Learning from Capital One

What Wyoming Businesses Can Do

By Laura Baker, Co-Founder of CyberWyoming and the Made Safe in Wyoming © Program

In the news Capital One’s network and customer data were compromised because they contracted with Amazon Web Services and one of Amazon’s ex-employees was arrested for the breach.  The average cost per record of a data breach is $150 according to IBM Security’s Cost of a Data Breach Report 2019.  However, the report showed that smaller organizations actually have higher costs relative to their size than larger organizations.  (I would suspect that this is because smaller organizations aren’t as prepared for a breach.)  Costs include detection and escalation, notification to individuals, post data breach responses, and lost business.

This outlines the importance of three items on the Made Safe in Wyoming© checklist that could protect your business and maybe prevent a breach. 

First, do a cloud systems inventory.  Keep track of what systems you use in the cloud, who the vendors are, and if they support their own servers or outsource to large hosting centers like Amazon.  Find out if they have a privacy policy that protects your data and if they don’t, demand one.

Second as you complete your cloud systems inventory, require the cloud vendors to sign or provide a Business Agreement.  The world of healthcare uses a Business Associate Agreement (BAA) where contractors of healthcare providers who may have access to protected health information become responsible for protecting that information.  Other industries can take a lesson from this BAA.  This agreement protects you with any external vendor, including cloud system vendors, that may have access to your company’s data.  You can even download a BAA from Microsoft if your company uses Office 365, for instance.

Third, it is imperative that every company have a termination checklist to ensure exiting employees are locked out of the company’s systems.  For instance, one of the biggest risks we see in Wyoming is the wireless network.  Changing that wireless password when an employee leaves is as important as retrieving the key to the office front door.  Even if you close an employee’s account, a disgruntled ex-employee may know shared user IDs and passwords that would allow them to gain access by sitting outside your office’s front door and tinkering around.  But that also brings up another point, if your office shares use IDs and passwords, for instance many companies share their Facebook password with a select few, make sure that password is also changed when an employee leaves.  The termination checklist can save so many headaches and creating one is as simple as sitting down for 30 minutes and thinking about all the systems your company uses and who has access to them.

The IBM report also has some recommendations if a data breach occurs:

  1. Have an incident response team and put incident response plans to the test.  (Note that the Made Safe in Wyoming© checklist recommends starting with the Cyber Readiness Institute’s incident response checklist and plan from there.)
  2. Lower turnover and initiatives to improve consumer trust reduce the risk.  (The Made Safe in Wyoming© program recommends creating a cyber leader position in your company, no matter how small your company is.)
  3. Discover where your sensitive data is and use encryption.  (Did you know that using Windows 10 Professional’s encryption option allows you to encrypt your workstation, laptop, and thumb drives?)
  4. Invest in technologies that help you detect and contain a data breach.  (Many of Wyoming’s companies can be too small for this type of investment, but there are many things you can do to reduce risk – like termination checklists, writing and following your security policies, unplugging Windows XP machines from the internet, getting highly rated antivirus software, training your employees on cybersecurity, and getting a really good business class firewall.)
  5. Invest in governance, risk management and compliance programs.  (This could be as simple as adding a vulnerability scan to your annual financial audit and reviewing your security policies to be sure they are up to date each year.)
  6. Beware of increasing IT complexity and disconnected security solutions.  (Here they are talking about mobile phones, tablets, internet of things items, and forgetting to renew your antivirus software license.  If you review your policies and inventory every year you will be more protected than you are today.)

A lot of these items that IBM recommends can be simple for Wyoming companies to implement.  Usually it just takes some elbow grease and from being out in our business community, I know our business owners aren’t afraid of hard work and leadership.  That’s all it takes to manage your cyber risk.

Contact us at info@madesafeinwyoming.org today if you want to be walked through the Made Safe in Wyoming© program.  We will be happy to help!

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: