Does Your Small Business Need an Information Warrior?
This article is brought to us by our latest guest blogger and senior underwriting officer, Jeff Portis. Jeff is a senior underwriting officer in Chubb’s Atlanta office. He joined the company in 2000 as a senior underwriter and became involved in underwriting cyber risk insurance in 2007. Find out more via Jeff’s e-mail or LinkedIn account.
In today’s web-oriented economy, almost every small business is charged with managing company and customer data electronically. As data theft, fraud and other cyber-related risks continue to rise, companies need to be ever more vigilant in protecting this information.
Data is not only highly valuable to a company, but could cause major damage to the business if compromised whether in the form of lawsuits from customers that experience identity theft as the result of a breach, first party costs to comply with state notification laws or business interruption expenses. These problems could be the result of a virus or hacker gaining access to IT infrastructure, a malicious corporate insider, a lost laptop, or a third party vendor’s failure to protect records. As a result, more businesses are designating an internal “information warrior” whose chief responsibility is IT security.
The nature of some industries makes them more vulnerable to these exposures than others; medical offices, accounting firms, law firms, financial institutions and other businesses that keep detailed customer records have more to lose in the event of a cyber breach, and are therefore more likely to keep an information warrior on staff. However, even a small retail business that makes credit card transactions or outsources confidential information to third party vendors can face data security issues.
If your small business can’t make room in the budget for hiring its own information warrior to manage and protect company data, below are a few strategies that you can implement starting today:
Take inventory of your data. If your company doesn’t know what data it is responsible for protecting, how can you protect it? Taking a close look at what kind of vital information your company stores electronically is key to maintaining a secure cyber environment.
Invest in resources that will help protect data. An investment in firewall software and data encryption can go a long way. Firewall security provides a protective barrier between your business and the Internet. Encryption is a standard method for protecting data from unauthorized access; consider products that provide central control over encryption keys and failsafe data recovery procedures.
Try the outsourcing route. Small businesses can outsource their information to a data processing/storage organization. In this case, small business owners need to pay close attention to liability concerns in the contract, so that in the event of a breach there is no confusion about who is responsible for issues that result.
Hire a firm to conduct a security audit/risk assessment. Big firms or niche vendors can examine a company’s IT infrastructure and diagnose hazardous cyber territory. This type of audit should ideally be done on an annual basis. In order to identify IT infrastructure weaknesses, you may want to hire a firm to conduct penetration testing whereby they will attempt to “hack” into your system and access information.
Become your own Information Warrior. Adopt the “do-it-yourself” attitude and self-assess. There are many online resources that offer further tips to help protect data and keep you focused on your primary objective which is running your business.
As Chief Operating Officer of wordZXpressed, I oversee the day to day operations, IT and marketing aspects of our business. I continue to serve as Project Manager for EHR/EMR interfaces with our customers as well as other IT functions. I am always interested in migration projects, implementation projects and emerging technologies in the healthcare industry. I am also a BIG fan of social media in business.
