[BreachExchange] How to Cope With a Security Breach in Your Business

[Audrey McNeil]

http://www.intelligenthq.com/resources/how-to-cope-with-a-
security-breach-in-your-business/

Security concerns should be a number one priority for businesses of any
size. Larger, successful companies take security extremely seriously, as
they know that a major breach could cost them dearly. Arguably, they would
not have been so successful had they not taken matters of security
seriously from day one.

Smaller businesses, however, often neglect security concerns for a number
of reasons. Implementing security measures can be costly when you are still
trying to get your company up and running. You may feel at this early stage
that you have little to lose and nothing worth stealing. This is a mistake,
as computer hackers frequently target small businesses. Even if all they
make off with is your personal information this can be very valuable to
them and very damaging to you.

Why security matters

Security is extremely important in every business. It is a question of
controlling both your physical environment and protecting the information
you handle. If either one is breached, as well as facing possibly
significant financial losses you may find your ability to run your business
is compromised, due to damage to buildings, equipment or computer systems.
The damage to your company’s reputation should also be considered. If a
business is seen to be slapdash about security then many will wonder
whether it can be trusted to operate professionally in other ways.
Customers will also be wary of using your services if they feel their
personal or financial information is at risk, or if the company is
vulnerable.

Growing concerns

The major security issues facing businesses have changed dramatically over
the past twenty to thirty years. IT and cyber-security breaches are a
still-growing concern as these are extremely difficult to effectively
block. In 2014, Sony Entertainment was hacked and lost over 100 terabytes
of data. Four films were stolen and released to file-sharing websites,
along with unpublished scripts and marketing plans. Just as worryingly,
employees’ and ex-employees’ social security numbers and passport details
were stolen; however, experts said that Sony’s security wasn’t lax – anyone
could have fallen victim to a similar attack.

In 2011, Sony PlayStation was hacked and over 100m users had their personal
details and passwords compromised. Similar attacks hit eBay in 2014 and
Adobe in 2015.

Secure premises

However, while cyber-security attracts the headlines, risks to businesses’
physical premises have not gone away. Office, storage and retail premises
are still targeted for theft and vandalism, and need to be protected with
the latest security systems. Again, small businesses are particularly
vulnerable in this regard. It’s estimated that £20.75 billion worth of
physical security products were sold worldwide in 2015. 54% of these were
video surveillance products, worth £11.18bn. 23.5% (4.87bn) were intruder
alarms, while 22.5% were access control, worth £4.67bn. With a growth of 8%
predicted in 2016, the entire market is expected to be worth nearly £32bn
by 2020.

Break-ins

The most obvious form of security breach is a physical break-in, usually
with the intention of theft. To prevent this from occurring, make sure that
all doors, windows and other entry points are secure and fitted with strong
locks. These should be changed regularly, and key access should be strictly
controlled. Pay particular attention to emergency exits, as these are often
overlooked. Would-be intruders frequently target them because they are out
of public sight. If these are breached, contact a company that specialises
in emergency door repairs as a standard firm may not have the knowledge and
expertise to do the job correctly.

Inside job

One of the most difficult security breaches to guard against is the inside
job. This is where a disgruntled employee or someone else with intimate
access to the premises attempts to rob or compromise your business. One
solution is strict vetting of employees. In certain cases regular mandatory
drug testing may also help to identify problem staff. Internal CCTV is
vital in capturing evidence of wrongdoing or suspicious behaviour. In all
cases, however, the company must tread a fine line between maintaining
internal security and snooping on employees.

Cyber attacks

Cyber-attacks come in many forms, including malware, viruses, Trojans and
so on. Common methods include phishing; password attacks and distributed
denial of service (DDoS), when a company’s server is intentionally
overloaded with requests in order to shut it down.

Strong firewalls and anti-virus software are essential first lines of
defence in the war against cyber-criminals. Beyond these, you should
consider encryption software and two-step authentication for internal and
sensitive programmes. Your software should be kept up to date and passwords
should be changed regularly. Educate your employees on the risks posed by
cyber-attacks and make sure your company has a consistent incident response
strategy in place. If you are not sure where to begin, there are companies
that specialise in risk assessment who will help you to build up your
defences.

Defence strategy

With cyber-attacks alone costing British businesses over £34bn a year,
security is certainly an area that companies need to take a closer look at.
An overall strategy needs to be developed to coordinate physical and online
security, as well as having a clear protocol to follow should a breach
occur. Adequate security is not cheap, and unless a plan is in place before
money is spent then your company will not see the full benefits of the
equipment purchased.

Security is about protecting your company’s interests and reputation. You
are also responsible for any sensitive data that your customers and clients
have entrusted you with. If your security lets you down, in addition to
your own losses you could be held legally accountable for any loss or
damage suffered by a third party. In extreme cases, the damage to your
company’s reputation could be irreparable, not to mention the financial
costs that may be incurred in compensation.

It may never be possible to be 100% protected against security breaches.
Every business needs to be prepared for the worst, but part of this
preparation is doing everything you can to stop the breach occurring.
Beyond that, immediate and effective damage limitation is vital. How you
cope with an attack says as much about your company’s integrity as what you
did to stop it happening in the first place.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160906/4a860aaa/attachment.html>