Assessing Risk
“A high-level risk assessment will probably cost about $2,500 to $5,000 for one or two days’ worth of work,” LaMantia says. “Then at least once a year have that person, or another one outside your business, assess your risk.”
The first visit will provide a baseline that can serve as the beginning of a risk remediation plan, spelling out vulnerabilities so they can be addressed and reduced.
At this point, LaMantia says, “You can begin to understand what to do should a breach occur.”
Insurance
LaMantia recommends buying cyber security insurance if customer data is a big part of a company’s intellectual property.
Cyber and privacy policies can cover company liability for a data breach when customers’ personal information is stolen.
Policies generally cover some costs associated with a data breach such as notification costs, credit monitoring, fines and penalties, and losses associated with identity theft. Unfortunately, LaMantia notes, such policies can be expensive.
John Ahlberg, founder and CEO of Waident Technology Solutions with locations in Illinois and Wisconsin, believes the coverage is worth the cost.
Should a breach occur, cyber insurance will at least cover some of the financial losses, which could be catastrophic depending on the size or scope of the breach.
Educating Employees
Another facet of security is educating employees. Ahlberg recommends using the tests at www.knowbe4.com as a first step in determining if employees are ‘risk-savvy’ or likely to click on phishing or malware emails.
KnowBe4 has some free options like the Phishing Security Test and a Domain Spoof Test, but also offers a deeper Security Awareness Training program.
“Educate your team on a consistent basis,” Alhberg suggests. “Tell them stories (about what can happen), show them examples, and talk about security at staff meetings. Ask them to be cautious and think twice if something feels out of place.”
Examples include emails with photo links saying, “Check these out” or similar innocuous invitations. Employees should stop and think about whether the CEO or vice president would really send them photos while on vacation.
Almost all malware infections occur because a user clicked on a link or attachment in a message and ended up at a rogue website, Ahlberg says.