How to protect your business from a cyber attack

How to protect your business from a cyber attack

In the previous part “How to act to a cyber attack”, the steps to take after a cyber attack have been introduced. In this article, we will discuss the procedures and regulations to ensure that your business is protected by external threats. But let’s cut to the chase: we will define those recommended processes that you perform before a breach occurs. One of the first concerns that is very critical is applying “Privacy by Design” (PbD). You should always think about data privacy before starting the data security planning process. Your privacy practices should be made available, easily accessible and understandable. The data controlled by the organization must be accurate, and the end user must have the ability to adjust this data. The consumer should be the only one who can give permission in order to use the data for other purposes. Draft a strong privacy policy or user agreement that thoroughly explains how you will collect, store and use the user's personal data. We notice that when shifting from physical to virtual environments, users are not fully adjusted to that and they might feel insecure sharing their data. Hence, it is very important to build a level trust by providing your reasons of collecting this data.

So, what data?

The important thing is to ask yourself, is all the data that you're collecting really worth storing and protecting? Because, when there is no data, there is nothing to steal! Your one and only goal for having those stored in your database, should be concerning what's best for you and your consumers.

While you have decided which data you would like to keep, ensure that it is protected. Encrypt the sensitive data that you would not want to have exposed when the system is in a vulnerable state, thus in case of an emergency, only useless numbers will be acquired. Additionally, if your company can afford a secure cyber insurance, do not hesitate to buy one. It will reduce the significant cost that can result from data breaches.

Building trust

Another major attribute lies in your employee's data practices. Train and engage them with best practices to protect data and the system. You do not want to see anyone use the word “password” as a password, which happens all too often, as people find it convenient and easy to remember. But without thinking about the consequences... Send out simulated phishing exercises, such as an email pretending to be someone else with some link written. It will help prevent data leaks or the introduction of a virus to the employee’s system in the future.

Come into action!

Last but not least, identify who is on your crisis response team and appoint a spokesperson. Craft a written response plan, know who to call and in what time. Likewise, there are a number of factors you should include in such a response plan:

  • Record the date and time of the incident
  • Alert and activate the team
  • Assess the situation
  • Secure the premises
  • Stop additional data loss
  • Document everything
  • Monitor what’s being said
  • Take accountability
  • Reach out to your audiences
  • Record lessons learned
  • Review protocols and other legal liabilities

Let’s assume that you applied all of the above and you are certain that you are secure. Guess what? You are not! The fact that you always think about privacy, that you have a response plan and that you trained your employees, does not mean that there's no way that your system can be hacked. However, these precautions make it a lot harder. The goal to aim for is maximizing the effort and time it takes for some hacker to break it. As well as knowing how to act in such a case. So, as S. Lover’s Rory O’More had said years ago, “Better safe than sorry”.

Did you miss out on the first part “How to act to a cyber attack”? Read it here!