In today’s modern and ever-connected world, cyber security is more important than ever before. More of our personal information is available online than ever before, and the sharing of it is often so ubiquitous and we don’t even think about just how much flows between us and our computer and various smart devices every single day. Who thinks twice about checking in somewhere on social media or scanning our rewards card at our favourite store? How many commercial emails do you get every day? All those interactions are exchanging personal information, and it’s up to that business to safeguard it. Unfortunately, that often doesn’t happen.
Another thing that is far more common today is data breaches. Everything from an online store accidentally sending an email using the ‘cc’ field so that everyone’s email is exposed to giant breaches, and everything in between—they’re all an everyday occurrence somewhere online. Equifax, one of the world’s largest credit reporting agency, failed to patch a vulnerability once they were informed in March 2017. It stayed that way for six months until in September their database was breached and personal data of up to 147 million people was exposed to hackers. Everything from full names, social security numbers, date of birth, even driver’s license numbers, it was all up for grabs. The penalties for Equifax were severe, having to pay out millions in fines and penalties, plus the loss of reputation meant their entire business nearly went under from just a single breach. If such a large company can be affected, it can happen to anyone, and yet many small businesses are unaware of how to protect and safeguard their customer’s information. If that’s you, the time to learn is now.
The vast majority of bricks and mortar businesses now have a website where they can accept customer enquiries, and many also take payments online. Fully online businesses are also increasing every year. Studies show that ecommerce will expand by 15% every year in the US. Company boards and senior managers are now starting to understand just how important cyber security is and awareness is rising with non-technical staff. Government regulators such as APRA, GDPR, NIST and PCI DSS council now have information helping with the implementation of an information security framework. Government small business departments can also often help with what regulations you need to comply with, such as the privacy act.
Having a cyber security policy in place also gives further benefits than minimising risk. Consumers are becoming increasingly savvy and many look on your website for your information management policies and check your website for basic security before they’ll even consider shopping or contacting you. Many banks are requiring businesses taking payments online to be ISO compliant to use their services. If you submit bids or tenders to government organisations and don’t have all the certifications and standards in place, you’re starting from the back foot and may miss out on being considered altogether.
But getting your own processes in order may not be enough. With ever-increasing connectedness, we are now also all dealing and interacting with more suppliers and third-party service providers than ever before. Often your computer or systems may send information back and forth without a human ever being involved. It may not even you who is the target to be affected by data breaches, but an insecure business that you have a connection with.
Years ago, this used to be able to be done with a security audit for mission-critical suppliers once a year, but this is no longer adequate. With some businesses working with thousands of suppliers, there is now software applications and services available to help expedite the process of light weight third party risk assessment to assess your suppliers for risks with minimal effort involved. Similar to the tender process, this has advantages for you with being able to negotiate with suppliers for a discount or better deal based on their security risk rating.
So, if you haven’t thought much about how your business protects critical information, the time to start is now. From gaining a competitive edge to win more business, meeting compliance requirements of your business partners and regulators to keep the business you have or making your customers feel safe when they engage with your business, good cybersecurity posture has become a must for businesses to grow. When one incident could destroy your entire business, it’s simply not worth the risk. Bring your business up to date and take the first step today toward better cyber security.