policy. Review the policy to insure that it covers personal devices and out-of-office events. A majority of remote employees use their personal mobile devices and laptops for work purposes. (That is a subject for another blog.) This will provide piece of mind and provide you with resources in the event that you have a data breach.
This is a broad overview of cybersecurity. Many industries have their own unique considerations, liabilities, and requirements. Loper Law LLC has worked with clients to develop appropriate cybersecurity policies for clients and advise them of their risks and mitigation options. Let us know if we can do the same for you.
452 Government Street, Suite E
Mobile, Alabama 36602