Have you done a risk assessment of your computers, your mobile devices, your network, cloud applications, employee-owned devices? Are your policies and systems up-to-date? Are you managing vulnerabilities and upgrades? First, you need a plan for your business security. You need to have rules (policies) for your business computer and internet usage and procedures for managing these rules. Next, if you have not kept these systems upgraded, you may have vulnerabilities that could allow an attacker into your systems – to access your private, personal, and financial data. If you have any kind of private customer or client data for your businesses, that private information could land in the hands of criminals. The costs to your business and your reputation could destroy it.

Even if you installed anti-virus and anti-malware software, you must run it regularly so you know your systems are secured. You should also have this protection on your cell phones, laptops and tablets.

Your site should use https://, not just http://. This provides a higher level of security. You should also be using a VPN (Virtual Private Network). Certain sites are riskier than others. Be sure that all of your business computers and business mobile devices are set up so your employees can’t go to these sites.

It is important to back up your work regularly in more than one way. You should have 2-3 ways to save your work and you should keep at least one off-premises. If here is a ransomware attack, this is especially important. If your 3rd party vendors have any access to your systems, make certain they are also secure. Any 3rd party who can access your email could be a threat; if your vendors are not cyber-prepared, attackers may be able to get into your systems. Many large companies have experienced these attacks (Target, Equifax, the US Government). Now, attackers are targeting smaller companies because you also have resources they want to steal.

Does anyone in their families have access to their computers or cell phones or iPads where your business information might be stored? Know their passwords? How are these devices secured and backed up? For the protection of your business, any device that is used to access your business information should be protected as well as whatever you protect in your office.

If your business is affected by compliance requirements there may be expensive penalties for non-compliance. You may already know how the city delights in imposing fines. You may take credit cards (PCI-DSS), or deal with medical issues (HIPAA), or be a financial institution (23 NYCRR 500). There are also privacy requirements for any business that deals with children (COPPA). You and your employees must know what affects your ability to run your business.

Most cybersecurity incidents happen because people are not trained to recognize the dangers. Maybe your employee loses her cell phone on the bus, or another picks up a flash drive and puts it in one of your computers to “see what’s there”. There are all of the email “accidents” that we read about every day, where all of the customer or patient information is lost. This kind of breach can destroy a business because the costs are enormous. There are also, unfortunately, employees who know they are going to be fired, or who are just angry, who steal customer lists or proprietary information from their employers.

You and all of your employees must know what to do in case there is a  breach. It isn’t enough to think that you can “wing it” if and when this happens. You also need to test your plans. It is also a good idea to have cyber insurance. A reputable insurance company will require you to have cyber plans in place before issuing a policy.

As important as your business is, your families are even more important.  Your children may think they “know it all”, but they are at high risk when they don’t have all the information they need to protect themselves. It is your responsibility to stay a step ahead of them. You need to know how to protect them and where to go if they are bullied or hacked.