Information is powerful, and in the world of mergers and acquisitions, it is essential that company information is managed with great care. Consequently, the data compiled, analyzed, and shared needs to be controlled and protected. For financial advisory services, maintaining chain of custody is especially important, because data integrity is the lifeblood of any successful financial transaction.
To successfully complete any type of middle-market business transaction, the business owner must provide potential investors with solid, secure company data. Reliable data is necessary to prove the current and future value of a company, and savvy investors demand it. At the same time, business owners need to demonstrate that company data is as accurate as possible and not susceptible to data breaches or cyberthreats. Without data security, any potential deal could be jeopardized.
We have all heard or read about data security breaches at such national retail stores as Target, Verizon, JCPenney, and Neiman Marcus. Corporate data is also stolen from thousands of middle-market companies every year as well, but this news rarely makes the headlines. Often, this data is sold to competitors or even sold back to the company in a cyber-extortion scheme.
There is even a new malware called Ransomware. Cybercriminals using Ransonmware don't steal your data, but they do threaten to destroy company data unless the their demands are met.
News organizations have reported that MasterCard, Visa, PayPal, Sony, and even the Chinese stock exchange have all been hit by Denial of Service attacks, or DDoS. Companies receive an advance warning that a DDoS attack will target their site unless they pay to stop it. If payment is not made, the DDoS attack brings down the website. A February 2014 Corero report shows that 40 percent of companies are not prepared for a DDoS attack.
Cyberextortion can cause a number of types of harm to your company:
- damage to reputation
- breach of confidential information
- loss of customers
- loss of revenue
The release of, or threat to release, confidential information is another cyberweapon. Imagine a health care company threatened by cybercriminals claiming they'll expose client medical records online. Should it pay the blackmailer? The company may be reluctant to report the crime, because it doesn't want the public or its customers to know about the data breach. These crimes are also difficult to investigate because they occur across various state or international borders, leaving victims with little recourse.
So, how secure is your company data? The good news is there are simple, cost-effective steps to protecting valuable corporate data. Following are strategies from the field to help you gauge and adjust your company's data security in order to successfully complete a middle-market business transaction.
#1 Establish and enforce a proven password strategy. Use fairly complex passwords and change those passwords at least every 90 days. Never use simple passwords like "Password01" or "Admin1." Microsoft-based network Active Directory will allow you to override the recommended password protocols. (If you are not required to change your password every quarter, this feature may have been turned off.)
#2 Use a secure backup plan. This should already be a key part of your IT strategy. Secure backups help you survive everything from accidental file deletion to hurricane destruction. Those same backups can also help you survive cyberblackmail. If a cybercriminal threatens to delete your data, you can have it back online almost immediately using your backup system. As a best practice, backup data should be stored in a secure, remote location away from your primary place of business. This protects your data from both physical and cyber threats.
#3 Purchase some protection. There are numerous proven vendors that can provide firewalls, malware blocking, spam filtering, phishing blocking, virus protection, and intrusion detection software. These companies specialize in network protection and can provide data security that meets the needs and budgets of most businesses.
#4 Create a security culture in your company. Ultimately, everyone who has a user name and password is responsible for keeping company data secure. Periodically remind your managers and employees that it is important to the company's future that they do not share log-in information. Encourage them to be more vigilant with securing their passwords. Writing passwords on a sticky note placed under a keyboard or in a file saved on a computer should be prohibited. Take internal data security protocols seriously. A 2013 Coreo study revealed that 43% of networks hacked were attacked using information criminals secured inside the company.
Don't take risks with your company data. The data you collect can be just as valuable as the physical assets of your business. Your company can't function efficiently or safely without it, and you definitely can't sell your business or secure growth capital without a secure data management plan in place. Just as you wouldn't leave the doors to your warehouse or office unlocked, you shouldn't leave the door open for cybercriminals either. Take steps to protect your data and your company's future today.