Published on April 20, 2017
As companies and organizations continue to be targeted by hackers, the need to implement and maintain secure processes and systems to protect data has grown. In 2015, the Duke University/CFO Magazine Global Business Outlook Survey found that more than 80 percent of U.S. companies had experienced a data breach, and the amount is even higher among small businesses.
Many organizations do not encrypt their communications at all. Others encrypt email when it’s travelling to its destination, but not when it’s being stored on their servers. And because encryption in transit only works when both parties—the sender and the recipient of an email—support the method of encryption and have implemented it properly, it is extremely risky to only rely on that alone.
For example, a healthcare organization may send sensitive patient data by email to an insurance company. If the insurance company doesn’t have their security protocols properly in place, it could put the information sent by the health care operator at risk of being compromised. Further complicating matters is the reality is that many organizations are not even aware that they are not implementing security standards properly.
Beyond the interception of trade secrets, organizations in many industries are required by law to protect their customers’ information. Everything from birthdates to credit card numbers to social security information. The result of a data breach could be lawsuits, HIPAA fines, losses of information, losing the trust of customers and employees, embarrassment, and much more.
So how do you know if you’re the target of a data breach? You may notice unusual network activity, missing or moved files, or slow system speed. If you suspect your data has been breached, the best approach is to bring in an IT security expert as soon as possible, if you don't already have one on staff.
Encrypting business email is important, but it’s just the start of a holistic policy for ensuring security in business communications. Organizations should have firm-wide security policies in place that confront the many issues of the day, including the use of passwords, using personal devices for work and accessing company systems while working remotely. These policies should be supported by proper training, regular updates and improvements, and backing up of data and storing it off-site.
A first great step is understanding what your assets are to help you decide what you need to protect. If you want more info on how to perform risk analysis for your small business, then check out our Risk assessment for small businesses blog post.