How to protect your company's digital assets
Cybersecurity and cyberattacks reported in the tech and financial industries strike fear in the hearts of many businesses, conjuring visions of drained accounts, damaged reputations, and legal liabilities. These risks are equal for large and small businesses, although a small business owner might not have the means to recover from an attack if the right protections are not in place.
In essence, a sole proprietor, IT professional, or a retailer that accepts electronic payments faces some of the same risks as large companies, such as Amazon.
But first, what is a digital asset? The term encompasses any digitally stored content (on a hard drive, removable device, or the cloud) owned by an individual or a business. Examples of digital assets include client and partnership data, logins, company emails, digital chat messages, saved conference calls, email lists, social media accounts, website content, and more.
Here are some tips for protecting digital assets:
Take steps to prevent human errors
One of the biggest threats to a company trying to protect digital assets is its people. Missteps can leave assets vulnerable to cyberattacks if you and your partners, employees, and contractors are not properly trained. Servers and computers can be compromised by viruses that originate from malicious email scams, and breaches can occur if password protocols are not followed by everyone at your business. Common sources for human errors include:
Personal devices
Some businesses allow employees and contractors to access company networks, email, and servers with their personal laptops, tablets, or phones. This can leave your business vulnerable to attack from malware from devices you didn’t know were infected. Avoid this risk to your digital assets by discouraging personal devices and mandating security protections before providing access to any sensitive information. VPN (virtual private network) clients can provide a good buffer between you and the outside world and still allow file access.
Company devices and email
One bad link with malware can compromise an email server or PC and lead to entire network vulnerabilities. Make sure your email server has a virus scanner that scans all incoming messages for suspicious and potentially malicious links, and limit personal use on company PCs.
Circumventing security
Even with physical security in place, protocols are sometimes ignored. Sometimes comfort beats a robust antivirus system when an employee gets sick of the pop-up notifications and turns them off. Likewise, even with strong password protocols, sophisticated hackers can still potentially gain access to a business account. Set up an antivirus system with admin-only permissions so it can’t be turned off. Cultivate a list of logins with passwords using a secure password protector such as Last Pass (one password to remember) or True Key (biometric access).
Throwing out sensitive information
A list of leads or current customers tossed in the recycling bin could turn into a security nightmare if someone goes through the bin before it’s picked up. Keep a separate bin for shredding, and make sure to designate someone to shred sensitive documents.
Register intellectual property
Software and network security is essential, but protecting digital assets through copyrights, trademarks, and patents is just as important. This is one place where large companies have an edge over small businesses. They have lawyers and support personnel to create contracts and register their assets.
If the digital asset ownership is unclear, disputes can arise if an owner dies or an employee wants to reuse content that he or she created. It’s important to create internal documentation for digital asset ownership and take steps to protect your intellectual property rights by registering digital assets with the U.S. Copyright Office and the U.S. Patent and Trademark Office.
Content rights should be specified in employee and business contracts, as part of email signatures, and on websites and blogs. Business owners should also clearly document all rights, accounts, usernames / passwords, and passing of ownership with an estate planning attorney.
Update security
Digital asset security threats are ever-evolving with security firms scrambling to keep up with highly motivated and well-equipped hackers. Almost half of external cybersecurity attacks are on small businesses because their security is often easier to penetrate.
It’s crucial for small businesses to limit access points through locked devices and permissions. Setting an appropriate interval for updating security and antivirus software, as well as backing up data and securing password information are essential. Some business owners also take the additional step of having independent parties (white hats) test firewalls and other security features.
Digital asset insurance protections
Property value is quantifiable, but data often isn’t. If someone compromises your digital content, it can be expensive and messy, but cyber insurance can make a huge difference in addressing the costs. As a final note, remember that as technology develops, the legal definition of digital assets will also evolve. Luckily, insurance companies are never far behind these changes and usually adapt accordingly.