Cyber security has become atop priority for many businesses. The threats lurk both inside andoutside of every company. A recent Juniper Research study foundthat data breaches could cost over $2 trillion on a global scale by2019.

Technology has made it easier for cyber criminals to collectmillions of bits of information from a wide variety of sources, andsome experts believe they are using the data to create profilesthat could be used access government files, healthcare records andother details previously thought to be protected.  

Over the last year, credit card information was stolen from56 million Home Depotcustomers, healthcare information from 80 million Anthempolicyholders, and the personnel records of more than25 million government employees and contractors were accessed inthe OPM breach.

Healthcare records are worth significantly more on the blackmarket (about $50-$300 per record according to the PonemonInstitute) compared to credit card numbers (about $135 per recordin Brazil according to Cheat Sheet). Those same credit card numbersare practically worthless in Russia and China, but value can beassigned to almost everything including things like mobile phonenumbers and landlines. A list of mobile phone numbers retails for$290 to $1,236, and a list of landlines can be worth up to $1,931says Cheat Sheet.

(Image: Wavebreakmedia Ltd /Thinkstock)

Obviously, hackers are a concern, but there are other riskscompanies should be aware of and steps they can take to minimizethe damage when they are hacked. Sean Murphy, founder and CEO ofPrivate Giant says, "The common thread in all of these events issensitive information – whether it's billing information, creditcards or other data – any loss or damage to this information coulddamage your business."

These hackers, or what Murphy calls "bad actors," want any pieceof information they can get their hands on. "If your businessdetermines that a customer's favorite color is blue, now they havethat information when the security question is 'What's yourfavorite color?' They're collecting bits of information fromdifferent sources and using them to put together a profile onpeople so they know how to access their information."

Related: The Dark Web: A look into the cyber criminalunderworld

He says that ransomware is one of the newer threats because theapps can be installed on phones and computers so thieves can holdthem for ransom. "They say we'll sell your information back to youfor $300 or $3,000 and there's no way to get around it," Murphyexplains. "It locks your data down so you can't check outcustomers, can't send out invoices or do anything until you pay theransom." (Companies who back up their data regularly may be lesslikely to be impacted by ransom demands.)

After companies pay the ransom, Murphy says the question is,"What do they do with it? Who else are they selling it to? We'retalking massive data theft on a global scale."

He said it is easy to go on the black market and buy records oncompanies like Ashley Madison, and the hackers will likely makemillions on the stolen records.

(Photo: Maksim Kabakou/Shutterstock)

While most companies have firewalls to keep information andviruses from coming in, the real issue is often what is going out.Murphy says a lot of information can be gained through monitoringemails and there are android apps that can damage a system fromwithin. "A small program can be sending out tons of informationfrom these apps and you are totally unaware that the information isbeing transmitted. It's important for companies to be monitoringoutbound connections and to look for what's being transmitted fromyour network."

He recommends a strategy he calls "defense in depth," amulti-prong approach that can help minimize the risk and exposurefor a company. "You can't buy a program that will solve everythingbecause something will get through your system or it will restrictyour users." He recommends buying the best software to protectinbound connections and using a series of rules to protect thesystem from within the company.

"Go to each workstation, tablet, computer and cell phone, andapply the security parameters that the software offers – you wantto try and prevent the breach at the source, like an intern surfingthe Web. It used to be that you could run a virus scan, it wouldremove the threat and you were done. Information today is far morevaluable, so you need to use a secondary appliance and rules toprotect it even further."

(Image: kutubQ/Thinkstock)

The third step is to lockdown critical data. Murphy says anemployee should not be able to go to a computer and pull up all ofthe information they have on a given customer such as their name,address, credit card information or social security number. "If youcan see that information easily, then we have a problem. Thatinformation should be completely encrypted and available only whenan application needs it. It should be stored so that it iscompletely protected. You can't store unencrypted employee andcustomer data."

He says encryption is the solution for 99% of a company'sproblems. "If a thief steals a hard drive or is able to accessfiles – he might get a $10 hard drive, but he can't get the data ifhe doesn't have the keys."

Murphy adds that the gatekeepers of the information should alsobe audited when they release data so it tracks what was accessed,who opened it and when it was retrieved. These steps can help limita company's exposure if its data is hacked.

Today's technology has made information highly portable andaccessible, but smart companies are taking a big picture approachto their cyber security and preparing for a host of worse-casescenarios so they are able to quickly identify and mitigate abreach when it occurs.

Think your company has a smart, creative and effective plan?Then consider entering it in the inaugural Excellence in Cyber Security RiskManagement awards program sponsored by NationalUnderwriter. To nominate your company, fill out anapplication, including a companyprofile which will be kept confidential, by October 9,2015 in order to be considered.

If you want to learn more about cyber security threats and howto address them, then plan to attend ALM's cyberSecure event on Dec. 15-16, in New YorkCity. Attendees will learn how to transform risk managementpreparedness and response strategy into a competitive advantage.