HONOLULU (HawaiiNewsNow) - With October being National Cyber Security Awareness Month, it seems like every other week brings another news story about a business being hacked, with related warnings to customers about their private information being compromised. But there's more intangible fallout for businesses, revolving around the damage to a company's reputation. It's nearly impossible to fully insulate a business from cyber attacks, but they can take steps to make it more difficult, and also guard against such an event.
Virtually every business has data on clients, employees, and others that can be stolen, electronically "hacked," or lost through accidental or inadvertent release. Concerns about data breaches are so great that the state of Hawaii has enacted laws that require business owners to notify affected persons. There is also legislation with similar mandates proposed at the federal level. Beyond these requirements, a business with a data breach needs to protect its reputation.
Over one-third of organizations globally that experience a cyber attack in 2016 registered a revenue loss of more than 20 percent, according to a new report by networking giant Cisco. More than 50 percent of organizations faced public scrutiny after a security breach, the report added. A majority of Americans (64%) in 2015 have personally experience a major data breach and Hawaii's annual reported losses from cyber-crime are nearly $2.5 million.
Some of the primary causes of cyber-attacks include: Employee or contractor mistakes (52 percent), lost or stolen laptops, smart phones, tablets and storage media such as USBs and backup drives (42 percent), and procedural mistakes (38 percent).
With companies hardening their networks against potential cyber-attacks, the latest trend by hackers is going after employees via deceptive e-mails Businesses, employees and even general computer users need to be careful about scams that would allow hackers to plant malware in your computer and computer systems. Employers should train employees on not responding to phishing e-mails and links, as well as some that appear like they may be company correspondence.
With the upcoming holiday season, major events, and even the latest natural disasters in which donations are being solicited, employees need to careful in responding to certain e-mails. When a company laptop or phone with sensitive work information is lost, the employee should report it right away. Having the company provide employees with secured or encoded flash drives so even when it becomes lost, it may be more difficult to access confidential information.
Only 33 percent of small businesses notified people that their personal information had been lost or stolen. Concerns about data breaches that most state laws require business owners to notify affected customers or clients. Businesses must be able to notify all parties affected by a breach, effectively communicate the scope of the possible damage, provide credit monitoring assistance, and provide identity restoration case management to those affected by the breach.
Some insurance companies, like DTRIC, have liability coverage to protect businesses, which can be added at a reasonable fee atop the main policy. This includes coverage costs of recovering from a computer attack. Broad protection on network liability claims including: Outside legal counsel, Forensic IT review, and Identity restoration services to affected individuals.