As technology continues to develop and evolve, businesses need to keep up and protect themselves by preparing for a cyber attack. The 2018 State of Cybersecurity in Small and Medium Businesses study, conducted by the Ponemon Institute and sponsored by Keeper Security, found that just 28 per cent of small and midsized businesses say they are “highly effective” at mitigating threats, vulnerabilities and attacks.
With cyber attacks on the rise, it’s no longer sufficient to simply react and clean up the mess that occurs. Now, there needs to be a shift from reactive to proactive. That’s why it’s vital for businesses to consider what steps are necessary when preparing for a cyber attack. And yet, almost half of respondents, 47 per cent, said they had no understanding of how to protect their businesses from cyber threats.
Below we outline some key steps you can take when preparing your business for a cyber attack:
Perform a cyber security audit
Before you can begin taking steps to protect your business from cyber threats, you need to figure out where your vulnerabilities are. Conducting a security audit can highlight areas for improvement for your business. Once you know where your company excels in security and where you could improve, you can begin taking concrete steps to improve your security and help protect your business against potential cyber attacks.
Provide cyber security training to employees
In the 2018 State of Cybersecurity in Small and Medium Businesses study, 60 per cent of those surveyed cited a negligent employee or contractor as being the root cause for a breach. Because of this, it’s especially important that you educate your employees about the risks of cyber attacks and some of the potential tactics hackers can use to access company data. A business should develop a cyber security policy that works for them and the type of data they collect and store. Then you can incorporate the policy into your employee handbook and training. Cyber security training should be given at least once a year so that you can educate employees on new threats, and ensure your company is as safe as possible.
Make use of strong passwords
Weak employee passwords can be a major vulnerability for a company. Forty per cent of respondents in the 2018 State of Cybersecurity in Small and Medium Businesses study said that their companies experienced an attack involving the compromise of employees’ passwords in the past year, with the average cost of each attack being $383,365 USD. Respondents in the study said their two biggest password-related pain points were having to deal with passwords being stolen or compromised (68 per cent) and employees using weak passwords (67 per cent).
Because of this, employers should ensure those working for them create strong passwords and even use password management tools to safely store them. Passwords should be changed frequently to help protect a company’s data and different passwords should be used for different accounts, when possible. That way, having one account compromised will not result in all the employee’s accounts being compromised. Some businesses may consider implementing using a two-factor authentication for logins involving financial, personal, or other sensitive data.
Utilize tech safeguards
While preparing for a cyber attack, you can further protect your business by ensuring your company has the most up-to-date technology to protect against a potential breach. Installing firewalls, anti-virus programs and anti-spyware programs on employees’ computers is a good first step.
But your efforts to protect your company’s data shouldn’t end at the office. With work from home programs becoming increasingly common, it’s also crucial to ensure any devices your employees are using remotely are protected. A virtual private network (VPN) should be set up, and employees working remotely should be required to use it to surf the web or access their email, rather than logging onto unsecured public networks.
Create and refine your incident response plan
Even after taking every possible precaution, a cyber attack could still occur. That’s why it’s important to have an incident response plan in place. That way, if your business suffers from a cyber breach, you’ll know exactly what to do. The plan should include details like who the specific decision-makers within your organization will be and any other notifications that must be sent out (eg. to users and affiliates).
Get cyber insurance
If your business should suffer from a cyber attack, the last thing any business owner wants to do is shoulder the financial burden on their own. Breaches can be pricey, and they can also affect your reputation. That’s why insurance specifically designed to help with a cyber attack is vital.
Cyber risk coverage doesn’t just help your business through the event, because consequences from the breach can last for some time. On top of regaining access or recovering lost information, your business may also face things like network repair, legal claims, and public relations services to help restore your reputation and rebuild trust among customers. With such far-reaching consequences, getting your company back to business as usual can take days, weeks, or even months.
To learn more about the cyber risk coverage Federated offers, visit our cyber risk insurance page today!
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.