BreachExchange mailing list archives
10 tips to help you defend and protect your business from ID theft
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 8 Jan 2016 13:30:34 -0700
http://www.azcentral.com/story/money/business/tech/2016/01/07/10-tips-defend-protect-business-id-theft-mark-pribish/78438692/ With 2016 upon us, you're likely reflecting on your business triumphs, challenges, and opportunities over the past year and planning ahead. While doing so, make sure to include cybersecurity best-practice resolutions along with increasing profits, as ID-theft criminals are working hard to take those profits from you. I encourage every business – especially small- to medium-sized businesses – to take stock of their cybersecurity best practices and commit to new and improved information security and governance practices. Your resolution – or more importantly, the promise from your business to your employees and customers — is to focus on cybersecurity and cybersecurity risk assessments. As an employer, you should create a culture of cybersecurity by educating your employees and customers on the common threats to which businesses, employees and customers are exposed and to help provide educational resources for employees and customers to stay safer online. Whether your business experiences a cyberintrusion, malicious attack or an accidental release of customer or employee information, the lack of cyberpreparedness of your business can be a much greater threat than the data breach event itself. Based on the above information, here are 10 cybersecurity resolutions that your business needs to complete this year: - Create or update your information-security and governance policy; put it in writing. - Update and test your plan annually. Include penetration testing, along with a simulated data-breach event. - Annual employee education should be the No. 1 priority. Individuals, not hackers, are the cause of most data breaches. - Define the proprietary/sensitive information for your business, confirm which employees need access to it and then train those employees on it. Include coaching on the Internet of Things and Internet safety. - Use at least 14-character passwords including lower and uppercase letters, numbers and signs. Change your passwords every 90 days. A great password tip is to write an easy-to-remember sentence or phrase, such as “I love the AZCardinals!” - Complete regular software updates and patches. Most hacking events leverage old flaws that already have been addressed but proper patches have not been applied. - Emphasize the importance of protecting employees and customers when connecting to the Internet. Do not use public wi-fi except with encryption or over a VPN. - Know about and understand state and federal breach notification laws, which can significantly impact your business. Determine if every employee, or only those employees with access to proprietary/confidential information, need to be background-screened. Effective pre-employment screening can identify those who intentionally misrepresent their identities. Your written information security and governance plan should be reviewed and signed on an annual basis by every company employee, regardless of the size of the organization. Make 2016 a great year for your business, including your cybersecurity best-practice resolutions.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- 10 tips to help you defend and protect your business from ID theft Audrey McNeil (Jan 12)