Running virtually any business these days leads to cyber exposure. From how you take payments and storing customer data to managing files in the cloud, businesses have new and evolving cyber exposures they need to be aware of and manage.
Keeping across all of this can be daunting, but alongside ensuring you have good cyber insurance protection, below are a few key points to consider.
1. Managing credit card information
Firstly, if you can avoid being the holder of credit card information, then do so.
Don’t take payments over the phone, and push all your customers to use your online payment gateway. This ensures adherence to stronger protocols and procedures and makes the sensitive data you hold on clients less valuable.
These days there is no real reason to store credit card information.
2. Security systems to protect clients
When collecting personal information, you need to inform customers what you are collecting and why you are collecting it.
Also, sharing it publicly, via a link from your website, can be a good accountability process.
3. Pen testing your IT setups and infrastructure
If you haven’t heard of pen testing, that’s okay … well, sort of okay.
Pen testing, or penetration testing, is where software is deployed against your website and digital infrastructure to look for and expose weaknesses in your setup.
This is a great step to take as it can help identify weaknesses before they have been exploited. However, penetration testing may not cover all areas where you are exposed, as new vulnerabilities arise from time to time. Also, you are reliant on the skills and adequacy of the company undertaking the testing.
4. Engage some hackers
Did you know you can now engage white-hat hackers to hack your business as best they can?
Sounds strange, but it works, as you engage with hackers before they commence, set a bounty, and agree to terms in advance that encourage them to use their skills for good and not evil.
Big and small companies are engaging in this process to protect themselves.
In the last 12 months alone, Verizon Media spent USD$5 million on white-hat hackers to protect its business.
5. Has your email address been compromised?
Your email address is a critical asset and can be used to quickly and easily help you work out if your personal details have been compromised via a hack on a third-party site.
Through the site Have I Been Pwned, you can quickly see which hacks exposed your details to the world.
If you’ve never checked, stop reading this and do it now.
6. How strong are your passwords?
We are all told we need strong passwords and to change them often. But both strong passwords and changing them often can be tricky to manage. In a business, making sure your staff members update passwords and that they are strong as part of a regular rhythm of work is essential.
So what makes a strong password? A mix of characters, alphanumeric and symbols, not using real words and mixing up capitals and lowercase.
Example of a strong password: 0pen1t$2&85.
7. Do you use cloud storage?
The cloud is everywhere these days and makes it easy and cheap to scale up a business as you grow. The infrastructure simply looks after itself. Or so it can seem.
As you scale, you need to be cognisant of where you and your team store company documents.
If it is in the cloud, who has access to what files? Who is responsible for removing temporary access after tasks have been completed or an employee leaves a company?