Plan Against Cyber Attacks
Here at CyberPolicy we believe that the first step towards comprehensive cyber protection is the creation of a cyber plan. Our four simple questions are designed to guide you in creating your first customized cyber plan. Let’s get started.
Does my small business need cyber protection?
Does your company:
- Use mobile technology (smartphones, tablets, laptops, PC)?
- Have employees?
- Engage external partners or vendors?
- Accept credit cards or other online forms of payment?
- Store confidential customer, partner, or other digital information?
If you answered YES to any of the questions above, your business is vulnerable to a cybersecurity breach.
Where do I start?
First, identify who and how your confidential data is accessed. In IT lingo, this is called "defining your attack surface".
Internal employees are responsible for 43% of corporate data loss.
- Do you have company wide password policies? How about policies to restrict who has access to high value data?
- Do you train your employees on proper handling of customer data and company proprietary intelligence?
- Do you have cybersecurity policies for third-party vendors that you work with?
The devices you and your employees use everyday are prime targets for hackers because they serve as gateways to your company's most important data.
- Do you have anti-malware protections on all devices with an internet connection?
- Do you have a firewall monitoring the traffic into and out of your network?
- Do you have physical security (ex. a computer lock) so a thief can't simply walk away with your laptop?
Hackers are very clever in the avenues they use to hack in and control or access your most important data.
- Do you know if there are holes in your programmer's code that a hacker could exploit as a backdoor into your company's systems?
- Is the data you transfer to and from 3rd party systems encrypted and safe from malicious eavesdroppers?
- Are your servers set-up to limit all non-essential activity?
What can I do to prevent a cyber attack?
- Create Cybersecurity Policies and Procedures
- Only provide data access to those who need it
- Establish strict password policies
- Don’t store personal data that you don’t need
- Perform background checks on all employees
- Provide Cybersecurity Training
- Train employees on company security policies
- Train employees to recognize when the company is being attacked and what they should do
- Establish Privacy Policies
- If you need to share customer data with a third party, make sure to understand how the third party is protecting YOUR data. Require proof of adequate cybersecurity and cyber insurance.
- Install device security on all devices used to access company resources (personal or business)
- Prevent intrusion: Install antivirus protection to identify and remove malware
- Secure data: 2-factor identification, FIPS certified encryption
- Back Up Data: Physical media is always vulnerable
- Disposing Devices: Wipe clean and destroy any old device that contained high value data
- Establish network wide security to detect and remove unwelcomed intruders, prevent data loss, and encrypt data at its source.
- Think of cloud security as protecting your virtual network (ie. Amazon Web Services, GoogleCloud, etc).
- Install cloud monitoring software that will reduce potential access points for intruders and monitors for active intrusion attempts.
- Think of application security as monitoring your website or third-party applications (like WordPress or SquareSpace) code to ensure a hacker can’t find a clever way past your security.
- Use a software product that can identify vulnerabilities and monitor active intrusion attempts.
If I do get hacked, can I protect myself against devastating financial loss?
Unfortunately, unless you specifically requested it, your business insurance policy probably doesn’t protect you from being hacked. In fact, only 3% of small businesses carry cyber insurance!
Trust us, it isn’t expensive and it is worth the comfort of knowing you are protected from being one of the 60% of small businesses that closed their doors within 6 months of being hacked.
First-Party Cyber Coverage covers the policyholder from losses to their business that occur as a result of a data breach. It will cover things like:
- Data Loss
- Customer Notification
- Credit Monitoring
- Regulatory Counsel
Third-Party Cyber Coverage covers the policyholder from losses suffered by third parties, such as customers and clients, in the event that the policyholder unintentionally fails to protect the third parties' sensitive information. It will include:
- Litigation Defense Costs
- Settlement Costs