Business Insider

Your company’s IT department cannot provide cybersecurity by itself. 4 steps to take

By Brad Frazer

There is much talk in the press and social media about cybersecurity. In general, the term means protecting digital information stored on a computer connected to the internet.

Before most computers were connected, cybersecurity meant locking the front door on the way out of the office. Now, your information — and your customers’ — is subject to attack and theft through a host of new means made possible by your internet connection.

Most cybersecurity experts agree it is almost impossible to fully protect your company against a hack — also called an incursion or cyberattack. Your IT department probably has spent hundreds or thousands of hours trying to protect your company against such an event. While addressing the IT aspects of a possible incursion is important, there are even more elements a cyber-prepared company should consider. Here are four:

1. Most hacks occur through “social-engineering hacking.” For example, a person who is hired acts as an agent for a competitor or foreign government to obtain passwords and other means of computer access. Be aware of this possibility in your hiring and screening practices. Have good employee policies and contracts to address a possible social-engineering hack.

2. Know your regulatory and business environment. Companies that store a lot of personally identifiable information, or PII, such as credit-card and Social Security numbers, are more likely to be the target of a hack.

3. Choose your cloud vendor carefully. As more businesses move their data to the cloud, it is important to select a cloud vendor that offers good warranties in its services contract and that has demonstrably robust security practices.

4. Cybersecurity must be a top-down priority. It is not just an IT problem. From the C-suite down, all hands must be aware of security and work to protect company and customer data. This includes being careful with phones, tablets, flash drives and passwords. It also includes adequate cyberinsurance in case of a hack.

Proactive attention to these matters will help prevent and mitigate a cyberincident at your company.

Brad Frazer, a presenter at the Idaho Technology Council CyberSecurity event, is a partner at Hawley Troxell, where he practices internet and intellectual property law. This column appears in the April 19-May 16, 2017, edition of the Idaho Statesman’s Business Insider magazine. Click here for the Statesman’s e-edition, which includes Business Insider (subscription required).

Related stories from Idaho Statesman