I spoke at a conference yesterday and I can tell you my flip chart presentation was great. Then I went to the office and told my colleague about people I’ve met and he took notes in a notebook.
Did that sound like an ordinary work day in 2015?
Try changing the words – flip chart into Prezi, told into sent an e-mail to and notebook into iPad. Now it sounds more realistic, right? My point is: if you are running a business or an organization, you are using Internet in some way – you may work online completely, you may use online advertising, or at least you communicate online within the company. And of course, Internet makes our work more productive and can save time and money. But, if you neglect the security of your online work, this may also cost you money, which I know because I’ve seen the numbers in 2014 Cost of Cyber Crime Study.
What is the average costs of cyber crime for companies?
Cyber crimes are becoming more costly. The average cost of cyber crime climbed by more than 9% to reach $12.7 million for companies in the United States, up from 11.6 million in the 2013 study. The average time to resolve a cyber attack is also rising, climbing to 45 days, up from 32 days in 2013. And companies from the U.S. continue to experience the greatest number of cyber attacks and therefore, the greatest losses.
What are the guidelines for companies?
You should secure online presence of your business and take measures to keep your data safe. Let’s look at these guidelines for businesses provided in the latest Internet Security Threat Report:
1. Strategic defense – Safety online is not an ad-hoc issue, so you should put an emphasis on mutually supportive defensive systems (this includes regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network).
2. Alarm systems – Preventing/solving problems could be easier if you monitor for network incursion attempts, vulnerabilities and brand abuse online.
3. Websites security leading to customers’ security – Relationships with customers need to be cherished and therefore you should: scan your website daily for malware, set the secure flag for all session cookies, implement on SSL and display trust marks on visible places on your website to show your customers how devoted you are to their security.
4. Electronic passports – Your digital certificate should be from a trustworthy certificate authority.
5. Encrypted data – Make sure that you use encryption for any kind of sensitive data, especially customer data. This helps with prevention of data breaches but can also ease the damage caused by data leaks from the organization.
6. Update, update – Make sure that your virus and intrusion prevention definitions are always updated by using automatic update mechanisms.
7. Your password should contain… – You need to have rules about passwords of users/employees, and encourage them not to use the same ones for different websites. They should also change their passwords regularly, at least every 90 days.
8. Backups – All important systems should have regular backup mechanisms.
9. Do not download that attachment – Mail servers should be arranged to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files.
10. Educate employees – Even with your defense systems at place, you still need to educate your employees on online security issues as they are most directly involved and possibly affected.
These are just some of the tips you should take into account, so I would advise to take a look at the sources for some more detailed information.
Could I maybe test how much it would cost my company?
Indeed, you can assess your company risk HERE. It is a tool based on the findings of 2014 Cost of Cyber Crime Study and it is useful to see are you at risk and how much it would cost your company if your data got breached. Additionally, questions they ask may provide you with additional guidelines on safe online presence which will improve your planning and strategic thinking about security.
You can find out more about online threats in my previous blog post about cyber crime, and make sure that you follow our blog – we will be providing more useful tips because we want you to take control over your online presence (both at home and in the office)!