Why should a company invest in cybersecurity?

Digital coding on black computer background

Image: Joffi/Pixabay

Why is a data destruction company writing a blog post about cybersecurity? Because your data is our responsibility. You might not think that your online security has anything to do with your offline security, but they actually go hand in hand.  Did you know that 65% of small businesses fail after a cyberattack? In larger businesses, the financial losses are staggering with the average data breach costing $1.3 million. So, what can your organization do to make sure its cybersecurity plan is healthy?

Know Your Cybersecurity Plan

Do you have one or two key people in your organization that understand your company’s response if a data breach or business identity theft has occurred? Have you done employee education on a larger scale, so every employee knows how to report an incident? Employee education is key because cybercrimes are no longer limited to large corporations, and attacks come in all forms like phishing, malware/ransomware, business identity theft and more. Plus, they’re only becoming increasingly advanced. It might seem basic, but having your employees understand that they need to keep their software up to date and make someone aware when their anti-virus expires if it’s not implemented at a corporate level are two, small steps to keep your company safer from hackers.

Know where your information is stored, and who has access

Do you keep backup files on site? Do you have cloud storage? Do you know who has access to all these files? Knowing where your information is being stored, who has access, and knowing where to go when there’s a data loss is critical information. Yet, there are many companies where only one or two people know what is happening with the company’s data. In reality, having one or two people know where the data is stored and how to access it is not a bad thing, however, if they both happen to be on vacation during a crisis, you’ll have people scrambling to get your company through a crisis. Consider the “Rule of Three.” The “Rule of Three” means you have three independent copies of your data. You should store two of them on different types of media, and store one offsite. Consider the same parameters for how many people have access to your entire data catalogue.

Additionally, do you know how employees working remotely access your network? Do they access your network? Make sure you’re using secure networks and proper password protection on important programs and files. Unfortunately, there are many ways for hackers to gain access to your network through remote connections, just a few are listed here.

Know what you’re doing with your customer data

With the GDPR (General Data Protection Regulation) going in to affect earlier in 2018, knowing how you’re using data about your customers and being transparent with them about how their data is being used is critical. You might be saying, “Oh, the GDPR thing is something happening in Europe.” But in reality, do you know how many of your customers have locations in the EU? Has your company audited whether or not it’s in compliance with GDPR at a very basic level?  For instance, do you allow customers to opt with an obvious “Unsubscribe” link on each e-newsletter you send monthly? For steps you can take to get complaint with GDPR, check out this article. Believe it or not, insuring that all materials with customer information on it is securely destroyed is one step you can take to becoming GDPR complaint.

Why it matters

At Shred Right, we’ve taken measures to boost our cybersecurity because protecting information isn’t just what we do on a regular basis, it’s also part of being in a highly connected world. Cybersecurity is a necessity for all businesses that regularly use technology, not just companies that manage IT or process e-commerce sales. If you use email to connect with clients and vendors, run social media accounts for your business, or have a website or database, it should apply to you, too.

Sometimes, it may not be your new technology that you have to worry about. Improper disposal of old computers or data storage devices, like CDs or hard drives, can leave your business at risk as well. Information thieves can retrieve data from electronics, even if you think you may have deleted everything that’s a liability. Destroying devices you no longer need ensures that any accounts or linked files you’ve connected to those devices can’t be accessed using that device. Shredding your electronic waste will benefit you and your business by leaving you with the peace of mind that your stored data cannot be stolen or copied.

If you have further questions on the importance of protecting your information, or are interested in setting up an appointment with us for proper IT destructionfill out our form and let us know how we can help.