Don’t need to protect against cybercrime? With concerns about cybersecurity at an all-time high, you may want to think again!
Whether you have a business, big or small, cybercrime – cyberattacks and data breaches – are a frightening and potentially costly new reality. And, in this pandemic era, with more and more businesses moving online, cybercrime is a bigger threat to more companies and entrepreneurs than ever.
Given the high incidence of cybercrime, it’s critical that you are as informed as possible to avoid vulnerability and to be able to properly protect your business.
When you have a business that relies on published content containing business or personal details online, it can be at increased risk for security exposure or breach. That’s why it’s vital that your business takes the appropriate care to secure any and all electronic devices that contain or have access to client, employee, volunteer and/or member information and data.
Stolen electronics and digital storage such as USB flash drives, mobile phones, laptops, and tablets can offer cybercriminals very valuable access to any businesses network. In the wrong hands, this can be, at best, a problem; at worst, downright dangerous.
Computer viruses pose another potentially damaging threat to your data, digital assets, network, and systems.
Other cyber threats of great concern: e-extortion, online hackers, defamation and possible libel to your brand, and website hijacking where your information, content, and materials are replaced with illegitimate data.
If you have an e-commerce business, if you store data electronically, or, really, if you use computers for any purpose in the operations of your business, you’re potentially vulnerable to a costly cyberattack or data breach where data, documents, content, and more can be lost.
TALK TO US about insurance coverage in the event of a cyberattack.
How does a cyberattack occur?
Unfortunately, quite easily! Every day, in every sector around the world, hackers with malicious intent come up with new and more advanced ways to infiltrate the various digital components of businesses and organizations.
As a business owner, there is no shortage of stress. Cybercrime and possible online vulnerabilities add a whole new level of stress – your website crashes, all of a sudden your popular blog is now a hub for pornography or your precious employee and client data has been breached. And these are just a few examples of cyberattacks.
Increasingly common, cyberattacks include:
- Malware: Harmful software designed to take control of a computer, system, or network, to monitor the user’s activities as it relays the confidential or sensitive data from the infected machine or network back to the hacker.
- Ransomware: Encrypts files or documents to prevent user access and then demands payment for the safe return or recovery of your information. This occurs by clicking through to a bad phishing link or visiting a compromised website.
- Phishing: An attacker, under the guise of a trusted organization, individual, or business, tricks a user into taking a specific action – clicking a bad link or opening a harmful attachment – that they might not ordinarily take.
- Denial of service attack: A hacker overwhelms a website with too much traffic making it’s impossible for real visitors to access it.
- Spoofing: The impersonation of another device, computer, or user to attack network hosts, steal information and data, spread malware, or divert access controls.
- Brute force: The hacker decodes encrypted data by using as many password combinations as possible, as fast as possible.
There are a variety of ways you can ensure the digital and data side of your business is more secure:
Limit access to information and data. When you limit the number of individuals with access to data, you can minimize the chances for human error – the main data security threat.
Additionally, as much as 80% of cybersecurity incidents are inside jobs. It’s the disgruntled employee with secure access to sensitive information that is probably the biggest threat to the cybersecurity of your business. When a team member is preparing to leave the company or even if they transfer to another department, delete passwords and accounts and passwords from all systems. Be sure to have them return keys and ID badges.
Install surge protectors and uninterruptible power supplies (UPS). Make sure that all computers on your network are connected to an uninterruptible power supply (UPS). In the event of an unexpected power disruption, a UPS provides time and battery life to save your data.
Use web and email filters. Utilize web browser and email filters to deter hackers and prevent aggravating spam from congesting the inboxes of your teams. You can also use “blacklist” services to block users from browsing possibly risky websites that might be malware.
Discourage everyone on your team from visiting potentially hazardous websites, known as risks to your cybersecurity – pornography, for example. Yes, this is an awkward conversation, but a good reminder to all employees what’s potentially at stake.
Install and use firewalls for all software and hardware. Firewalls are an effective tool to protect your valuable data. Whether to prevent employees from browsing the internet inappropriately or nasty hackers, firewalls provide reliable protection for your various business networks and systems. Ensure that they are installed on every networked computer, device, and mobile phone of all employees, on- and offsite, and are kept up-to-date. For additional security, you can also install an intrusion detection and prevention system (IDPS).
Patch your operating systems and software on a regular basis. Anytime you install a new application, it leaves an opening for a breach. To prevent a potential cyberattack, patch and update all of your business software, on every computer and device in your business, including those of employees.
Don’t put off updating your operating system. New versions provide enhanced, if not entirely new, security features. And you’ll want to take advantage of them. Note that software companies don’t have to provide security updates for out-of-date products.
Secure all wireless networks and access points. For the most secure wireless networking, you should be sure to follow your router’s best practices:
- New device? Change the admin password
- Fix the wireless access point so that it doesn’t relay the service set identifier (SSID)
- Set the router to WiFi Protected Access 2 (WPA-2), with the Advanced Encryption Standard (AES) for encryption
- Do not use WEP (Wired-Equivalent Privacy)
If your business provides guest access to the WiFi, you should use a different network for your business operations.
Encrypt all sensitive business data and information. Protect all company computers and devices and all sensitive digital information with full-disk encryption. Save your encryption password, but in a very secure location away from backups you may be storing.
Email recipients will probably need the same encryption capability to decrypt but don’t ever send access keys or passwords in the same email as an encrypted document or file. Provide it in some other way (ie. verbally).
Properly train your team in cybersecurity strategies. Knowledge and education is the best defence against cybersecurity threats. Help your employees to understand:
- The difference between business and personal email and what is permitted in your work environment.
- How to best handle sensitive business information and data – in the office, but also if they work at home.
- Steps to take if there is a breach.
It should be standard practice to thoroughly train all new employees how to keep sensitive information and data protected. Create policy and have them sign off that they are aware and in agreement with procedures. Keep training up-to-date and foster an awareness of cybersecurity in your workplace – newsletters, for instance.
Carefully and securely remove outdated media and old computers. Don’t simply load up all the old machines and send them away for recycling. Clear ALL data on the hard drive – take nothing for granted when disposing of your business computers and devices. All content on old flash drives, CDs, etc. should be deleted and the devices destroyed.
Cybercrime coverage in your commercial insurance
Canadian businesses see an increasing number of cyberattacks each and every year. Businesses find themselves the victim of data losses, viruses, network damage, and data theft. Unfortunately, most typical commercial insurance policies have been designed to protect only the brick-and-mortar, physical assets of a business, not the valuable virtual assets – applications, software, systems, and data.
But, you can talk to your insurance provider about the policies available that cover cyber liability. They are developed to cover business interruption and the income lost if you’re forced to halt operations in the event of a breach or other cybercrime.
Be sure to check your existing commercial insurance policy, and TALK TO US if you’d like more information about coverage in the event of a data breach or cyberattack. We want to help you explore the options to protect your business from the potential damage that can result from a cyberattack.
Questions about your commercial insurance and the cyber risks? We can help!