10 Ways to Protect Your Business from Cybersecurity issues

Whether you run a massive corporation or you are self-employed, cybersecurity is very important.

As our dependency on technology increases, making sure your business is cyber-secure is more important than ever. According to the Canadian Centre for Cyber Security’s National Cyber Threat Assessment 2020, “…cybercrime remains the most common threat faced by Canadian organizations of all sizes.”

The good news is many cyber threats can be mitigated through best practices and awareness. Get started on improving your company’s cybersecurity with these 10 cybersecurity best practices for business.

1. Usage policies

A usage policy outlines how your employees, consultants, board members and other stakeholders use work devices and manage information. Everyone plays an important role in a company’s cybersecurity; a policy can help your staff understand how to avoid data breaches and cyberattacks.

At minimum, your usage policy should detail what are acceptable and unacceptable uses of internet and company devices, who this policy applies to, the company email and password policy and disciplinary actions that will be taken if misused. As an employer, it is your responsibility to ensure this policy is transparent and easily accessible to all employees and stakeholders.

2. Password policy

While a password policy should be included in your usage policy, we think this is worth its own point. Your password policy should state requirements for creating passwords within your company. At minimum, it should include changing passwords from the default, strengthening passwords, using different passwords for different platforms and changing them every couple of months. A strong password includes one that is at least 8 characters, at least one number and symbol, and a mix of lowercase and uppercase letters.

When choosing a password, the Canadian Centre for Cyber Security instead recommends creating a passphrase – a phrase with assorted words, with or without spaces.

3. Reduce administrative access

Keep administrative access restricted to only a select number of individuals in your company. This can lower the incidence and potential impact of cyberattacks.

4. Data backups

If your company is victim to a data breach or cyberattack, having a data backup is critical. You should regularly backup your data and store in a secure and encrypted location (online or physically). If any data is lost, you can recover a copy of it.

Data can easily be lost through human or technology error, natural events, or due to a cyberattack such as ransomware.

5. Software updates

As cybercriminals are constantly adapting, devices that are not regularly updated have a higher chance of a cyberattack occurring. Regularly update your operating system, anti-virus and firewall to protect against new threats, like viruses. Some systems will automatically detect when updates are available.

6. Employee training

You and your IT department shouldn’t be the only ones with cybersecurity knowledge. Staff should be educated on potential cyber risks as well as company cybersecurity policies. This can help prevent cyberattacks.

Training should include:

• • How to recognize common cyberattacks such as phishing schemes, which may be accomplished through simulated attacks;
  • What to do in response to attempted or successful cyberattacks; and,
  • Company cybersecurity policies (including passwords, securing devices, et cetera).

7. Device security

In addition to good passwords, devices need to be secured both virtually and in-person, especially when dealing with sensitive information. This includes setting up computers with an automatic lock screen after a certain period of time. Training employees to lock their devices when leaving them unattended is also best practice, as well as “clean desk policies.” A policy like this prevents employees from leaving sensitive information on their desk, such as passwords written on a piece of paper.

Many companies will also require two-factor authentication (2FA) – especially when working remotely. This requires employees to enter their password then verify the login through a secondary system such as an authenticator app. For remote staff, having a VPN (Virtual Private Network) set up is important to protect data traffic.

8. Ongoing risk assessments

Creating policies and procedures is important but taking the time to assess your potential risks on an ongoing basis is a critical step in the cybersecurity process. Much like cybercriminals, your company should adapt to changing threats.

9. Response plans

Do you have a plan in place if your cybersecurity was breached? Having a written plan before an incident takes place can lessen the impact of a cyberattack. Your plan should include business interruption plans, a list of who may be affected (including third parties), detailed instructions for common incidents and key contacts within the company and their roles and responsibilities in an event like this.

Keep a detailed log of the incident and response if a cybersecurity breach were to happen. Incorporate lessons learned and effective actions taken into your response plan.

10. Insurance

No matter how sophisticated your cybersecurity, cybercriminals are adapting, and new threats are always emerging. Having a cyber liability insurance policy in place can give you peace of mind in knowing your business can recover in the event of a cyberattack, which could otherwise be financially catastrophic.

If your business experiences a cyberattack, cyber liability insurance can help with:

• • Financial loss – A cybersecurity breach can be very costly, involving IT forensics, data recovery, system repair, etc. Cyber policies will help cover financial losses.
  • Business interruption – Cyber policies may cover lost income if your business is forced to close for a period of time.
  • Loss or corruption of data – Most cyber policies will cover the expenses of recovering lost or corrupt data.
  • Privacy breach – Cyber policies will help cover liability expenses involving third parties’ (i.e. your customers’) confidential information being accessed, including notification costs.
  • Legal expense coverage – Following a cyberattack, your company could be sued by third parties/clients who have suffered financial loss from the attack.  Cyber insurance will cover legal costs to defend these claims.
  • Reputation coverage – A cyber breach can be devastating to a company’s reputation.  Cyber insurance can include costs to manage and mitigate this damage, including hiring PR professionals.
  • Cyber extortion – Ransomware is rapidly becoming the source of the most severe cyber claims.  Cyber policies can help cover loss from cyber extortion, including providing response expertise, negotiations, IT forensics and paying ransom demands.

Cyber liability insurance coverage will differ from market to market.  Contact one of our experienced brokers to review your cyber security needs and policy coverage or get a quote today. Learn more about cyber liability insurance and how to get a policy.