With the ever growing use of tablets and smartphones in the workplace the risk of exposing more and more businesses to liability for sensitive data being compromised if these devices are lost, stolen, or hacked. How can your company protect itself against this threat – and how much authority do you have over an employee’s personal device if it’s also used for work-related activities?
What’s more, because these gizmos are small and portable, it’s easy to misplace them. (The federal Transportation Safety Administration recently leased a warehouse just to store those misplaced or left behind at airports.)
Another emerging risk linked to these devices is a “bring your own” policy that many companies have adopted as a way to save costs by having employees spend their own money on smartphones and tablets that are constantly evolving and updated. This approach raises questions about separating company data from personal information on the device. For example, when an employee leaves, does a business have the authority to wipe the information from his or her smartphone? According to some authorities, if an employee connects a personal device to a company network, the company has inherited responsibility for the data stored on it.
To deal with this risk, you need to provide every employee who uses these devices with training, updated annually, on how to respond in case of loss or theft. To minimize potential liability for lawsuits by customers and clients, make sure that the individual responsible for the mishap informs management immediately. The compromised information might include everything from sensitive data (financial or medical) contacts, photos, call history, personal notes – you name it.
You can also use insurance to protect yourself against losses from data breaches. A policy will provide Liability coverage that deals with legal costs and third-party expertise (such as forensics firms to analyze a breach and call centers to provide information and public relations. Coverage might also include services such as access to tools to estimate costs, a checklist for your planned response to a data breach, and access to experts who can answer questions and review your company’s policies and procedures.
For more information, feel free to give us a call. (877)994-6787
Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security. They believe that people who rob with a mouse and a keyboard rather than a gun target large corporations, because those businesses have the most money. This leads them to the misguided belief that cybercriminals will not bother them. In fact, the NACHA – The Electronic Payments Association – reports that Eastern European criminal syndicates have targeted small businesses precisely because they have allowed themselves to become easy marks.
Experts in the field estimate that one in five small businesses do not use antivirus software, 60% do not encrypt data on their wireless networks, and two-thirds lack a data security plan. This failure to take precautions makes a small business easy pickings for computer hackers. However, there are several things business owners can do to protect themselves.
- Use two-factor authentication. This is a mechanism that requires the user to do more than one thing for authentication. It ordinarily has two components — one thing the user knows (such as a password), the other a randomly generated number that the user must input. The number comes from an electronic token card, which generates a new number every few seconds. If the user enters a number that the system is expecting, the system will authenticate the user.
- Inoculate systems against the Clampi Trojan virus. This virus resides on a computer, waiting for the user to long onto financial websites. It captures log-in and password information, relays it to servers run by the criminals, instructs the computer to send money to accounts that they control, or steals credit card information and uses it to make unauthorized purchases. The trojan monitors more than 4,500 finance-related websites.
- Be on guard against “phishing” e-mails and pop-up messages. These messages purport to be from legitimate businesses with which the recipient does business. They ask the user to update or verify information, often threatening negative consequences if she fails to do so. Clicking on the links in the messages brings the user to an authentic looking Web site. However, it is actually bogus; the site collects personal information that the collector can use to steal the user’s identity. System users should ignore these messages.
- Arrange for financial institutions to alert the business owner should they spot unusual activity involving the firm’s accounts.
- Install firewalls and encryption technology to block uninvited visitors from uploading to or retrieving data from the firm’s servers and to protect data sent on public networks. Intrusion detection systems can inform the business owner of attempts to hack into the network.
- Be cautious about opening attachments to e-mails, especially if the sender is someone unfamiliar to the user. Attachments may contain viruses or Trojan horses that can steal login information and passwords or corrupt a system.
- Protect against intrusion by disgruntled former or current employees. Deactivate passwords for former employees, erect barriers to keep employees from accessing systems unrelated to their jobs, and implement sound accounting procedures for financial transactions.
In addition to these safeguards, small businesses may want to consider purchasing computer fraud and employee theft insurance. These policies will protect the business against those losses that still occur; insurance companies are likely to offer favorable pricing to businesses that take precautions against cybercrime. One of our professional insurance agents can give advice on the appropriate types and amounts of coverage. Modern technology gives businesses unprecedented abilities, but it also presents significant risks. Every business owner must take steps to keep the cybercriminals out.
We hope you find this information on protecting your business computer systems helpful. If we can assist you with any other forms of protection for you home, auto, business or personal belongings, please let us know!
Here are 4 EASY ways to reach us:
1. Call 877-994-6787 or 951-600-5751
2. Fax 951-677-6265
3. Email – email@example.com
4. Visit Exclusive New Website – www.siaonline.com