Cybersecurity breaches are an increasingly large threat to big and small businesses as they move more operations online, and two cybersecurity professionals shared their advice on how to protect against becoming a victim, in Business Report’s latest webcast.
Integration of new technology and work-from-home policies enacted during the pandemic made businesses, their owners and their employees subject to dangerous security breaches.
The pandemic caused work and home environments to blend in a way no one could have anticipated, said Nicholas Andersen, public sector chief information security officer for Lumen Technologies. It’s more important for business leaders to make sure their employees know about threats and risks when working from home.
The average cost of a data breach for a business is about $4.25 million, said Jeff Moulton, president and CEO of Stephenson Technologies Corp. The average home breach is about $1 million on top of that, he said.
Having a work-from-home policy with a security perspective is key to preventing those breaches, Moulton said.
Tips for protecting cybersecurity when working from home include using only work-administered devices—as devices used by other family members may be less secure—using two-factor authentication, and auto-locking.
These should be spelled out as terms of employment, Moulton said.
Since coming out of lockdown, many companies are also falling victim to invoice attacks, where fake invoices are sent to higher-ups like CFOs, Moulton said.
These attacks can also affect suppliers, Andersen said. Businesses need to have conversations with the people they do business with, see how they are mitigating their risk and see how it will impact their business.
Small businesses should also ask their IT employees how their data flows, Moulton said. It’s important to know how your data flows from creation to disposal and how it interacts with who you are participating in e-commerce with.
Other tips from the webinar include:
- Using the cloud to store data: Moulton recommends a hybrid solution, in other words, storing some data in-house and some in a cloud storage device. In-house data is easy to access and users are aware of where it is. Cloud data is also easily accessed, but some companies store data in foreign countries, Moulton says, which could have implications if U.S. relations with that country deteriorate.
- Cyber insurance and risk assessment: Cyber insurance is good, Moulton says, but make sure to read your contract’s fine print, as there may be clauses that prevent businesses from mitigating security breaches themselves. Risk assessment is great, as it allows a third party to come in and take a look at your technology, mitigating threats.
- Industry prepping for the fourth industrial revolution: Every sector will be affected by developing technology and the threats that come with it, Andersen says. Security must be integrated into a company’s threat model and companies have to build their threat model as they invest in new technology.