Every business, including startups, has data to protect. So, it’s not really a matter of if, but when an organization will experience cyber and data privacy threats. This post will provide tips on how to proactively protect data related to employees, customers, vendors, operations, and intellectual property. From creating password strategies to setting up incident response plans, there are many things organizations can do to potentially save a ton of stress, cash, and even reputation.

Prepare:

1. Designate a person or team to handle information security and preparedness.
   • A designated internal team member may be an executive or someone in legal, HR, or marketing.
   • Someone designated outside the company may be an attorney, public relations representative, or an insurance contact.
2. Make a plan to address cyber incidents.

Prevent:

1. Train your employees regularly. Most breaches result from human error. Hacks can be caused by phishing, ransomware, identity theft, and email compromise.
2. Use strong passwords. Change them regularly and don’t share them with anyone.
   • Password tip: a strong, smart password is private, unique, and is changed every 90 days. A good rule of thumb is to create an acronym from a sentence. Use symbols for some of the letters and include both upper and lowercase letters. For instance, you can use capital letters for proper nouns. Be sure it includes numbers, too.
   • Example: I<32soSicfBR! / I love two scoops of Snickers ice cream from Baskin Robbins!
   • Some password security tools we recommend include multi-factor authentication (2FA), biometric authentication (finger print, voice print, facial recognition), and password managers.
3. Avoid public Wi-Fi. Use only secure internet connections for business matters.
4. Protect computers by using firewalls, updating software, installing antivirus and antimalware, encrypting sensitive information, and regularly backing up files.
5. Work with trusted business partners and know how to contact them.
6. Dispose of data and media safely and securely.

Respond:

1. Mobilize your entire team, both internal and external. Examples of internal team members include information security officer, executive-level officer, in-house legal, marketing, and human resources. External examples include outside counsel, public relations, and insurance.
2. Stop the breach – determine the cause of the breach and take necessary steps to stop it. IT professionals and/or forensic experts may get involved at this point.
3. Notify all appropriate parties including affected customers, insurers, and law enforcement.
4. Make any and all appropriate reparations including discounts, damages, free credit freezes, and credit monitoring.
5. Seek any and all appropriate remediation.

Hopefully this provides a solid foundation for where to start with cybersecurity. Threats and solutions are constantly changing, and it’s important to remain up-to-date with all operating system,  antivirus, and antimalware updates. While there are many things that can be done to hardware and software to protect information, perhaps the most important action to take is educating and training employees and service vendors who access company data. Remember, human error is almost always the cause for a breach.

Brief Case Study
Following Target’s 2013 holiday season hack of over 41 million credit and debit card accounts, Target was required to employ “an executive or officer with appropriate background or experience in information security” to implement and maintain its information security program through implementing a new IS program, changing network system policies, executing data encryption guidelines, and ensuring vendor compliance.