Many small and mid-size businesses do not immediately think of cybersecurity as a huge risk. Sure, they know that they need virus protection and some degree of data protection, but many of these companies simply do not realize the impact a data breach could have on even a small company.

A Huge Risk

In 2018, an IBM-sponsored study by the Ponemon Institute reported that “the global average for a data breach is $3.86 million, breaking down to almost $150 per stolen record.” They went on to say that out of 17 industries represented in the report, the most impacted sectors were financial, service, and manufacturing.

We should all be familiar by now with the risks of a hack, which include data loss, loss of customer trust, potential fines and lawsuits, and negative effects on productivity.

Avoid Disaster

The National Institute of Science and Technology (NIST) U.S. Department of Commerce has developed a framework for cybersecurity that can be implemented by a business of any size. The steps are as follows. For a more in-depth explanation of the cybersecurity framework, visit: https://www.nist.gov/cyberframework/framework.

1. Control Who Has Access to Your Information, which includes listing all employees with computer access, securing/locking all electronic devices when idle, and prohibiting physical access to devices by unauthorized staff, e.g., maintenance, repair/construction workers, and individuals visiting the building.
2. CONDUCT BACKGROUND & SECURITY CHECKS FOR ALL EMPLOYEES—thorough searches should be conducted on all prospective employees or others who will have computer access. Like any thorough background check, this should include: criminal background checks, sexual offender checks, credit checks, verification of dates worked for previous employers, and education and degree verification.
3. Require Individual User Accounts for Each Employee—with strong, unique passwords for each.
4. Create Cybersecurity Policies & Procedures
   At the very least a cybersecurity policy should include: your expectations from your employees for protecting company information, resources that need to be protected and how you expect your employees to protect that information, and a signed agreement from each employee to confirm they’ve read the policy and understand it (this should be kept in each employee’s HR file and reviewed/updated once a year).

You may consult with an attorney or The Hire Authority for help creating your first cybersecurity policy, to make sure you comply with all laws and regulations. There are plenty of easy-to-follow tips from the Manufacturing Extension Partnership (MEP) National Network that can help you get started, including an assessment of your company, a plan of action, and an incident response plan: https://www.nist.gov/mep/cybersecurity-services.

Why Choose The Hire Authority for Employee Background Screening?

It takes an experienced professional to do a thorough employee background check and reduce your cybersecurity risk. The process is complex and there are many state and federal laws with which employers must comply—to avoid fines or lawsuits.

At The Hire Authority we are experienced, professional, and thorough in our screening, which guarantees that you will receive information that is current and relevant. We care about your security and we will work with you to keep you safe from harm or unnecessary problems.

We’d be happy to talk to you about screening your employees and setting up a cybersecurity policy. Call us at (508) 230-5901 or visit our website www.hireauth.com with any questions you may have.

 

The foregoing should not be construed as legal advice. Employers should always consult their own legal counsel for advice on labor and employment matters.