In part two of our three part cyber series, the Insurely team look at 10 steps that you can take to help prevent cyber attacks on your business. We also look at why cyber insurance should form part of your risk management approach.
It is important that organisations focus on cyber resilience strategies and investments to support and protect their business. The logical starting place is with your internal controls and general risk management. There are three common key areas for organisations to focus on when considering cyber risks:
1. Operational risk – where you are dependent on technology to deliver service and generate revenue – ask what kind of disruption would a hack cause to your organisation? According to Coverware during Q1 2020 there 15 days average downtime from a ransomware infection.
2. Privacy Risk – consider legislation and contractual indemnities that are there there to protect consumers and entities.
3. Security Risk – causing damage to your organisation, data breaches, phishing attacks & malware - it’s your money and reputation at stake.
What basic steps can you take to protect your business? 10 Tips
Remember that all businesses face cyber risks. Hackers do not discriminate based on occupation or turnover; they look for vulnerabilities to exploit. Here are some basic steps to help prevent cyber attacks.
1. Purchase and regularly update your anti-virus and anti-malware software. This should be installed on on all applicable devices.
2. Keep your software up to date. Vulnerabilities in unpatched software make for easy entry for hackers.
3. Implement Two-factor authentication (2FA), which adds an extra layer of protection to your online accounts
4. Staff Education – staff are your main exposure and also your best defence. Keep that knowledge and awareness of risks flowing through the company. We recommend that you run trial phishing campaigns to ascertain the levels of awareness among staff.
5. Phishing emails – if it looks suspicious, be smart and sensible in how you handle it. Look for poor grammar, unusual phrasing and avoid public Wi-Fi
6. Using strong passwords that are unique – Upper case lower case, random letters and symbols. I know you have heard it before but many people still ignore this important task.
7. Back-up key systems and databases, remotely, with reputable firms.
8. Never open unexpected attachments without scanning them through anti-virus software
9. Implement a VPN (virtual private network) and MFA (multi-factor authentication) for all remote systems on distributed networks
10. Consider regular reviews of cyber security and develop a formalised incident response plan.
The Cert NZ site by the New Zealand Government has some excellent free guides and material to assist you and your business. https://www.cert.govt.nz/business/guides/
Why do I need Cyber Insurance?
The above strategies are all important risk management tools. However, no cyber security is impenetrable. Cyber criminals will do all they can to exploit any system or human weaknesses. And across the globe the insurance markets are seeing an increase in frequency and severity of cyber losses.
Cyber insurance should be considered as a key part of your organisation's cyber risk management approach. Many contracts with third parties will require cyber insurance to be in place prior to executing the contract.
In addition policies often provide expertise in the event of a loss that would otherwise be a costly procurement at this critical time. Most policies provide access to experts to help you respond and recover to an attack from IT consultants to legal representation. Finally Cyber insurance covers regulatory fines and penalties for cyber and security breaches.
What does a Cyber Security policy cover?
Cyber insurance responds to for both first and third parties losses triggered by a cyber attack giving rise to either a security event or a privacy event.
First Party Loss
Business income loss due to a cyber event
Costs of data restoration and replication.
Breach and incident response costs - typically a panel of experts are available to assist as part of a cyber breach including IT consultants, legal, forensic and public relations specialists.
Cyber extortion costs from Ransomware.
Third Party Loss
Liability for costs and damages for claims arising from failure of network security and disclosure of privacy information
Regulatory fines and penalties from a Privacy Regulatory Investigation.
Associated Legal Defence Costs
Not all cyber insurance policies are created equal and the risks are continually evolving. There are numerous coverage extensions that are optional such as Social Engineering Fraud that may not automatically be covered by your cyber policy.
The Insurely team are here to help. Insurely are fully independent commercial insurance brokers that tailor insurance programmes to your exact needs. Get in touch with us via our website, LinkedIn or Facebook