Today Marriott reported one of the largest data breaches in history in their Starwood properties reservation system that may have exposed personal information of up to 500 million guests. The hacked information included guest names, passport information, credit card numbers, addresses, and travel details. This is a lot of sensitive private data.
There were other recent large company cyber attacks. For example, on November 9th, Dell says it detected a data breach incident in which the attackers accessed customer names, email addresses and passwords and on October 31st, Dunkin Donuts reported that customer names, email addresses and DD Perks accounts were accessed by the cyber criminals.
Data breaches are on the increase and too often making headline news.
The increasing frequency, sophistication, and ever-changing nature of cyber intrusions and data breaches continually challenge an organizations’ information technology, security and risk management teams and cause major business disruptions, public release of confidential information, reputational damage, and other negative financial and operational impacts.
Every business, no matter how large or small, needs to develop a cybersecurity program to counteract the endless stream of cyber threats. No business is too small to be a target, and as reported in today’s news about Marriott, no business is too big to be unaffected by a cyber attack.
Small businesses are also susceptible to data breaches because they often lack the technical resources or in-house IT staff to prevent attacks on their networks and systems.
Creating an effective cybersecurity program can address many of the cyber threats faced by businesses. Here are some recommendations in creating a cybersecurity program:
1) Assess Your Data: Conduct a Thorough Audit of Your Cybersecurity Assets and Policies
Before you can start creating a cybersecurity program, you first need to know what assets need protection.
Audits help organizations to focus on the critical security and compliance risks that impact the bottom line of their operations. Identify where data resides and where the breach vulnerabilities are to protect your business’ information assets.
In addition to auditing your cybersecurity assets, it’s important to review your company’s cybersecurity policies and make adjustments as needed. If your business does not have cybersecurity policies, they need to be developed and employees trained on cybersecurity do’s and don’ts.
2) Implement Your Cybersecurity Program
After you assess your data, you need to develop and implement the cybersecurity program and you will need personnel to implement the plan. This is where building your IT security team becomes necessary.
However, building a team of cybersecurity experts can be time consuming and expensive. An experienced security pro’s annual salary often exceeds $100k+ per year and you may need multiple security personnel to tackle the threats that your business faces 24/7.
When building your IT security team, consider the following: