Cyber Liability: How To Protect Your Business’s Data
Dan Levenson June 25, 2015
One of the best ways to limit your cyber liability is to protect your data from cyber breaches. Doing this requires a set of internal controls that are not unlike those you would use when receiving payments from customers in a retail format or shipments from a supplier of goods. These controls can be instituted without necessarily involving a large amount of additional software, as many of these cyber liability additions involve employee practices and insurance.
Safeguarding Password Receipt
Receiving passwords needs to be handled correctly at the server level, or you will essentially be handing this precious customer data to hackers. For this reason, limiting your cyber liability starts with making the reception and handling of password data more complicated than the standard “https” encryption that many website owners consider the gold standard. Using more enhanced encryption methods will ensure that your password receipt is a process that customers can be confident in.
One way you can enable more secure password receipt is via an on-screen keyboard, which essentially allows your customers to type using their mouse. This is a very good way to circumvent keystroke loggers, which are a primary way that hackers access passwords. This is particularly potent on public wireless networks and public computers, where even a customer’s most sophisticated software is not usable. Making entering passwords a more secure process changes your entire cyber liability profile.
Frequently Changing Passwords
You need to keep passwords on a frequently changing basis, or sooner or later they will be hacked and become useless. Every employee and every customer needs to change their passwords no less than monthly under any circumstances. Otherwise your liability to cyber attack can grow dramatically.
Keeping Data Off Private Devices
So many problems occur when employees keep private information, such as social security or credit card numbers, on their laptops. This essentially means that all a thief needs to do is wait until the employee goes to purchase a cup of coffee and clandestinely walk off with the device in question. Obviously, this does not bode well for your company if you handle anything sensitive. As a general rule, there is no reason to keep this data on any kind of private device. This can be accessed through a secure server connection that does not utilize the hard drive, and which uses the frequently changed password the employee should be keeping secret.
Off-Site Server Backups
Backing up your data on-site has certain advantages, such as cost savings. Unfortunately, the down sides to this practice are that the data can easily be disrupted locally. Worse still, it can be stolen with relative ease simply by breaking in. While keeping a local backup is fine, keeping an off-site backup can be an excellent way to maintain continuity if there are local problems such as natural disasters or civil unrest. When your customers need their data, any attempts on your part to explain why they cannot access this data will fall on deaf and frustrated ears.
Properly insuring your technology is a vital component of doing business in the modern world. While general liability insurance can sometimes act like an umbrella in instances where your technology fails or is compromised, technology insurance is more targeted to specific instances where technological failure happens. In the same way you would not want to use your home owners insurance to protect you from liability if you are in an auto accident, using general business insurance for technology-related problems is simply not appropriate.
Being careful goes a long way to maintaining cyber integrity. Being properly insured covers the rest.