Don’t take risks with your company data. The data you collect can be just as valuable as the physical assets of your business.
Information is powerful, and in the world of mergers and acquisitions it is essential that company information is managed with great care. Consequently, the data compiled, analyzed, and shared needs to be controlled and protected. For financial advisory services, maintaining chain of custody is especially important, because data integrity is the lifeblood of any successful financial transaction.
To successfully complete any type of middle-market business transaction, the business owner must provide potential investors with solid, secure company data. Reliable data is necessary to prove the current and future value of a company, and savvy investors demand it. At the same time, business owners must demonstrate that company data is as accurate as possible and not susceptible to data breaches or cyber threats. Without data security, any potential deal could be jeopardized.
We have all heard or read about data security breaches at national retail stores like Target, Verizon, JC Penney, PF Chang’s, and Neiman Marcus. However, corporate data is also stolen from thousands of middle-market companies every year and this news rarely makes the headlines. Often, this data is sold to competitors or even sold back to the company in a cyber-extortion scheme.
There is even a new malware called Ransomware. Cyber-criminals using Ransonmware don’t steal your data, however, they do threaten to destroy company data unless the criminal’s demands are met.
News organizations have reported that: MasterCard, Visa, PayPal, Sony and even the Chinese stock exchange have all be hit by Denial of Service Attacks or DDoS. Companies receive an advance warning that a DDoS attack will target their site unless they pay to stop it. If payment is not made, the DDoS attack brings down the website. A February 2014 Corero report[i] shows that 40 percent of companies are not prepared for a DDoS attack.
Cyber extortion can damage your company in several ways including:
- damage to reputation.
- breach of confidential information.
- loss of customers.
- loss of revenue.
The release or threat to release confidential information is another cyber-weapon. Imagine a healthcare company threatened by cybercriminals threatening to expose client medical records online. Should they pay the blackmailer? In these cases the company being threatened may be reluctant to report the crime, because they do not want the public or its customers to know there was a data breach. These crimes are also difficult to investigate because they occur across various state or international borders, leaving a victim with little recourse.
So, how secure is your company’s data? The good news is there are simple, cost-effective steps you can take to protect valuable corporate data. Following are some lessons and strategies from the field to help you gauge and adjust your company’s data security in order to successfully complete a middle-market business transaction.
1. Establish and enforce a proven password strategy.
Use fairly complex passwords and change those passwords at least every 90 days. Never use simple passwords like “Password01” or “Admin1″.” Microsoft-based network Active Directory will allow you to override the recommended password protocols. (If you are not required to change your password every quarter, this feature may have been turned off.)
2. Use a secure backup plan.
This should already be a key part of your IT strategy. Secure backups help you survive everything from accidental file deletion to a destruction of systems caused by a hurricane. Those same backups can also help you survive cyber blackmail. If a cyber-criminal threatens to delete your data, you can have it back online almost immediately using your backup system. As a best practice, backup data should be stored in a secure, remote location away from your primary place of business. This protects your data from both physical and cyber threats.
3. Purchase some protection.
There are numerous, proven vendors that can provide firewalls, malware blocking, spam filtering, phishing blocking, virus protection and intrusion detection software. These companies specialize in network protection and can provide data security that meets the needs and budgets of most businesses.
4. Create a security culture in your company.
Ultimately, everyone who has a user name and password is responsible for keeping company data secure. Periodically remind your managers and employees that it is important to the company’s future that they do not share login information. Encourage them to be more vigilant with securing their passwords. Writing passwords on a sticky note placed under a keyboard or saved in a file on a computer should be prohibited. Take internal data security protocols seriously. A 2013 Coreo study revealed that 43% of networks hacked were attacked using information criminals secured inside the company.
Don’t take risks with your company’s data. The data you collect can be just as valuable as the physical assets of your business. Your company can’t function efficiently or safely without it, and you definitely can’t sell your business or secure growth capital without a secure data management plan in place. Just as you wouldn’t leave the doors to your warehouse or office unlocked, you shouldn’t leave the door open for cybercriminals either. Take steps to protect your data and your company’s future today.
[i] DDoS Attacks Advancing and Enduring: A SANS Survey, published February 2014 sponsored by Corero Network Security.