With recent news involving the Federal Bureau of Investigation and its data war with Apple, cyber security is at the forefront of an ongoing 21st century privacy discussion. The rise of the World Wide Web has made managing daily tasks easier; it allows for more efficiency in the workplace and has created new ways for interacting with people across the planet.
This new digital economy also opens avenues of deceit and danger—in this three part series we will go over good practices to reduce the risk of a cyber attack, explore the cyber insurance options available to meet your company’s unique needs and conclude with how you can use this policy to recover, in the case that your business was hacked.
Large corporations are the most cited victims of widespread cyber breaches, and as a result, smaller and mid-sized businesses naively perceive themselves as unlikely targets. However, in a recent New York Times article, a study conducted by Timothy Francis, Enterprise Leader of Cyber Insurance at Travelers, concluded that “sixty percent of all online attacks in 2014 targeted small and midsize businesses.” Smaller companies underestimate this growing threat and often bypass better security measures to conserve fiscal resources.
As this 2010 Forbes article warns, “no business is too Small for IT security”, and there is no time like the present to prepare your company against identity theft, data ransom, funds stealing and more. There are easy ways to avoid some of these problems that you should already be doing—such as using more in-depth and complicated passwords, understanding the signs of a phishing scam and not opening unsafe URLs/unknown files, employees are already one step ahead of small-time hackers.
The basic and most crucial advice to give when it relates to hacking prevention and virus protection is constant monitoring and employee education. As an employer, it’s your job to ensure the internal safety of your company. You should be regularly updating an employee’s anti-virus software to prevent new viruses from getting a leg-up on old programs. Creating whitelists for your company’s network can ensure that no employee is allowed access to certain IP addresses and prevents interactions with malicious email accounts.
To even further limit an employee’s encounter with phishing scams, reasonably-priced security software can be installed to automatically scan all incoming company emails and attachments for viruses. A set plan for all mobile devices within your company should be reached—security applications can prevent data from being stolen while a phone is being used on a public network. Finally, all important data and sensitive information should be regularly backed up through offsite storage devices or a secure cloud platform. Automatic weekly or bi-weekly back ups are a must for limiting losses in case of a cyber hack.
Companies with a significant amount of data online and an interactive website should already be employing these measures to help prevent an attack. The cliché, “being safe is better than being sorry” absolutely applies in the cyber world, and employers—big or small—should always be cautious about their company’s vulnerabilities.
Now that you know a few good practices for preventing a cyber attack, stay tuned for more insight on how to find the best cyber-risk policy for your mid-sized company.
Steven Sharkey is a co-founder of The Beacon Group of Companies and managing partner of Beacon’s property and casuality division.