Whether they are marketing their products or services, getting orders from customers by email or through web order forms, or simply doing research on their line of business, the Internet has been a game-changer for all businesses. If you aren’t using the Internet in some fashion, you can pretty much guarantee that your competition is. You can also guarantee that your customers and prospective customers are. If you’re not there in some way for them to find or interact with you, they’ll simply move on to someone else they can find online. Being part of the global digital workplace isn’t an option anymore. For 99.9% of all businesses, it’s a necessity to survive and thrive.

Every company will deal with some type of cybersecurity incident at some point, but how that incident impacts your business is entirely up to you. There are two approaches: Proactive/Preventative (meaning you assume something will happen at some point in time and you prepare for it ahead of time), and Reactive (meaning you assume nothing will ever happen and if/when it does, you scramble to determine what happened, how it happened, and most importantly what do you need to do to respond to it to protect your business). Reading those two very different scenarios above, which side of an incident do you want to be on? Do you want to be on the proactive/preventative side where if/when an incident occurs, it’s an annoyance or inconvenience, or on the reactive side where you may never fully recover from an incident, or may incur significant costs and impacts to your business (monetary, reputation, etc.).

Employees face a number of risks when using the Internet such as phishing attempts to steal their corporate or personal logins, malicious links in emails that install bad software, and especially ransomware that can infect not just their computers, but also every other computer connected to the corporate network. Theft of employee personal information is a significant issue for the company and for the affected individuals. Employee awareness training, along with a robust set of tools and policies, help to minimize the risk to your employees and make them an important part of your risk management strategy.

Nowadays, the digital equivalent of the wild west is called the Dark Web. Unavailable to the casual internet user, the Dark Web houses a treasure trove of stolen information, offering it for sale and trade on chat groups and online forums. People buy, sell and trade collections of Personal Information, Credit Cards, health records, and a wealth of other information with impunity. There’s no easy way for law enforcement to police the Dark Web, let alone capture the bad guys.

If you assume any information you have is a potential target for hackers, it becomes easier to build out a cyber protection plan. Take some time to catalog any/all data that your company has such as employee information, customer information, transaction information, sales information, proprietary documents, design documents, etc. Once you’ve identified your data assets, spend some time identifying all the locations they reside whether on a server, in the cloud, on individual user’s PCs, etc., most data ends up residing in a surprising number of locations. Finally, figure out all the different ways your data can be accessed (directly over the internet, through a vpn connection, through a web connection, etc.). Once you understand all of these items, you can start thinking about the various ways to protect your information.