As more of our lives and our businesses are conducted online and at a faster pace than ever, we need to slow down to consider what we are doing to safeguard our information.
Is the information we are sending and sharing secure? What kind of network are we on? Can anyone else gain access to our information?
Here are some topics of consideration for businesses both upstream and downstream from yours.
Encryption items
Is your website address secure? Does your website address begin with “https:”? If you need to share files, are they password protected either via a portal or password on the document itself?
SOC Certification
Software service providers, or Software as a Service (SaaS), that go the extra mile to receive their SOC (formerly SSAE 16 and SAS70) certification are organizations that should go to the top of your vetted vendor list. This means that they have organized, developed, tested, audited and been certified by an external firm regarding the safety and security of the services they offer. It’s worth your time to check in with your service providers to see if they or the software they utilize is SOC certified.
Multi-Factor Authentication
This security solution goes above and beyond the standard username and password requirements. Keep your clients’ information more secure by requiring multiple factors in order to access an account online. Multi-Factor Authentication utilizes multiple layers of security before a user can access sensitive information. It generally consists of a combination of 2-3 components of information:
- Something you know (i.e. a pin number, a password, or a security question).
- Something you have (i.e. a bank card, a bank token, a USB token or a mobile device).
- Something you are, also known as inherence factor (i.e. a fingerprint or voice recognition).
We use multi-factor authentication every day without even thinking about it. For example, before making a withdrawal from an ATM machine, we must insert our debit card (something we have) into the ATM machine and key in our pin number (something we know) before the ATM machine will dispense cash.
Cyber Security Insurance
This can be a stand-alone policy or a rider to an existing professional liability business policy. Companies who are required to carry this insurance may have that extra layer of protection from items like viruses, outages, employee error or security breaches. Should a breach occur, the company and clients could be covered depending on the circumstances.
End-User Education
The most secure and locked down firm is only as safe as their least educated or vulnerable employee. Make sure your entire staff is educated on the proper use of email and applications both in the office or working from home. Are they automatically opening attachments and emails? Do they have a line to their IT support in case they see something suspicious? Staff education, as well as a culture of being deliberately safe about where information may be exposed is the best defense against active cyber predators.
When considering security options based on the evaluation of your business operations, remember that team education is extremely important. Safeguarding information is critical in today’s technologically advanced world for your company, clients, and all other contacts.