data breach and cyber security risks

08/10/2018

Protect Your Business Data

How Contractors Can Protect Their Business Against Data Breaches

Contractors like you already face many safety hazards while on the job. One that may not seem so obvious—you may not even know it’s happening—is a breach of security when your business’ data is compromised or stolen.

Research from IBM recently found the average cost of a data breach in 2016 cost $7.01 million, which accounts for a seven percent increase from the previous year. This tells us data is now more valuable than ever, making it even more vulnerable for theft.

To prepare, contractors must first understand exactly how a data breach can affect their business and then implement the necessary security measures to prevent it from happening.

Understand How Data Breaches Can Impact Your Business

As a small business owner, you may think your company and employees aren’t susceptible to data breaches and data theft. But research has found 99 percent of computer users are vulnerable.

Similarly, nearly 63 percent of businesses don’t have a fully developed way to track and control sensitive data in their organization.

Related Read: Cyber Security: The Nature of the Threat

A data breach can impact your business beyond the loss of data or integrity of your security. Ramifications associated with a data breach include:

  • Damaged reputation or brand name.
  • Lost revenue - many breaches can cause a need to reimburse customers.
  • Liability costs - data breaches can cause lawsuits from customers or vendors.

Prevent Data Breaches and Loss with Server Backup

Even with small businesses like yours, there is enough data stored about customers, servicing jobs and vendors that may pose a huge liability. Thankfully, there are many methods of backup to your internal servers that can help prevent this from happening. A small contracting business can expect to pay between $2-4 per GB stored per month for full backup solutions.

To prevent losing information, consider implementing one of these four methods of data backup:

  • Full backups: Stores a copy of every file and automatically reoccurs on a preset schedule. While effective, this method can be time consuming and may use a large portion of your network’s bandwidth.
  • Incremental backups: This method backs up the files that have been changed or altered since a previous backup. This requires much less bandwidth and time, but must compare each file to its previous version, which can become very complex for computing purposes.
  • Differential backups: This method saves a copy of the recently updated files in addition to the previous versions. All versions are then saved until the next full backup is run. The downside with this method is that is takes up a lot of space and, similarly, requires a lot of the network’s bandwidth.
  • Virtual full backup: A virtual full backup takes the full copy once and does not need to be taken again as long as the storage medium remains unchanged. The virtual backup then synchronizes the backups to the database. This method is the most simplified version of a full data backup and reduces disadvantages of other alternatives.

Protect Your Business from the Impact of Data Loss with Cyber Insurance

Should you experience a network failure or a data security breach, there are insurance coverages available to mitigate some of the impact on your business. Cyber insurance policies are now more important than ever. Data loss and breaches don’t just occur as a result of a hack or malicious malware. They can easily occur from an employee mishandling information, a lost laptop or not updating your system’s network permissions.

It’s important to remember that while some older general liability coverages may protect your business in the event of data loss, most newer ones don't - as data is not classified as “tangible property.”

Instead, consider investing in cyber liability, internet liability or network security liability insurance. These cover third parties who've been affected by your data loss. The last thing you need is an expensive lawsuit or a loss of your customer base because of a data breach.

As an extra layer of protection, invest in first-party cyber insurance. This protects your company against business interruption while you work to resolve the breach and any costs for any damage.

A Guide to Protecting Your Digital Assets

  • Update the passwords to your servers, internal sites, email, etc. at least once per quarter. Similarly, passwords should not be obvious; they should be a mix of numbers, upper and lowercase letters and symbols.
  • Consider investing in a password management tool, like LastPass or Sticky Password to help keep track of each of your logins.
  • Don't open unknown email attachments or emails received from an unknown contact address.
  • Install firewalls on all computers associated with your business and adjust the settings for it to automatically update.
  • Shred any confidential information or lock it away for administrator use only.
  • Don't leave personal or confidential information out in the open. Similarly, don't write passwords down on an open notebook or post-it.
  • Restrict access to servers, folders and files to only the employees who need it as part of their job.
  • Never leave your laptops, tablets, mobile devices or other technology unattended. Should your equipment be stolen or left unattended for a prolonged period of time, encourage employee to complete a remote wipe of stored information and data.
  • Implement a workplace policy that requires employees to report stolen equipment immediately so that proper security measures can be taken as soon as possible, which will minimize the threat of stolen information. 
  • Avoid using unsecure wireless internet connections when away from your office. These are often easy targets for hackers.
  • Develop an encryption policy for all employees to follow on their laptops or other tech hardware.
  • Require mobile devices, applications and operating systems to be regularly updated with new releases of software to ensure the latest security features are installed.
  • Require a passcode for mobile devices in which employees are accessing company information on during the work day.
  • Adjust the settings on all mobile devices and laptops to turn on GPS-tracking capabilities.

Download: A Guide to Protecting Your Digital Assets (PDF)>>>