Can Your Clients Trust You with Their Data? Six Cybersecurity Best Practices
If you were your own customer, would you be happy with the level of data protection you were given?
A 2019 global risk management survey by AON (registration required) noted that banks, government agencies, healthcare, insurance and tech industries all consider cyberattacks and data breaches the No. 1 risk they face. In 2018, the average cost of a data breach was $3.86 million—a number that grew to $4.24 million in 2021.
The pandemic ushered in a new era for remote working. While firms in tech have not been strangers to working from home, many industries that were inflexible on the issue pre-2020 had to quickly adapt to remote practices. Technology has presented a great opportunity, but, as many are discovering, it brings greater risk.
In 2021, we saw the highest number of recorded data breaches. The Identity Theft Resource Center’s 2021 Data Breach Report said there were 1,862 breaches last year, up 68% from 2020. With this in mind, I believe leaders should be looking at what to do when they encounter a cyberattack, not if.
So, how can you secure your remote workers or clients who connect to your network? I’m on the advisory board of a company that specializes in securing payments and payment compliance, and I’m also taking measures in my own company and life to protect my family and identity after experiencing hackers’ attempts to obtain my personal information. Through these experiences, I’ve learned a few ways companies can begin securing their remote teams.
1. Make Cybersecurity a Top-down Strategy.
Building a culture of cybersecurity, establishing secure systems and providing continuous monitoring are the keys to protecting your systems and data. The hackers’ game is strong, and you need commitment from the top in order to protect the data with which you are entrusted. Your IT security is a governance issue, rather than a “technology problem.” There are many solutions, but the most effective strategy begins with building a culture of safety.
2. Know the Law and do Better.
In 2018, the European Union implemented the General Data Protection Regulation, the “toughest privacy and security law in the world.” Although the GDPR is an EU law, it imposes obligations on companies anywhere if they target or collect data that applies to people in the EU. As many organizations have a global presence and see privacy advocacy headed in the same direction, they can stay ahead of the curve by being compliant with the strictest guidelines. I believe it is better to be more secure than do the current legal minimum and be vulnerable.
3. Enforce your Remote Security Policy.
Your systems are only as secure as your least safety-conscious colleague. Data security is everyone’s responsibility. Today’s workforce sees global enterprises working around the clock and staying logged in as they work from home or work on the road. Multiple devices, internet access points and servers provide potential channels for hackers to find flaws in your system.
Enforcing policy goes beyond requiring a strong password. You can discourage employees from using public Wi-Fi. Security fixes and patches should routinely and promptly be pushed to all users, documented and automated where possible. If you show your teams that you are serious about mitigating risk, it will become part of your organizational culture.
4. Consider Your Bring-your-own-device Policy.
Allowing team members to use their personal devices comes with inherent risk. Your assets are now vulnerable to apps and software installed on those devices. When your colleagues check company emails or connect to a server from a personal device, you increase your overall risk. There are a few ways you can minimize your risk.
- Encrypted virtual private networks can be used whenever personal devices are being used for work purposes.
- Provide training on how to change security settings on personal devices to appropriate levels.
- Provide the latest firewalls, cybersecurity apps and antivirus software for relevant operating systems. Push updates and patches as they become available.
- Provide multifactor authentication to deter unauthorized third-party access.
- Manage user privileges to minimize the damage from potential attacks.
6. Secure your Information and Train your Workforce.
Many breaches happen when an unsuspecting employee clicks on a malicious link in an email or is tricked into giving login credentials (commonly known as phishing). Despite the advances in technology and security, these emails are often sophisticated and can seem trustworthy. However, malicious links and attachments can contain malware.
Train your employees on risks, encryption tools, protocols for sharing company information (with specialized training for sensitive data controllers), and to take cyber threats seriously.
If you haven’t already done so (or you haven’t done one in a while), perform a fire drill where you simulate various potential scenarios during a cyberattack. The Harvard Business Review shared a useful article on how to perform a fire drill to expose your weaknesses and help you to develop a plan of action in the case of an attack.
Success is proactively keeping your customer information safe and secure.
You can also read this article at Forbes Council.
About the Author:
Emilia D’Anzica, Founder, Author, Growth Molecules™
Emilia has personally onboarded 1000s of customers in her 20+ year career and is an early Customer Success Manager in SaaS. She has held every title in customer success ranging from Support Manager to Chief Customer Officer. She believes that customer onboarding sets the trajectory for churn or growth. After helping companies like WalkMe experience exponential growth, she is now helping companies build teams, processes, and systems to scale. Emilia holds an MBA from Saint Mary’s College of California and a dual BA from the University of British Columbia. She is also PMP, and Scrum certified. She is the co-author of Pressing ON as a Tech Mom.