Cyber Security Practices for Businesses
In a world where everything is interconnected, implementing effective cyber security measures is more important now than ever before. According to the FBI, there are more than 4,000 ransomware attacks globally every day. As your commercial insurance partner, Bearingstar Insurance is here to help shield your business from these emerging threats. Our goal is to help you safeguard all of the elements that contribute to your business — from your employees to your facilities to your customers.
Common Cyber Security Threats
There are many reasons why a cyber criminal may choose to target your business, just as there are a multitude of ways for them to do this. Whether they are motivated by financial gains, ideological or political reasons, or a desire for general disruption, “if private information is re-routed or stolen, your organization could be held liable,” advises Bearingstar Commercial Insurance Consultant, Jennifer McEwen. Here are some of the most common cyber security schemes to be aware of:
- Phishing — Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data, like credit card information or social security numbers, or to install malware on the victim’s machine.
- Malware — Malicious software, also known as malware, is designed to disrupt normal operations of your electronic device or computer system. It is typically installed when a user clicks a dangerous link or email attachment. Once this happens, the malware is able to execute actions like capturing sensitive data, blocking access to files, and shutting down your entire system, among other things.
- Denial-of-Service (DoS) — This type of attack typically floods servers, systems or networks with traffic in order to overwhelm the victim’s resources and make it difficult or impossible for legitimate users to access them.
- SQL Injection — A SQL injection, or a Structured Query Language injection, occurs when an attacker inserts malicious code into a server and forces the server to reveal information it normally would not.
- Zero-Day Exploit — A zero-day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. For example, a user may discover a security risk in a program and report it to the company. This user may also warn others about the flaw, which hackers use as an opportunity to exploit the flaw before creators can fix the program.
Cyber Security Protocol
Cyber attacks jeopardize the safety and reliability of every aspect of your business as they enable hackers to access, utilize, change, or destroy sensitive information. This access also gives hackers the opportunity to extort money from your business, your employees, your customers, and any third-party businesses you work with all while interrupting normal business processes. Since these attacks can impact businesses of any size, it’s essential to create a cyber security defense protocol that addresses both how to protect against an attack, but also a process of what to do in the event that your business becomes the victim of one.
Three Pillars of Cyber Security Defense
After working in the insurance industry for over 17 years, Jennifer urges business owners to remember: “The internet is one of the most obvious exposures but even using firewalls, protocols, and software may not keep out the savviest of hackers.” Therefore, a strong cyber security protocol should be multifaceted, and address exposures related to your employees, your business processes, and the technology you use every day.
According to IBM’s 2014 Cyber Security Intelligence Index, 95% of all security incidents involve human error. “While employees may have the best intentions of keeping customer data private, an employee could also click on a suspicious link in an email sending a virus through your system”, Jennifer warns. Therefore, establishing a strong cyber security culture is imperative to uphold the other defense practices of your business. Creating a strong cyber security culture must begin with a clearly defined protocol that everyone understands and follows. From senior leadership to IT staff, to part-time employees — everyone within the company must follow cyber security best practices. In order to successfully do this, all employees must be educated on the different cyber security threats as well as techniques to guard against them. Cyber security protocols should be a recurring topic of conversation — one-off trainings are not sufficient, as people are likely to forget what they are taught if these practices are not a focus of your business. In addition, as hackers become more innovative, approaches to cyber security must adapt and change.
The next step to protecting your business from cyber security threats is creating defined processes of what to do both before and after a cyber threat is discovered. Processes include how you protect systems, detect and respond to threats, and identify and recover from successful attacks. Your business should have an incident response plan that outlines members of the critical response team and defines what each member will do when an incident occurs. A strong cyber security protocol will also assess threats and weaknesses that may come from outside of your own business, such as risks from third-party vendors.
The last pillar of your business’s defense is technology. Perhaps the most obvious, technology is essential to providing organizations and individuals the security tools needed to shield against cyber attacks. Main entities that must be protected include computers, smart devices, routers, networks, and any implemented cloud storage. Malware protection, antivirus software, and email security solutions are all examples of technology that can be used to protect these devices.
Cyber Security Best Practice Examples
Here are important defenses that all businesses should put into practice:
- Use Strong Passwords — Strong passwords should contain a combination of words, numbers, symbols, and both upper and lower-case letters. Find more password tips here.
- Be Wary of Email Attachments — Before clicking on links or email attachments, be sure they were sent from a trusted source. If it’s unexpected or suspicious for any reason, don’t click on it.
- Back Up Data — It is recommended that you regularly back up all critical files, such as word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.
- Invest in Cyber Security Software — Firewalls, Antivirus software, and Anti-Spyware software can alert you to an intruder, create a barrier between you and that threat, and remove the unwanted party before they causes any damage.
- Update Security Software — Installing security software is not enough. It’s important to regularly update your security software as these updates can address new concerns and emerging threats.
- Limit Access to Sensitive Data — Employees should only be able to access the information necessary to do their jobs. Limit access to sensitive information, such as private employee and customer details, based on each individual employee’s role and job function.
- Use Multifactor Authentication — Creating a multifactor authentication system is not only a simple setting on most major networks and email products, but it also provides an extra layer of protection.
- Protect Online and Offline Files — Hackers will stop at nothing to access sensitive information, which makes it necessary to shred or destroy any documents containing sensitive data.
Protect Your Business With a Cyber Liability Policy
Cyber Liability Insurance is a critical component of any strong cyber security protocol. Jennifer advises: “The best plan is to have good controls in place relating to security, the second step is to have as comprehensive of an insurance plan as possible.” Your Bearingstar Insurance agent can help create a multifaceted insurance plan that helps protect your business. A privacy/cyber liability policy can cover defense costs, expenses incurred to notify affected parties and many other coverage points. Jennifer reminds business owners that “the standard business liability policies do not typically include coverage for cyber.” Therefore, by adding this policy to your business’s defense, you are not only safeguarding your data but your business’s reputation in the event of a cyber attack.
There are multiple steps that must be taken to protect your business in the age of technology and cyber threats, Bearingstar’s experienced insurance professionals in Massachusetts and Connecticut are here to support you with customized insurance programs tailored to your specific business risks and needs. Contact us today for more information.