$7.91 million — that’s the average cost of a data breach for a U.S. company, as reported in a 2018 study sponsored by IBM. Guess how much a company pays on average for a lost or stolen record containing sensitive or confidential information: $148. And those numbers are rising.
Not only are cyber attacks getting costlier for companies but also larger and more aggressive — and, unfortunately, there’s no end in sight. Hackers are profiting from these attacks, essentially turning cybercrime into big business. No matter how quickly IT security evolves, threats will continue to match its pace.
However, there are 5 easy ways you can better protect your company in the Wild West that is IT:
1) Train your users well.
Try as they might, end users are the weak link in security breaches. Usually, it’s simply due to a lack of training.
That’s why it’s crucial to document your company’s IT security policies, procedures, and best practices, and make sure every end user is trained and updated regularly.
If you don’t have such a guide or training regimen, start creating one today. At the very least, make sure users know:
- How to identify and report phishing emails, a.k.a. the favored technique amongst hackers that when reported helps the system better filter spam and phishing attempts
- The risks associated with using USB drives
- To always click “yes” on updates
- How to create and manage passwords (see below)
- What to do in case of a breach and who to contact
- To lock their computers
Those are just the tip of the iceberg. When or if you have everything documented, hold regular trainings to make sure everyone’s up-to-date, and always train new employees.
Remember, what’s common sense to you may not be the case for everyone at your company. In fact, let’s go ahead and assume that it’s not.
2) Be smart about passwords.
In 2015, “123456” and “password” were the two most popular passwords among users. Fast forward to 2018 and, alas, they still held the prize for first and second place. Sigh.
To better protect your company’s IT security, there are four password rules that users should always abide by:
- Always use a different password for each site.
- Never use the same passwords at work that you would use for personal home accounts.
- Never, ever write a password down.
- Make passwords long and strong with a combination of upper and lowercase letters, symbols, and numbers.
If your company’s users need help amping up their password game, consider using a password manager, like Google Chrome’s, which allows users to securely store passwords in an online vault so they don’t have to remember a gazillion complicated phrases.
3) Implement Two-factor or Multi-factor Authentication.
When signing in to an online account, have you ever been prompted to enter a code that was sent to you, say, via text? That’s two-factor (or two-step) authentication.
While passwords are your first line of defense, two-factor and multi-factor authentication provide extra layers of IT security to make sure individual users are the only ones with access to their accounts.
If you think that your company’s users will resist two-factor authentication, or they already have, consider this: by simply adding one more step, users can reduce the possibility of a breach by 80%, as reported by Symantec.
Adding an extra step can be frustrating at first, but over time, it becomes second nature — just like passwords eventually did. And we can all agree that it’s not nearly as frustrating as a security breach.
4) Move data to a cloud-based service.
Yes, we’re biased, but AODocs didn’t build its platform on the cloud-native service G Suite for nothing. There are numerous security advantages with the cloud.
For starters, operating systems are complex. If the responsibility of configuring firewalls and keeping systems up-to-date falls on your internal teams, the probability of something being overlooked is high. For instance, it takes enterprise companies an average of 18 months to patch a vulnerability. That's right — 18 months.
On the other hand, when using public cloud services, there are no servers to manage, and the underlying infrastructure is carefully supervised by expert IT security professionals.
Also, cloud service providers go through scrupulous annual audits to ensure security, something that isn’t required of legacy systems. Even companies that store customer data in the cloud go through security audits.
Only a few weeks ago, AODocs received its SOC (Service Organization Control) 3 certification, which is a condensed version of the SOC 2 certification we received after a 2018 audit.
The certification means that AODocs’ IT security policies adhere to cloud data management best practices to ensure that our customers’ data is as safe as possible. We’re also proud to say that we’re the only enterprise document management solution on Google Drive with the SOC 2 and 3 certifications.
Since we believe in implementing only the strongest security measures, it makes sense that we would build our product on the safest platform for our customers.
5) Lock your computer (and bust those who don’t).
During the SOC 2 audit, one of our AODocs employees left their computer unlocked, revealing that they had temporarily turned off their firewall. D’oh!
That’s a rare occurrence at AODocs, thanks to our tradition of busting each other for less-than-stellar security practices. Basically, if someone spots an unlocked computer, they’ll send out a harmless, company-wide email from the culprit’s email account, promising things like free lunch for a week.
Once that happens, users never make the mistake again. Would you want to tell a whole company they’re not getting free food for a week? I don’t think so. In the end, it’s all about educating users and keeping each other accountable — even if that education involves the false promise of sustenance.
Data breaches are everywhere and only getting worse, but with the right training, practices, and processes in place, you can better protect your company from becoming the next big cyber attack story.