By Calvin Weeks & Brett Johnson, Eide Bailly Cyber Forensic Services
Data breaches are a constant threat to any business, regardless of size, industry or length of time in business. All you have to do is pick up the newspaper on an almost daily basis to see new articles about a hack.
Many businesses think it can’t happen to them (and we’re guessing you might be one of them). But the ugly truth is, it can and most businesses are not prepared to handle the costs associated with a data breach. Don’t believe us? Enterprisetech.com estimates the average cost of a data breach will exceed $150 million by 2020.
That’s a tough pill to swallow when you’ve just started, or are just getting going. So what can you do to help manage your cyber security risk? Below are a few recommendations:
Let’s start with the true goal of cyber security … to prevent an incident or breach from occurring. Here are a few steps to make that happen:
- Establish a budget in order to implement security measures. Many of these do not have to break the bank, but are necessary for prevention.
- Create a culture where there is an awareness of cyber risk, as well as best practices to follow to help prevent it.
- Have a third party assess your current risks. Sometimes you need to step away and let someone else take a look at your blind spots and ways you can improve. A third party assessment will allow you to prioritize tasks and implement a strategy for prevention.
You can’t just prevent all cyber security attacks from happening. So it’s important to have a detection plan in place in case there is an attempt on any of your systems. Most incidents begin with events that appear on systems and network logs. If your people learn to identify events from these sources, as well as the necessary steps to take (if need be), you’ll be one step closer to actively preventing a full security breach.
- Use a third party for incident response assessments, as well as regular compliance.
- Use internal IT staff for continuity and recovery as the incident occurs.
- Use a third party to manage the incident response and conduct the investigation.
- Make sure you’re responding to a cyber security incident in real time.
By applying these steps, you can create a more holistic approach to dealing with cyber security threats. It’s not fun by any means, but it’s necessary to ensure the protection of the business you worked so hard to build.
A version of this article first appeared on Eide Bailly’s website.