You arrive at your office and you sit at your work station ready to tackle the day ahead. You turn on your computer and launch your email browser. You then start checking emails. One email from a familiar sender catches your attention. You open the email and the message prompts you to click on a link. You do so reflexively and without realizing the danger you just unleashed on yourself, and your organization.
The link you clicked on leads nowhere. You think nothing of it. The email is deleted and you move on only to realize later that you HAVE BEEN HACKED.
The ransom demand arrives via email. “Pay $50,000 within 48 hours, or lose your data forever. Failure to pay the $50,000 ransom will result in the destruction of your company’s data (destruction of the network? No!) and network.”
These types of cyberattacks happen more often than we care to admit. The U.S. National Cyber Security Alliance found that of all the small businesses hit with this type of attack, 60% fall prey and are out of business within six months of the attack. It has been estimated that one in 131 emails contain malware. A careless or disgruntled employee might give out a password and user ID to a cyber-criminal, or a stolen device might permit someone to drill into your network and steal your trade secrets, customer files, or other priceless data.
Fortune 500 companies are not immune to cyberattacks. Target, for instance, had to pay over $100 million because of a major data breach. Sony, Home Depot, Kmart, Yahoo, eBay, just to name a few, are all feeling the financial sting of such attacks too.
The financial ramifications are staggering and the damage to a company’s reputation may be irreparable. But the good news is you have time to review and implement policies to help safeguard against the inevitable cyberattack at your company. Here are four tips that will help prepare you and your business for a cyberattack.
1. Inventory and Train
Companies will need to invest in proper training for their employees and implement appropriate internal safeguards and systems to be prepared in the event of a breach. Network firewalls and intrusion detection software are vital. A strong user password and authentication protocol is also essential, as well as limiting employee access to the company’s most sensitive information. Education and training programs should include cyber safety tips, like avoiding logging in through an unknown wireless network or inserting a stranger’s thumb drive into a company’s laptop.
2. Secure Points of Entry Including Mobile
Laptops were the “in” device when I started working as an attorney years ago. But we could only use them to access our firm’s hard drive while plugged in at the office. That is not the case today. Technology has evolved to the point that many of us have multiple devices that can access our work stations and data from just about anywhere in the world. But that access creates openings for cyber-hackers to attack. A lost smart phone or laptop could give a criminal access to one’s confidential, work-related data. Or the security protocol associated with access to a company’s confidential data using a smart phone may be non-existent to the point of inviting cyber-hackers to just walk in and steal your data. Therefore, companies will need to secure all of their data entry points and that includes mobile and remote access entry points.
3. Back Ups
The importance of backing up your data on a regular basis cannot be emphasized enough. Being able to tap into and gain quick access to a back-up is vital to allowing your company to pick up the pieces following the events of a cyberattack or other data loss.
4. Cyber Policies
Companies can’t afford to ignore the need to purchase specific cyber-insurance to guard against the financial implications of a cyberattack. While current GL policies may offer some form of cyber-security insurance, it is likely not enough. Specific cyber-security insurance should be purchased. Specific insurance coverage for cyber-attacks should be a vital part of any company’s long term cyber-security plan.
Moreover, your company should implement detailed security policies and procedures to establish secure points of entry and data usage. These policies have two important benefits. First, they help lower the risk of a cyberattack. Second, they establish a solid foundation for an insurance claim in the event of an attack.
Because cyber threats will continue to evolve as criminals become more sophisticated, security professionals will never be able to provide 100% protection. Therefore, businesses will increasingly need to incorporate cyber insurance into the risk management and risk mitigation programs.
Please feel free to contact me if you feel as if you need an evaluation performed regarding your current data policies and help assessing the financial ramifications of a cyberattack on your business. Such an event could result in crippling ramifications to your business. So the time is now to act and plan to help you minimize the impact of such an attack.