Last month we discussed how cyber liability exposures are typically not included in commercial insurance programs . . . see our blog post on our website.
SO — What are Steps You can take to control Cyber Risks:
1. Invest in virus protection, malware and internet security software.The worst mistake a business can make regarding its cyber protection is not having any at all. A robust security solution is a must-have for any small business. Set up schedules for virus and malware detection software to run at regular intervals.
2. Segregate your Computers into high, medium and low security groups. Have your sensitive files and sensitive software programs, like accounts payable or accounts receivable systems on computers different from your company email accounts and mail servers.
3. Regulate employee’s use of work computers. Data breaches often occur when employee’s unknowingly download viruses or install unauthorized software. Additionally, check your employee’s password strength or set rules in your software to require certain strength passwords and require new passwords a frequency like 30, 60 or 90 day intervals..Also set “Automatic Update” preferences to update employee used software automatically.
4. Screen your vendors closely. If you provide your vendors or any third-party services with access to confidential data, research their policies carefully to make sure that they comply with security best practices. Even if a vendor causes a data breach, customers are still likely to blame your company if they provided you with their information.
5. Destroy before disposal. Shred paper files with private information you no longer need before disposal. Destroy disks, CDs/DVDs and other portable media before disposal. Deleting files or reformatting hard drives does not erase your data. Instead, use software designed to permanently wipe the hard drive or physically destroy the drive itself. Also, be aware of photocopy machines, as many of these scan a document before copying. Change the setting to clear data after each use.
6. Buy a Cyber insurance policy. One important non-software solution that many small businesses overlook is cyber insurance. Your general liability policy will not help you recoup losses or legal fees associated with a data breach, so a separate policy covering these types of damages can be hugely helpful in case of an attack. Small businesses often assume cyber insurance policies are only designed for large companies, because those businesses are the most frequent targets of hackers. But many insurance carriers are now offering tailor-made cyber coverage for smaller businesses to meet their budgets and risk-exposure levels.
7. Install tracking software or Lo Jack on all company issued mobile devices. Cell phones and laptops can have software installed that allows you to “Lock a Device,” “Locate a Device” or “Destroy Data” on the device if it is lost or stolen. Some software vendors even have recovery services staffed with former law enforcement personnel that will go and get.
8. Have Company “Best Practices” for subscribing to business websites, publications and have a “Password Management” program so employees can create strong group passwords for shared sites and provide access to all employees whom need access.
9. Purchase a Commercial Firewall and configure it to restrict usage. Firewalls come as either hardware or software which can be added to a network or individual machine. Hardware comes with advantages that it applies to the entire network for which devices are attached and allows the owner to configure it to restrict access to “types” of website or domains outside the united states.
10. Key software backup considerations should include: Electronic data should be automatically backed up with m ore frequent backups for systems storing critical information; backup software and applications off-site so they can be readily reloaded into replacement equipment; A copy of your organization’s web site should be maintained.
It is important that businesses understand the risks they have as well as steps they can take to reduce their exposure, including relevant statutory obligations as they choose to “self-insure” their risks or choose to purchase insurance coverage to aid in covering their risks.