United States e-commerce sales topped $146 billion in the second quarter of 2019, according to the U.S. Department of Commerce.1
The rise of the online marketplace has moved in lockstep with the explosive growth of the internet over the past two and a half decades: Google now receives more than 5.5 billion searches a day2 and an average of one million new users gain access to the internet every 24 hours.3
The numbers are staggering and present a stark reality for business owners: adapt online or struggle to survive.
It is now clear, though, that a major component of online business success is the ability to prioritize cybersecurity and safety – the U.S will account for half of all breached data in the world by 2023, when an estimated 33 billion records will be stolen by cybercriminals.4
In a recent survey of business decision makers, only 37 percent expressed cyber risk as their top business concern.5 Here are three ways you can start prioritizing cybersecurity in your organization.
Build a Security-Aware Organization
Cybersecurity isn’t simply about having the right preventative technology in place – it requires the awareness and participation of everyone within an organization. A security-aware organization has the following key components in place:
- A written information security plan. This plan should identify the organization’s security policies, goals and priorities. It should also include policies for network security and use of company email, social media, and the Internet. Many state regulators request written information security plans when investigating organizations that have experienced a security breach.
- An inventory of the business’s core assets and sensitive data. Identify where this information is stored and who within the organization has the authority to access it.
- Access control. Limit access to computers, company networks and confidential data to only those who require it.
- Employee training programs. Employee training on basic security practices and policies is essential.
Establish Security Safeguards
The following baseline measures are recommended to help safeguard business’s sensitive data:
- Password protection and authentication controls. Passwords are the primary means for controlling access to sensitive data resources. Change passwords regularly and consider multi-factor authentication.
- Be suspicious of unexpected emails. Phishing emails are designed to gain information or install malware on a device. Businesses should educate employees on the dangers of opening unexpected emails.6
- VPN (virtual private network) for remote access. For organizations with remote users, VPN provides a secure channel through the Internet to the organization’s private network.
- Vendor security. Businesses need assurance that any vendors with which they share company information makes security a priority.
Prepare for the Worst
A security breach is a near certainty for businesses today. For businesses of all sizes, preparedness is key to surviving the fallout.
An incident response plan (IRP) prescribes the way a business will respond to and manage the effects of a security attack. An IRP should include the following components:
- Identification of an incident response team
- Clear delineating of possible incidents and how to identify and contain them
- Procedures for eradicating the root cause of the attack, restoring data and software, and monitoring systems for any remaining signs of weakness.
Role of Insurance
Even with a solid security plan in place, your business can still be a victim of a costly cyber attack. Consider purchasing cyber liability coverage to protect your business - for more information, contact an agent from The Hartford, or visit our CyberChoice First Response product page. For technology focused businesses, please visit the FailSafe technology E&O site.
As a policyholder of The Hartford, your organization has access to cybersecurity services and resources, including The Hartford’s Cyber Breach Helpline and CyberChoice First Responders, as well as employee training and education to help reduce your organization’s risk while ensuring delivery of its critical services. Visit The Hartford Cyber Center to learn more.
1 https://www.census.gov/retail/mrts/www/data/pdf/ec_current.pdf
2 https://searchengineland.com/google-now-handles-2-999-trillion-searches-per-year-250247
3 https://datareportal.com/reports/digital-2019-global-digital-overview
4 https://us.norton.com/internetsecurity-emerging-threats-10-facts-about-todays-cybersecurity-landscape-that- you-should-know.html
5 2019 Decision Maker 1H Pulse Survey
6 https://www.us-cert.gov/ncas/tips/ST04-003
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford does not control or review these sites nor does the provision of any link imply an endorsement or association of such non-Hartford sites. The Hartford is not responsible for and makes no representation or warranty regarding the contents, completeness or accuracy or security of any materials on such sites. If you decide to access such non-Hartford sites, you do so at your own risk.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at https://www.thehartford.com.