Working from home? Deploy these steps for cyber security and data protection
- During the COVID-19 shut down and work from home status for most businesses, employers’ networks are significantly more vulnerable to cyber attacks.
- Entry into your network could be as simple as one employee clicking on a phishing email.
- 51 percent of data breaches are from criminal acts; 25 percent from system glitches; 24 percent from human error.
- Learn ways you can shore up your cyber security and protect your data.
Cyber criminals are nothing if not fast adapters. While we’re all still getting misspelled and grammatically incorrect emails that are obviously poor phishing attempts, the pros have gotten much savvier. And now that we’re working from home, our home computers – let’s face it – are not nearly as secure as our work computers. That makes us wide open to ploys that attack our cyber security and data protection.
These attacks won’t just compromise a single computer – not if your employees are connected to their work email or any shared programs. Potentially, the entire network is compromised.
Learn more: Download our free Sales Prospecting eBook here.
It takes an average of 279 days for organizations to identify and contain a breach, according to Ponemon’s 2019 Cost of Data Breach Report. Lost business was the key contributor to data breach costs, due to lost customer trust. Those costs not only occurred in the first year of the data breach, but in years two and three as well.
However, the same report found that just 51 percent of data breaches are caused by malicious or criminal acts. System glitches (defined as breaches caused by technology failures) caused 25 percent of data breaches. The remaining 24 percent were caused by human error. Notes Security Intelligence, “While much attention in the security world is placed on malicious attacks, it’s worth noting that breaches caused by system glitches and human error can have consequences that are just as serious.”
While it’s true that criminal attacks accounted for just 51 percent, they also were the most expensive, costing 27 percent more than either human error or system glitches.
“Factor in additional expenses such as regulatory compliance, attorneys’ fees, technical investigations, and loss of customer revenue and relationships – and ancillary costs associated with cyberattacks can quickly compound for a small business,” says a CNBC article. All too often, that leads to putting many of them out of business.
Related: Insurance cyberattacks, data breaches and your agency, part 1 and Cyber protection: How to guard your insurance agency against attacks and data breaches, part 2
Sobering cyber security statistics
Here are a few more statistics on cyber security and data protection that existed before our current work-from-home-on-your-own-computer status. These should help increase your sense of urgency in evaluating your systems for vulnerabilities and ramping up your employee training:
- 54 percent of small businesses think they’re too small for a cyberattack.
- 54 percent of small businesses don’t have a plan in place for reacting to cyberattacks.
- Within the past 12 months, more than half of all small businesses experienced a data breach.
- 67 percent of cyberattacks are aimed at small businesses, while just 14 percent are prepared to defend themselves.
- The average amount stolen in a cyberattack on a small-to-medium-sized business is $879,582. The average amount spent getting business back to normal is an additional $955,429. (Yes, this seems unbelievable, so check out the source: https://securityintelligence.com/20-eye-opening-cybercrime-statistics/)
- These attacks continue for an average of 101 days before being detected.
- 65 percent of small businesses failed to act following a cyber security incident.
- 60 percent of small businesses that are victims of a cyberattack go out of business within six months.
Our Advantage BOP and Package offer cyber enhancements. Talk with your marketing rep for details.
Strategies to enhance your cyber security and data protection
Have you trained employees on the latest phishing and ransomware attempts? Does your company have a plan in place to protect, detect and shut down cyberattacks? We’ve compiled tactics, tips and warnings from multiple sources to provide you with a list you should consider.
Ransomware and other malware
Ransomware is defined as malicious software that holds accounts/networks hostage until large sums of money are paid.
“The harsh truth about the emerging risk of ransomware is that it’s really a people problem,” said a recent Property Casualty 360 article. Yes, ransomware programs are very sophisticated, continually seeking new ways to exploit cyber vulnerabilities, but it all comes down to this: cyber education. Training your people to recognize the attempts, or at least send them on to your IT professional to let them judge if it’s malicious or not.
Verizon says 92.4 percent of malware is delivered via email, in the form of
- A bill or invoice
- Email delivery failure notice
- Package delivery
- Legal/law enforcement message
- Scanned document
And most of these attachments are malicious Microsoft Office files, which typically make it through email filters.
During the coronavirus pandemic, data and map images, purportedly from the Centers for Disease Control and the World Health Organization with links that look like they are connected to legitimate news sites, are increasingly being used as bait by cyber attackers, according to a Business Insurance article. Right now, coronavirus phishing scams and fraudulent websites are abounding.
Consider these mitigation tactics
Here are a number of high-tech and low-tech strategies for you to consider for cyber security and data protection, from a variety of resources:
- Change your mindset. Rather than assume you’re too small to be attacked, assume you are a target.
- Talk with your agent about cyber coverage, needed more now than ever.
- Don’t have tech resources in-house? Identify a provider to help you conduct a risk assessment, identify cyber threats, develop an incident response plan and implement countermeasures to mitigate high probability threats.
- Install and regularly update your anti-virus, network firewall and information encryption tools that search for and counteract viruses and harmful programs; guard against incoming network or denial-of-service attacks; and keep sensitive information safe.
- Back up your data daily and create duplicates in files that can be retrieved in the event of system compromise or ransomware.
- Protect any physical storage disks, particularly if your place of business is shut down and the disks are located onsite.
- Deploy secure and sophisticated hardware that’s password-protected and backed up by 2-way authentication.
- In particular, use multi-factor authentication (requiring multiple checks and approvals) before authorizing any major, uncommon, irregular, or allegedly time-sensitive requests.
- Routinely scan and monitor any device that’s connected to a computer system or network.
- With the help of your IT professional, conduct ongoing vulnerability tests and risk assessments on computer networks and applications to seek out and address possible points of failure before they arise.
- Consider implementing artificially-intelligent cyber analytics tools to scan networks, user accounts and applications to determine what passes for normal behavior, and auto-detect and immobilize suspicious activities before they spread.
Employee access and training to enhance your cyber security and data protection
- Only provide employee access to the files, folders or applications needed for them to perform routine on-the-job tasks.
- Provide work-at-home employees with increased security protection that you can buy in bulk from such protection services as McAfee.
- Provide regular, up-to-date training for employees at least every 90 days on the latest online threats and trends in cybercrime.
- Instruct staff regarding dangers of clicking on unsolicited email links and attachments, and the need to stay alert for warning signs of fraudulent emails.
- Create teaching drills and exercises grounded in real-world scenarios to test employees’ ability to detect scammers and respond appropriately to fraudulent requests.