“Expect the unexpected.” It’s a long-running mantra by which many run their business.
As cybersecurity experts have predicted an increase in data breaches, the recent WannaCry incident which impacted 300,000 computers in 150 countries confirmed what many have feared: cyberattacks are not unexpected anymore.
Given the highly connected environments in which we work, cyber risk has become a top-of-mind issue. Since the Internet is now such an integral part of most operations, doorways to disaster have opened that never existed before. Businesses can spend millions of dollars on technology and software to protect themselves, but if they fail to invest time and resources in training their own employees, they may be missing a leading cause of cybercrime.
According to data security incident response reports, human error is the leading cause of data breaches. Some of the most prominent companies learned that all too well in the last calendar year, as costly mistakes by their employees left their business vulnerable to hacks. Unfortunately, by the time employees figure out that they’ve been duped, it’s often too late.
The most important line of defense — in addition to cyber liability business insurance coverage — is to educate employees about these threats and put in place protocols that help prevent attacks. These might include:
- Guidelines for employees to regularly change their passwords for their computer systems, accounting software, email, and other programs where sensitive information is stored.
- Establishing a standard framework for how information is shared throughout the company. Not everyone should have access to sensitive data, especially if it is not relevant to their job.
- A policy for how sensitive information is distributed. For example, bank or accounting information should never be shared via email or over the phone; all inquiries should be made in person.
- Guidelines to keep devices secure on business trips as traveling with devices increases vulnerability to a cyberattack. Back up your data before leaving, turn off Wi-Fi and Bluetooth whenever practical, and bring only the electronic devices that are necessary for the trip.
- A policy for identifying employees in the office. For example, all employees should wear badges that are shown when entering the office. If someone claiming to be an employee doesn’t have identification, he or she shouldn’t be let in until they can be identified. Visitors should also be identified.
- Safe document management systems and disposal services to keep sensitive information under lock and key so that prying eyes cannot get to it.
- Tests and exercises for employees. Following training, employees should occasionally be tested to ensure they understand typical social engineering and hacking scams and don’t hand out sensitive information. Businesses should consider using gamification for training exercises to present real-life scenarios to employees and test their response time.
We are all human; we all make mistakes. But there are dangerous people ready to take advantage of a simple mistake that can put an enterprise out of business.
For more information on reducing your company’s cyber risk, please contact us at 845-986-1177. We are your business, home, auto, and life insurance solutions provider, partner, and adviser, serving Warwick, Greenwood Lake, Florida, Goshen, Pine Island, Middletown, Chester, Monroe, Newburgh, Orange County, and the Hudson Valley and Tri-State Area.