One of the biggest questions we get from clients and prospects is “What can we do to protect ourselves from cyber attacks?” It is a sensible concern. A cyber attack that freezes operations or seizes data can ultimately shut a company down for good. There are some basic, simple things you can do to protect your company and there are more sophisticated tools available. In this blog, we look over a spectrum of 4 things you can do to improve your data security, from the simple to the high tech.
1. Employee training – It may seem so simple, but training your employees on an ongoing basis about their role in cyber security may be the best thing you can do. Why? Because well-meaning people do things when they get near a computer that can be very risky.
Simple things like forbidding the use of external storage devices being brought to the workplace. One of the more notorious data breaches occurred because a subcontractor employee–who had access to a large corporation’s IT infrastructure–found a thumb drive in the parking lot and plugged it in to see what was on it. Beyond that, simple phishing scams are still very effective at tricking people into opening nefarious websites. Ask your MSP for guidance on creating ongoing training programs that explain phishing scams and similar tricks and instruct everyone how to avoid them. Do it on a regular basis. It is easy to forget and let your guard down.
2. Software updates – This one is also basic, but it carries a lot of value. Each time you receive a notice about a software update, stop and do it then. Don’t put it off until tomorrow. These updates not only provide new, improved features. They often provide fixes to vulnerabilities in the software or address threats and viruses that have developed.
3. Zero day alerts – Zero Day alerts are kind of like a neighborhood crime alert. You are busy running your own company and your time is not spent tracking the latest threats developing out there in the cyber world. Your MSP may offer text or email alerts about new threats and how to protect yourself from them.
4. Finally, there is a more complex, after the fact, security precaution you can take. Cyber insurance. Cyber insurance may be able to cover some or most of the losses incurred as a result of a security breach. It won’t defend your data proactively, but, should the worst happen, it may provide protection against loss revenue and damages. Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. In a growing number of commercial policies, they are specifically excluded. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party. However, there are some pretty deep weeds to get into when looking for a cyber insurance policy. Just for one example, some policies may create requirements and security standards you must meet before an event will be considered a covered loss. A Managed Service Provider can offer guidance into whether this is an avenue to explore.
So there you have it. You have to protect your organization from the threats and consequences of data losses due to a security breach.