When we talk about cyberattacks, people often think about a virus attacking an organization’s computer system — computers attacking computers. In reality, the threats in the digital world still come from people. From phishing to ransomware, there are many avenues for attack. Whether it’s accessing the data of your customers, manipulating employees to gain access to facilities or information, to impersonating a member of your organization to your employees or customers, cyberattacks are most often an attempt violate the security of people. When it comes to how companies protect themselves, their employees and their customers from the impact of a cyberattack, a focus on people is at the centre of any effective strategy.
There are three keys to a solid cybersecurity strategy: build, educate and protect.
1. Build.
Any threat that affects the confidentiality, integrity, or the availability of electronic information, is a cyber-risk to your business. Just as your office has security and fire systems, your digital infrastructure needs a protective network to guard against threats.
• Ensure you have a rigorously enforced password policy.
• Minimize the number of users with administrative privileges.
• Regularly view and update all security infrastructure.
• Ensure back-ups are routinely done.
• Perform regular internal and external vulnerability assessments.
• Implement a cybersecurity incident response plan to manage threats and breaches proactively.
2. Educate.
It’s seldom intentional, but your employees are your most significant risk when it comes to security. They have passwords, access and can unwittingly open the door to cybercriminals just by clicking a link.
Consider the way you train your employees in digital technology the same way you would teach them on workplace safety.
It’s a message that needs repeating – often. A typical person will remember 5 – 10 % of what they learned a month later, so you need to regularly teach and test your employees for them retain the information.
• Implement ongoing training, delivering and testing
• Break down important information into chunks that are easier to remember
• Query employees on their knowledge regularly and repeatedly
• Make it fun by incorporating games into the learning
3. Protect.
Despite the best in training and resources, many companies are still susceptible to cyberattacks. Cyber liability or cyber risk insurance is a specialized form of coverage to help offset the financial impact of a cyberattack.
This could include coverage for:
• Financial loss due to business interruption
• Theft or loss of mobile equipment, loss of digital assets
• Costs for privacy breach and cyber extortion
• Lawsuits due to loss of data regarding other parties
Working with a broker who is well-versed in cyber risk can help you to understand your overall business liability, identify possible risks, create a plan in case of possible cyberattack and suggest insurance coverage to manage any potential impacts.