09 Feb, 2016

10 Tips To Help You Defend And Protect Your Business From ID Theft

CISO10 Tips To Help You Defend And Protect Your Business From ID Theft

Information to keep your business safe.

With 2016 upon us, you’re likely reflecting on your business triumphs, challenges, and opportunities over the past year and planning ahead. While doing so, make sure to include cybersecurity best-practice resolutions along with increasing profits, as ID-theft criminals are working hard to take those profits from you.

I encourage every business – especially small- to medium-sized businesses – to take stock of their cybersecurity best practices and commit to new and improved information security and governance practices.

Your resolution – or more importantly, the promise from your business to your employees and customers — is to focus on cybersecurity and cybersecurity risk assessments.

As an employer, you should create a culture of cybersecurity by educating your employees and customers on the common threats to which businesses, employees and customers are exposed and to help provide educational resources for employees and customers to stay safer online.

Whether your business experiences a cyberintrusion, malicious attack or an accidental release of customer or employee information, the lack of cyberpreparedness of your business can be a much greater threat than the data breach event itself.

Take charge of your cybersecurity in 2016

Based on the above information, here are 10 cybersecurity resolutions that your business needs to complete this year:

  1. Create or update your information-security and governance policy; put it in writing.
  2. Update and test your plan annually. Include penetration testing, along with a simulated data-breach event.
  3. Annual employee education should be the No. 1 priority. Individuals, not hackers, are the cause of most data breaches.
  4. Define the proprietary/sensitive information for your business, confirm which employees need access to it and then train those employees on it. Include coaching on the Internet of Things and Internet safety.
  5. Use at least 14-character passwords including lower and uppercase letters, numbers and signs. Change your passwords every 90 days. A great password tip is to write an easy-to-remember sentence or phrase, such as “I love the AZCardinals!”
  6. Complete regular software updates and patches. Most hacking events leverage old flaws that already have been addressed but proper patches have not been applied.
  7. Emphasize the importance of protecting employees and customers when connecting to the Internet. Do not use public wi-fi except with encryption or over a VPN.
  8. Know about and understand state and federal breach notification laws, which can significantly impact your business.
  9. Determine if every employee, or only those employees with access to proprietary/confidential information, need to be background-screened. Effective pre-employment screening can identify those who intentionally misrepresent their identities.
  10. Your written information security and governance plan should be reviewed and signed on an annual basis by every company employee, regardless of the size of the organization.

Make 2016 a great year for your business, including your cybersecurity best-practice resolutions.

Mark’s most important: Protect your business, employees and customers from the negative impacts of ID theft and data-breach events by resolving to be proactive and prepared.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix.

Originally published by John Iannarelli on LinkedIn

Trackback URL: https://mill-all.com/blog/2016/02/09/defend-protect-from-id-theft/trackback/