Cybersecurity conversations have gotten way too complicated and expensive. The truth is most companies can radically increase their security with no cost, or very low cost solutions that protect the company, investors, employees, and customers from the majority of attacks that have brought down many other companies. For CFOs and other company leaders wary of expense and complexity, the following are no-cost solutions that can be implemented relatively simply in days or weeks. For those whose strategy is to “hope” that anonymity affords sufficient protection, be aware that the likelihood of a breach at your company is increasing this year, as are the costs of remediation and the amount of litigation your company will endure.
Two Factor Authentication for Access
80% of breaches would not have occurred- or would have required more intensive effort by the hackers--if the victim had employed multi-factor authentication. (Verizon Data Breach Investigation Report)
Two factor authentication would require a hacker who has gained access to your password to also enter a one-time text, or other code, sent to your cell phone or some other device.
Cost Example: Free with Gmail
Secure Virtual Data Room with Two Factor Authentication: Permission Based Access
18% of cyber security incidents are caused by accidental or purposeful breaches due to insider access or misuse of information.
Permission-based access, in conjunction with View Only No Download options, limits the number of people with access to key information, such as HR files, financial data, contracts, trade secrets, bid amounts, etc. And View Only No Download ensures that stolen, lost, or breached computers don’t have sensitive information on them.
Cost Example: SecureDocs ($200/mo. Paid Annually)
LastPass with 2 Factor Authentication for Better Password Protection
Over 60% of people use the same password on more than one site. Hackers commonly enjoy high rates of success through tricking users into sharing credentialing on one site and then applying the information to many other potential sites.
LastPass helps you automatically create unique complex passwords and auto fills them for you.
Two Factor Authentication is a must with Lastpass. Without it you can expose all passwords to a hacker who succeeds in stealing your Lastpass password. Two factor authentication ensures that the hacker can’t get in with just a password.
Cost Example: Free Download from LastPass
These solutions won’t protect you from all cyber attacks, but they substantially raise the difficulty level for hackers, who will find their time better spent on companies that haven’t taken such steps to secure their information.
Consequences for Companies and Company Leadership Increasing
If you think you can get away with “hoping” your midsized company will be anonymous to hackers, think again. 62% of reported breaches were at midsized companies. Your HR data is a liquid commodity on the black market. There’s standard pricing for stolen credit cards, social security information, medical information and identification information. For the more sophisticated hacker, they increasingly target C-Level executives, grab passwords, and credentials, and successfully monetize non-public information they read accessing company leaders’ emails on M&A activity, FDA approvals, earnings, etc… any forward looking information that can be monetized on the stock market. If you have something of value, you should expect hackers will attempt to steal it and trade it for money.
Companies Held Accountable for Data Breaches
If that isn’t enough incentive, consider this: employees and consumers are suing companies for not properly protecting their private information. In addition to losing 100s of millions, Target has set aside $10MM as compensation for consumers most affected by the breach, and Sony faces multiple lawsuits from past employees who have had their social security, medical, and salary history breached.
Companies will be attacked, that’s the bad news. The good news is that there are no cost, and near no cost solutions that will protect companies from the primary methods employed by hackers.