Is your business Cyber Risky?

By Andy Taylor, Lead assessor at APMG International.

  • 8 years ago Posted in
In light of the rapid increase of cybercrime against individuals and businesses alike, it’s no wonder that we have seen the emergence of cyber insurance products. For SMEs it provides protection from Internet-based risks and, more generally, from risks relating to information technology infrastructure and activities.

 

If you hold sensitive customer and employee data, such as names, addresses or banking information, are reliant on computer systems to conduct your business, have a website, or are subject to a payment card industry (PCI) merchant services agreements, then you should be protecting your data, which could be compromised in the event of security breaches e.g. due to hackers, computer system failure or breach of data protection.

 

There are a number of risk management and risk transfer strategies that can be undertaken to minimise the exposure to cyber-crime:

 

·        Identify and understand the risks - understanding the exposure of the business enables a number of bespoke precautions to be put in place such as; a business security plan, the encryption of sensitive data, secure and hide wireless networks, install and maintain anti-virus software and firewalls, restrict employee usage of non-business related web sites and carry out daily backups of data.

 

·        Plan ahead - Business Continuity Planning (BCP) identifies potential threats to the business, evaluates the threats and determines the action required to minimise the effect that any resultant losses will have on the business.

 

·        Risk transfer - Many traditional liability and business interruption insurance products do not address the full range of risks associated with e-commerce and the Internet. A Cyber Liability policy will fill the gap in the protection of your business by including your own losses (first party) and third party losses (claims against the business by others).

 

Insurance is an important aspect of cyber risk management, but simply buying any cyber insurance product won’t do. Mark Brannon, Sales & Broking Director, Towergate Insurance Brokers advises, “Cyber-crime is a growing problem which small businesses need to take seriously and there are some simple measures companies can take to help prevent becoming a victim of a cyber-attack, or at the very least, mitigating any potential losses that do occur. It’s key to remember that not all cyber policies are alike, which means that it’s important to speak with a broker who can help to tailor the right product.”

 

Whilst insurance offers SMEs some peace of mind as they carry out their business activities within a constantly evolving cyber landscape, the first step to take is prevention. We spoke to Towergate, given their experience within the SME sector, to find out what risk management measures businesses are taking to lessen the chances of data being breached - here are some of the basic steps that can be taken:

 

Keep software updated: Download software and app updates as soon as they appear. They contain vital security upgrades that keep your devices and business information safe. Many instances of hacking have relied on businesses not staying updated with software patches.

 

Make passwords stronger: Use strong passwords made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger. You could also consider using a password generator. Why not develop a company policy on strong password practices?

 

Be vigilant with emails: Delete suspicious emails as they may contain fraudulent requests for information or links to viruses. Unsolicited emails often contain attachments or hyperlinks (particularly shortened links); many phishing attacks attempt to trick you into opening a file loaded with malware or to visit a site which runs malicious scripts on your computer

 

Install anti-virus software: Your computers, tablets and smartphones can easily become infected by small pieces of software known as viruses or malware. Install Internet security software like anti-virus on all your devices to help prevent infection. Don’t settle for free or ‘lite’ versions but go professional; spend a little bit of money, it’s a wise investment.

 

Train your staff: Make your staff aware of cyber security threats and how to deal with them. For example, the Government offers free online training courses tailored for you and your staff that take around 60 minutes to complete. You can encourage staff by holding learning sessions – lunch and learn for instance. Most staff-related security issues are based on ignorance, not malicious intent. Assume staff don’t know all the answers and give them an environment in which to learn.

 

Manage administrator privileges carefully:  Avoid using an account with administrative privileges for normal day-to-day activities and web browsing. Accounts with lower privileges warn you if a programme tries to install software or modify computer settings thus allowing you to decide whether or not the proposed action is safe.

 

Don’t store credit card data on servers: Into e-commerce? Consider using somebody like PayPal to handle payment processing and avoid the need to access customer’s credit card details. Let your servers work for other parts of the business and let somebody else deal with the financial transactions.

 

For further information on SMEs and cyber security please look at this infographic.

 

By Barry O'Donnelll, Chief Operating Officer at TSG.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Milou Lammers, Director of Compliance, iland.
By Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business at...
By Michael Queenan, co-founder and CEO of Nephos Technologies.
By Tawnya Lancaster, Lead Product Marketing Manager, AT&T Cybersecurity.
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten...