When you hear about data breaches in the news, it’s usually the big names: JPMorgan Chase, Sony or Home Depot. However, as large companies invest in ramping up security, hackers are turning their sights on small and mid-sized businesses that may not have the resources to fend off their attacks. From 2013 to 2014, cyberattacks on mid-sized companies rose 40 percent.
Through August of 2016, the Identity Theft Resource Center had already reported nearly 600 data breaches of U.S. companies, which exposed over 20 million customer records. (And that’s just the ones we’re aware of.) Many of these breaches include companies in the healthcare sector, as thieves target medical records full of personally identifiable information (PII).
“Personally identifiable information includes names, social security numbers and dates of birth,” says LIUNA General Secretary-Treasurer and LHSFNA Labor Co-Chairman Armand E. Sabitoni. “If your organization stores this kind of data, it’s critical to take steps to keep this information secure and to educate employees on their role in that security.”
So how can you protect your organization and its employees? The following questions can help LIUNA District Councils, Local Unions, health and welfare funds and signatory contractors identify areas where they can improve security and protect against harmful data breaches.
1. Do your employees know how to avoid phishing, malware or ransomware attacks?
Clicking malicious links or attachments in emails and other digital communications is still the most common way for hackers to access your systems. Remind employees not to click on suspicious links or attachments, even if they come from friends or colleagues. It’s easy for scammers to send emails that look legitimate once they’ve compromised someone’s account.
It’s just good practice to avoid sending personal or financial information over email. Your employees may be able to avoid phishing scams, but can you say the same about everyone else you do business with? If their system gets hacked down the road, your information could be waiting.
2. Are your computers and servers protected?
Is the software that protects your servers and employees’ computers up to date? Who’s in charge of making sure security updates get installed – the IT team or each employee?
Hackers are constantly creating new ways to access your data, and software from companies like McAfee and Symantec helps stop these threats. New updates often protect against the latest viruses and recently discovered security vulnerabilities. Stress the importance of installing these updates as soon as they become available.
3. Do employees use insecure wireless networks while away from the office?
You might have good security practices set up at your office, but what happens when employees are at home or out in the field? Are they responding to work emails on their cell phones? Sending documents from home? If so, your security is only as good as the wireless networks they’re using.
Public networks (like that free WiFi at Starbucks) are a common way for hackers to steal your information. Browsing websites is okay, but don’t log into sites that require a username and password and avoid sending confidential information. A good rule of thumb: if you wouldn’t want it broadcast to the world, don’t do it on a public network.
4. Are you making use of cloud services to improve security?
Many small companies and organizations can’t afford a full-time IT expert to watch for security breaches. But there’s a way to get high-level security without incurring equally high costs. Cloud services like Google and Amazon Web Services host company data securely on their servers, where full-time specialists monitor the integrity of the network. These services don’t guarantee your data will stay secure, but they are an option worth exploring.
5. Have you considered cyberliability insurance?
Cyberliability insurance helps mitigate the immediate administrative, technological and legal costs of a data breach. Though cyberliability insurance can’t bring your data back, it can help defray the costs of notifying customers and setting up credit monitoring or identity protection services.
If you’re keeping data that falls under the Health Insurance Portability and Accountability Act (HIPAA) or data that includes PII, cyberliability insurance may be a worthwhile investment.
Future issues of Lifelines will take a deeper look at cyberliability insurance and how building partnerships across different areas of your organization can improve cybersecurity.