Taking a look at the past year, it's overwhelming to think about the sheer number of breaches that happened. If you finish out 2014 without receiving a single email from one of many enterprises that your information's been compromised, you should consider yourself very lucky.
Most people weren't so lucky. Keeping in mind that the year's not yet up — and that the biggest online shopping season still looms — there have been 644 breaches so far, according to an Identity Theft Resource Center report from Nov. 3.
These malicious intrusions span the full industrial spectrum, from education and business to banking and government. In today's cybercrime-heavy world, no sector is spared the devastating impact of a breach — particularly not when there's money or private data to be stolen. But fortunately there are steps companies can take to ensure they never join the ranks of the breached. Here are some of those steps:
- Make sure you have a robust security team: You know what's one of the chief things that enables hackers to win time and again? Simple numbers. As CSO points out, there are far more hackers out there than there are people equipped to defend against them. Jacob West, CTO of Hewlett Packard's Enterprise Security Products, suggests that around 40 percent of security roles that could be filled are currently sitting around vacant.This broader problem plays out on a smaller scale at businesses of all sizes, many of which lack the staffing to protect against the myriad threats out there. To deal with this problem, the solution — at least on the surface — couldn't be simpler: bring on more security people. But for many businesses, generating a team of highly qualified security defenders is cost-prohibitive.
- Protect customers with two-factor authentication: If patrons can log in to your e-commerce site with a second authentication round that involves, say, a passcode being sent to their phone, this will substantially mitigate the likelihood of customer data being criminally accessed. Therefore, enabling two-factor authentication on your company's site represents a huge proactive step when it comes to keeping everyone safe — including not only patrons, but also your business's reputation. Additionally, patrons who notice that you offer multifactor authentication will appreciate the implicit commitment that carries to strong security.
- Keep employees in the know: Security isn't a discussion that should just happen at the top — it's an issue that involves all your staffers. Therefore, business administrators need to be transparent when discussing cybersecurity and defensive tactics.
Fortunately, keeping the entire company informed isn't particularly hard to do. It's just a matter of instituting ongoing company-wide training to address cybersecurity and sending out the occasional email outlining best security practices. When it comes to allowing all staff to be in-the-know, a little really does go a long way.
- Have a plan in place: Last but certainly not least, your business must have a plan instated to deal with the possibility of a malicious incursion. If, despite your best efforts, one happens, the last thing you want is to be left putting your hands in the air. Your customers don't want to see you helpless — they want to know you're prepared to handle a situation like a breach. Fail to do this and you can count on losing a substantial chunk of your patronage.