No company is too small to be safe from attacks against their information assets. No large company should be complacent in thinking that they have everything under control.

The data speaks for itself. Threats against cybersecurity are rampantly increasing.

Here are some scary statistics for 2018:

  • 92% of malware is delivered via email.
  • The average ransomware attack will cost a company around $5 million.
  • Cryptomining is on the rise as it was involved in 90% of all remote code execution attacks by the beginning of 2018.
  • On average, it will take a company about 191 days before they identify a data breach.

I’m sure those companies that spend an average of $5 million to release themselves from a ransomware attack now wish they had thought to have better security measures in place beforehand. It likely would’ve cost them significantly less.

Your Company’s Greatest Value Is Its Data

You may not think you have a lot to protect, but the entire value of your business is built upon its data. So it’s imperative to keep your information protected.

Here are some of the types of information you should be thinking about:

Product Information. This could include things like designs, drawings, and plans, as well as patent applications and source code.

Financial Information. This could include things like your company’s own financial records, or any market assessments.

Customer Information. This would include any type of sensitive or confidential information that you store or hold on behalf of your clients.

The consequences of failing to protect this type of information are critical and could include things like legal liability, tangible business losses, and loss of goodwill toward the company.

Over the past few years, we’ve all heard of several instances where data has been stolen that includes highly sensitive customer credit information. This has had a significant impact on the reputation of companies, and as noted above, brought legal consequences against them as well.

So every company, large or small. Needs to have a security program in place that will take steps to mitigate the risk of loss.

Top Priorities for Information Security

1. Have an employee awareness program in place that is constantly updated. Make sure your employees are well trained on how to detect threats and report threats. Since more than 95% of cybersecurity breaches happen because of human error, making sure to educate your employees is critical.

In a recent poll of global organizations, only 38% say they are in a position to fend off a sophisticated cyber attack. We need to do better than that.

2. Invest in a VPN. A VPN will provide your company with anonymity while online and will also encrypt all of your data. You need to understand that what is a VPN and how it is the benefit to invest in the VPN. There are multiple VPNs to choose from, so it is important to choose carefully.

3. Backup Your Data Regularly. Since your data is now considered to be one of your most valuable assets, it makes sense that you do everything possible to protect it. Having a backup gives you some insurance against loss of data and also provide protection against ransomware attacks. If you have a full system image stored, you don’t need to pay extortion money to get your operation running again.

4. Network Firewalls. This may seem basic, but a firewall is a critical element in your company’s security. They will filter all of your network traffic, provide secure access, flagged any potential network problems, and often be able to identify new vulnerabilities that are affecting the network and even suggest a way to fix it.

When choosing a firewall for your business, be sure to choose one that has the flexibility to grow as different services are implemented by your company.

5. Security Audits. Scheduling regular security audits will help you remain up to date with the current stance of your company’s security and help you determine the potential of a cyber attack compromising it.

So you want to be aware of potential threats against your organization or your industry and determine how vulnerable you are and whether such a threat would compromise your capabilities.

6. Monitor Your Employees. Unfortunately, employees are the number one source of fraudulent activity, and that often involves your data. So having some means of monitoring them, and perhaps checkpoints between team members may help to counterbalance some issues.

As stated at the outset, no company is too large or too small to be safe from cybersecurity. And should your company come under attack, when you have no form of insurance against it in place, the cost to you will far exceed the initial cost of security measures? Remember, the average cost for a company to recover from a ransomware attack is $5 million.