7 Steps To Mitigate Cyber Security Incidents

The risk of a cyber security attack are on the rise.  Last March, a jury awarded Irvine-based lender Mount Olympus Mortgage Company around $25 million in a lawsuit involving stolen loan files, personal information, and other sensitive data. The files were allegedly siphoned by former Mount Olympus Mortgage employees from the firm’s IT systems in Orange County, CA to a competitor in Chicago. 

While Mount Olympus Mortgage was fortunate enough to discover the data breach, identify possible suspects, and eventually get compensated, not all victims of cyber-attacks are as lucky. Some victims fail to detect breaches. And if they do, many of them are unable to recover losses associated with the attack. 

Small businesses are particularly vulnerable to these kinds of attacks because they normally don’t have a dedicated staff or officer in charge of information security. 

We’ve outlined 7 things you can do to minimize the risk of a security breach in your small business: 

1.   Perform onsite and offsite backups

Data backups help minimize the impact of incidents that result in data loss.  

Some examples of such incidents include natural disasters (e.g., fires, floods, earthquakes, hurricanes), stolen hard drives or computers, ransomware attacks, and malware outbreaks.  

If your main datastore is rendered unusable, you can still retrieve the information you need from your backups and continue doing business. 

2. Implement data-in-motion and data-at-rest encryption

Encryption renders information unreadable, preserving confidentiality. 

Strong encryption works to keep attackers at bay and your information safe. It also serves as a safe harbor for breach notification legislations like California S.B. 1386. 

3. Use an updated antivirus

A good antivirus solution can prevent your systems from getting infected by trojans, viruses, worms, ransomware, and other types of malware.  

Some antivirus solutions can detect websites or file attachments that contain malicious code and warn you about it. Just make sure to keep it up to date or your antivirus will not be able to detect and destroy the latest malware. 

4. Do regular software patches and updates

Software patches usually include security updates. These updates are meant to fix known vulnerabilities that existed in previous versions.  

A lot of cyber-attacks exploit known vulnerabilities in order to enter your system, so it’s always a good idea to keep things up to date. 

5. Implement a strict password policy

You probably know this by now—you should never use weak passwords.  

Still, we keep hearing about data breaches involving broken passwords. People just never learn. 

The use of “strong passwords” isn’t the only thing that makes up a good password policy. You also need to incorporate mechanisms that enforce password expiration dates, replacements, notifications, and avoidance of previously used passwords. 

6. Educate and train employees on cyber security best practices

No matter how many cyber security solutions and policies you have, your company’s security depends on how well your staff understands the consequences of disobeying policies or circumventing security countermeasures. 

You need to train them and keep them informed in order to reduce risks and maximize the strength of your cyber security infrastructure.  

7. Establish an cyber security risk plan

In order for these tips to be effective without breaking the bank, you need to have an overarching plan or security program.  

This plan would need to have your security solutions, policies, and procedures working in a cohesive manner. Sometimes hiring an expert is the best way of getting a security plan up and running. 

Highly trained professionals like our cyber security specialists here at BRITECITY can put together a plan tailored for your organization.  

A well-thought-out cyber security plan can bring down your risks to the minimum in the most cost-effective way and who better to help than the experts who know cyber security. 

BRITECITY is an Orange County IT Services firm supporting local businesses in the area of Managed IT Services, Cyber Security, Cloud Services and Strategic IT.