Recently, Intivix founder Rob Schenk teamed up with CAL Insurance President Joe DeLucchi for the first in a three part cyber security webinar series. This installment focused primarily on the financial risks associated with the increase in cybercrime activity, and the steps small and mid-sized businesses can take to avoid becoming a victim.
Since all of these goals are financial, businesses and individuals alike need to be wary of hackers. There are three big hacking myths that need to be dispelled in order to keep both you and your business safe. The first myth is the assumption that if you or your business were to be hacked, your bank would make you “whole” again. Unfortunately, this is false. Unless you catch an unauthorized transaction as soon as it happens, it’s highly unlikely your bank will do anything to help you, regardless of the circumstances.
To avoid ending up in this position in the first place, it’s recommended that you have a dedicated PC for all of your business’ financial transactions. Your accounting department should have a system that is for this one specific type of use only, and any other online activity from web browsing to checking your email should be done on another system. This greatly reduces the chances of your business’ banking and financial information being compromised.
Consider putting a policy in place that requires your personal signature for any and all wire transfers. This can keep well-meaning employees from falling victim to phishing or social engineering scams. These scams are designed to steal funds from a business by having a hacker pose as the CEO or CFO, and send an urgent email request to have a potentially large sum transferred to another account. If the targeted employee has to contact you directly for authorization, you can save your business from losing thousands of dollars.
Because threats like this exist, it’s important to consider Cybercrime Liability insurance for your business. Social Engineering coverage can be available as part of a main policy, or as additional coverage.
The second myth that could be putting your business at risk is the belief that Macs are immune to hackers. This may have been true five years ago when 90% of PC usage was Windows-based, but as Apple products have gained in popularity, hackers have continued to do what they have always done; follow the money. Now, iOS programs and devices are just as vulnerable to hackers as Windows programs and devices.
Regardless of which programs, platforms, and devices your business uses, it’s crucial to keep your antivirus and antimalware software current with the latest patches and updates. Both Microsoft and Apple release updates routinely to handle flaws and vulnerabilities.
The third – and potentially most dangerous – myth is that small businesses simply don’t have anything worth stealing. Many small and mid-sized businesses believe that they are not worthwhile targets just because they aren’t a Fortune 500 company. But every single business, regardless of size, has data. And all data is valuable. Hackers will always seek out an easy target, and the complacency and lack of security common to smaller businesses makes them low hanging fruit.
Hackers use automatic tools to search for easy marks, and if your business is relying on bare bones network security, you could very quickly wind up in a cybercriminal’s crosshairs. Half of all cyber attacks are leveled at small and mid-sized businesses. These attacks rarely make headlines, but they do happen. A number of these businesses don’t even realize they’ve been hit, and the ones who do keep quiet out of fear of damaging their reputation, or facing legal ramifications.
The average cost to a small business for each stolen record is $201. And that figure doesn’t take into consideration the hidden costs associated with a data breach, such as reputational damage, loss of clients, class-action and individual lawsuits, legal fees, compliance lawsuits and non-compliance fines, data replacement costs, and profit loss due to downtime and loss of employee productivity. While a Cyber Liability policy can help with some of these costs, its only part of the solution.
Prevention is where your focus should be. And that starts with your employees. Human error is the cause of a vast majority of security failures. Mandatory regular cyber security training for all employees can help reduce your business’ risk. The goal should be to elevate the base security awareness of your entire team. If your first line of defense knows how to handle themselves in the face of threats like phishing scams, your business will be much better off. Your IT provider may even be able to test your staff with fake phishing attempts to gauge their reaction, and give you an idea of where improvements still need to be made.
Beyond employee training, investing in Unified Threat Management (UTM) that offers layered protection for your entire IT infrastructure is critical. This is especially important if you are considering Cyber Liability insurance, as the requirements for coverage are much different than they have been in recent years. Simply having a firewall and an antivirus program just does not cut it anymore.
Ongoing monitoring and maintenance of your key security systems by a trusted IT service provider can help your business manage necessary updates and patches, as well as provide added support for your data backup system. Comprehensive and redundant backups are vital to the security of your important data, especially in the event of something like a ransomware attack.
You should also take steps to ensure that none of your employees are using an Admin account as a daily use account. An Admin account is required to make changes to a system, but also gives infections the ability to self-execute and spread throughout your network through shared folders and public files. For that same reason, you should be taking steps to ensure that personal computers or devices that are being used by employees to access your network remotely are doing so safely. Any compromised device that has access to your network can easily infect your entire network. To guard against theft, you should have the ability to wipe sensitive business data from lost or stolen devices.
With the level of risk businesses are facing today, layered protection provided and maintained by a knowledgeable and experience Managed Service Provider can make a huge difference for your business, allowing you to stay one step ahead of cyber threats.
The best way to keep your business safe it to talk to your IT provider and figure out where your business stands when it comes to cyber security. Have a threat assessment completed, and find out where your security measures are lacking. This assessment can also help to ensure that your systems are being backed up effectively. Create an action plan to correct any problems raised by the assessment, and take the time to look into Cyber Liability insurance offerings. Not all policies are created equal, so consider your options carefully.
Want to learn more about the steps you can take to protect your business from cybercrime? Contact us at firstname.lastname@example.org or (415) 543 1033 . We’re the IT professionals businesses in San Francisco trust.