How to Prepare for Cyber Risk in 2018

Multiple cyber threats have increased in recent years, and they show no sign of slowing down anytime soon. Going into 2018, cyber security should be on everyone’s mind. For businesses big and small, it’s essential to know the risks and how best to minimize them.

The Threats

Cyber security is a broad term that encompasses a wide range of threats. Any business that uses computers is at risk.

• Data breaches can have both internal and external causes. In some cases, data breaches occur when hackers exploit vulnerabilities to steal information. This is what happened to Equifax in 2017. Other data breaches can occur when workers misplace laptops, flash drives or other portable devices.   
• Viruses often infect computers after the user clicks on a malicious link. These links may come from emails and other messages that look legitimate. Infections can spread to entire computer systems with different results, which can include stolen data or malfunctioning equipment.
• Ransomware is one type of virus that has received a lot of attention recently, especially since the global WannaCry attack in 2017. With ransomware, hackers encrypt files on infected computers and then demand payment to release the files. Some companies pay the ransom to avoid business interruption, but the files are not always released as promised. 
• Transfer scams don’t rely on advanced technology. Instead, they exploit people. Con artists pose as clients, supervisors or colleagues to trick employees into transferring funds.

Prevention

As our work moves into the digital landscape, vigilance becomes increasingly important. 

• Enforce strict policies governing the use of portable devices containing sensitive information. When employees take these devices offsite, they may be putting the company at risk.  When devices must be transferred, the use of encryption and passwords can help keep information secure.
• Create a procedure to be followed before transferring money. This procedure should include safeguards to ensure that employees do not unwittingly transfer money to a scammer.
• Train all employees on cyber security. Regardless of their position, all employees with access to company computers must be aware of cyber threats. They should be trained on how to avoid fake emails and suspicious links, as well as the importance of using strong passwords and keeping their devices secure.
• Use up-to-date equipment. Computer systems should be updated with software patches as soon as these patches are released. Firewalls and anti-virus software should also be installed and regularly updated.

Response

Although prevention is the goal, it is not always possible. Cybercriminals are constantly changing their tactics to exploit new vulnerabilities. Therefore, businesses must accept that even with the best procedures in place, an attack is possible. When this happens, a good response is needed.

• Have a plan in place to alert customers of a data breach and provide credit monitoring if needed. There may be legal requirements to consider. California, for example, has legal requirements for data breach notification, and the HIPAA Breach Notification Rule outlines requirements for breaches involving protected health information.
• Keep backup files on an unconnected system in case a ransomware or other virus infection occurs. The FBI does not recommend paying hackers after a ransomware attack.
• Transfer risk with cyber insurance. When a cyber incident occurs, cyber insurance can cover the cost of business interruption, data loss, expenses resulting from a data breach and more. This can help businesses maintain their good reputation and get back to business as usual as quickly as possible.

Contact us to learn more about cyber insurance and risk management strategies. We’re here to help!