As our lives have become increasingly dependent on technology, virtually all personal and business data is kept on internet-connected platforms, which can become a gold mine for bad actors. 94% of organizations have experienced insider data breaches—whether by human error or malicious intent—in the last year (Businesswire).1
Although media coverage of cyber attacks focuses on enterprise organizations, small- and medium-size businesses also face significant risk. In fact, most SMBs exist without an adequate cyber risk management strategy—if they have one at all.
At Trava, we hear many reasons why:
“Our virus protection should be sufficient.”
“SaaS vendors’ protection should be adequate.”
“The IT team (or sole IT person) will get to it…eventually.”
“Cyber security is just too complicated.”
But it’s simpler than you might think. This four-part series delineates the essential components of a cyber risk management program, from assessment through mitigation and maintenance. It also provides useful tools and offers step-by-step guidance to choosing and implementing the right cyber risk management program.
The following 10 questions are a great place to start. Not sure of an answer? Then there’s no better time to connect with colleagues to learn more about where your company stands when it comes to protecting from cyber risk.
1. Do we have a formal cybersecurity program in place?
If not, it is an imperative first step. For SaaS companies, this infographic is a great place to start: Top 10 Things Every SaaS Company Should Do to Protect Their Data (Download the infographic.)
2. Is our team ready for a cyber attack?
If not everyone in your company has been trained to follow smart, strategic protocols, this will be your biggest weakness, since most cyber attacks occur due to mistakes made by people, not technology.1
3. How is organizational data currently safeguarded?
Determine which, if any, protective measures are in place when data is stored or in transit, and if current safeguards are strong or robust enough. (Not sure how to gauge their strength? Consult a cyber security firm like Trava for guidance.)
4. What credentials and authentication protocols are in place?
And how often are we auditing them? Assess who has privileged accounts—those that can give or remove permissions—and update protocols for deactivating access credentials of former employees.
5. Have we had enterprise customers ask us to fill out a security questionnaire?
Did we know what to do? Did we lose the client as a result? More and more, enterprise customers are requiring companies they do business with to prove compliance with data security protocols.