10 tips to help you defend and protect your business from ID theft

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.azcentral.com/story/money/business/tech/2016/01/07/10-tips-defend-protect-business-id-theft-mark-pribish/78438692/

With 2016 upon us, you're likely reflecting on your business triumphs,
challenges, and opportunities over the past year and planning ahead. While
doing so, make sure to include cybersecurity best-practice resolutions
along with increasing profits, as ID-theft criminals are working hard to
take those profits from you.

I encourage every business – especially small- to medium-sized businesses –
to take stock of their cybersecurity best practices and commit to new and
improved information security and governance practices.

Your resolution – or more importantly, the promise from your business to
your employees and customers — is to focus on cybersecurity and
cybersecurity risk assessments.

As an employer, you should create a culture of cybersecurity by educating
your employees and customers on the common threats to which businesses,
employees and customers are exposed and to help provide educational
resources for employees and customers to stay safer online.

Whether your business experiences a cyberintrusion, malicious attack or an
accidental release of customer or employee information, the lack of
cyberpreparedness of your business can be a much greater threat than the
data breach event itself.

Based on the above information, here are 10 cybersecurity resolutions that
your business needs to complete this year:

- Create or update your information-security and governance policy; put it
in writing.
- Update and test your plan annually. Include penetration testing, along
with a simulated data-breach event.
- Annual employee education should be the No. 1 priority. Individuals, not
hackers, are the cause of most data breaches.
- Define the proprietary/sensitive information for your business, confirm
which employees need access to it and then train those employees on it.
Include coaching on the Internet of Things and Internet safety.
- Use at least 14-character passwords including lower and uppercase
letters, numbers and signs. Change your passwords every 90 days. A great
password tip is to write an easy-to-remember sentence or phrase, such as “I
love the AZCardinals!”
- Complete regular software updates and patches. Most hacking events
leverage old flaws that  already have been addressed but proper patches
have not been applied.
- Emphasize the importance of protecting employees and customers when
connecting to the Internet. Do not use public wi-fi except with encryption
or over a VPN.
- Know about and understand state and federal breach notification laws,
which can significantly impact your business.

Determine if every employee, or only those employees with access to
proprietary/confidential information, need to be background-screened.
Effective pre-employment screening can identify those who intentionally
misrepresent their identities.

Your written information security and governance plan should be reviewed
and signed on an annual basis by every company employee, regardless of the
size of the organization.

Make 2016 a great year for your business, including your cybersecurity
best-practice resolutions.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.