Executives retained to renew companies must review and minimize cyber security risks, a panel of cyber experts recently told members and guests of the Connecticut TMA.

Among the speakers’ key points:

• Middle market companies are 99.9% vulnerable to hacking and the target of choice for hackers looking to steal data from giant companies, Hackers then use information from the middle-market companies to penetrate the much larger companies’ data systems.

• Failure to change default passwords on routers is perhaps the most common weakness enabling hackers to gain access to middle market company systems.

• Business assets most at risk are intangibles, especially intellectual property such as patents, trademarks, copyrights and especially trade secrets. Trade secrets are the assets most at risk, whether financial information and business plans or customers’ personal data.

• Current and former employees are the group most often associated with misappropriation of trade secrets.

• Data theft pays well, incentivizing hackers to break into corporate systems. Brazil, Russia and China are countries with the most profitable underground economies for U.S. data. In Brazil, credit card credentials with a PIN number attached are worth $35 to $135 per instance per card. A list of mobile phone numbers there goes for $290 to $1,236 and a list of landline phone numbers brings $317 to $1,931.

• Operating executives when going into a company need to ask, Are we taking sufficient steps to protect against theft. They should designate a person to be responsible for cyber security oversight.

• If reporting to a board of directors, operating executives should ensure that cybersecurity is on the board’s agenda at least once annually.

• Plan for compliance with applicable state “breach notification” statutes.

• To assess and reduce risk, companies should pay ethical hackers to break into their data systems.