10 Tips to Help You Defend
Your Business from ID Theft
by Mark Pribish, Vice President and ID-Theft Practice Leader at Merchants Information Solutions Inc.
Businesses should take stock in their cybersecurity best practices and commit to new and improved information security and governance practices.
With 2017 upon us, you’re likely reflecting on your business triumphs, challenges, and opportunities over the past year and planning ahead. While doing so, make sure to include cybersecurity best-practice resolutions along with increasing profits, as ID-theft criminals are working hard to take those profits from you.
I encourage every business – especially small- to medium-sized businesses – to take stock of their cybersecurity best practices and commit to new and improved information security and governance practices.
Your resolution – or more importantly, the promise from your business to your employees and customers — is to focus on cybersecurity and cybersecurity risk assessments.
As an employer, you should create a culture of cybersecurity by educating your employees and customers on the common threats to which businesses, employees and customers are exposed and to help provide educational resources for employees and customers to stay safer online.
Whether your business experiences a cyberintrusion, malicious attack or an accidental release of customer or employee information, the lack of cyberpreparedness of your business can be a much greater threat than the data breach event itself.
Based on the above information, here are 10 cybersecurity resolutions that your business needs to complete this year:
Create or update your information-security and governance policy; put it in writing.
Update and test your plan annually. Include penetration testing, along with a simulated data-breach event.
Annual employee education should be the No. 1 priority. Individuals, not hackers, are the cause of most data breaches.
Define the proprietary/sensitive information for your business, confirm which employees need access to it and then train those employees on it. Include coaching on the Internet of Things and Internet safety.
Use at least 14-character passwords including lower and uppercase letters, numbers and signs. Change your passwords every 90 days. A great password tip is to write an easy-to-remember sentence or phrase, such as “I love the AZCardinals!”
Complete regular software updates and patches. Most hacking events leverage old flaws that already have been addressed but proper patches have not been applied.
Emphasize the importance of protecting employees and customers when connecting to the Internet. Do not use public wi-fi except with encryption or over a VPN.
Know about and understand state and federal breach notification laws, which can significantly impact your business.
Determine if every employee, or only those employees with access to proprietary/confidential information, need to be background-screened. Effective pre-employment screening can identify those who intentionally misrepresent their identities.
Your written information security and governance plan should be reviewed and signed on an annual basis by every company employee, regardless of the size of the organization.
Make 2016 a great year for your business, including your cybersecurity best-practice resolutions.
Mark’s most important advice: Protect your business, employees and customers from the negative impacts of ID theft and data-breach events by resolving to be proactive and prepared.
Mark Pribish is Vice President and ID-Theft Practice Leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix.
For more information on how to protect your company from ID theft and data breaches,
please visit our CTiQ SmartIDentity for Business page.