Data security has been scary and is getting scarier.

Data security was the topic Tuesday during a Blair County Chamber of Commerce workshop at the Blair County Convention Center.

“We have become fascinated and terrified by the changing digital landscape. Risks have grown substantially,” said Josh Barnhart, vice president of business development at NPC Inc. of Claysburg. “It has been quite a ride in digital security. Things are just heating up. It is a worldwide problem.

“There are threats facing businesses in Blair County. The bad guys go after big businesses first but they are also after businesses and individuals like us,” he said.

Ransomware has become a big issue.

“It is a huge issue,” said David Wertz, president of PC Works Plus Inc. of Bellwood. “We are making some progress but are not where we need to be. It makes people a ton of money.”

“Ransomware is so scary, it is such a good business model,” Barnhart said.

There are steps businesses can take against data security problems.

“You need to have layers of security in place. It is a multi-layered approach. If we are not aware and teaching our people not to open something, you will be susceptible to things,” said Tim Serbin, managed services specialist at Link Computer Corp., Bellwood.

“Cultural awareness is a big part of the security blanket,” Serbin added.

Security awareness training is important.

“We are pushing the training as the first thing. If you are not doing training, the money you spend is less effective,” Wertz said.

It is important to have a security plan in place.

“Start with a plan. A large percent of clients have absolutely nothing as a security policy. They think it is an enormous task; it takes a lot of money and time. Make sure you have a plan to protect data. Identify a couple of systems and protect them. That is a good place to start; even a five-page plan rather than waiting for something to happen,” Wertz said.

“The plan is important but it is the way you structure that plan,” said Joe Harford, president and founder of Reclamere Inc. of Tyrone. “You will never be done in your security journey. There has to become a strategic methodical approach on how you deal with it. It is not one and done, it is a continuing journey.”

Companies should also do a risk assessment to see what their tolerance level would be in the case of a data breach.

“You need to provide reasonable care for the data you are responsible for. Risk assessment is for you to understand the risk of your environment. Risk assessment gives you a snapshot of your risk profile so you can build a remediation plan to improve your risk profile. You should do a risk assessment annually,” Harford said. “As a business operator, you need to take a look at risk. You can’t eliminate it even if it does have a negative impact on business. What we are trying to do, we are looking at being proactive. Being reactive is so much more expensive.”

A backup plan can be valuable.

“It is good to have a backup. That is one of the most least expensive ways to protect you. You need to think about that (backup plan) when you talk about risk assessment, the tools you put in place. A valid good backup plan can save the day,” Serbin said.

Sometimes it can be difficult to get people to spend money on security.

“Most people think it is not going to happen to me. Getting people to spend money is an uphill battle. It has to come from leadership of the company. They have to understand there is a real risk. This is happening in central Pennsylvania; this is not just happening somewhere else,” Wertz said.

Security is the new cost of doing business today, Barnhart said.

Cyber security insurance is available.

“Details of the policy are very essential. The cost of cybersecurity insurance has declined over the past five years. “It is a good thing to invest in,” said Larissa Crum, vice president of NPC Inc.

However, companies need to be aware of what they are filling out.

“Insurance companies don’t care what you say until something happens. You have to understand what you are writing; it is not like life insurance. For clients, we say the companies accept what you sign. They will take your premium until something happens and then you get nothing,” Wertz said.