How to Reduce The Risk of a Cyber Attack
In this blog post on “How to Reduce The Risk of a Cyber Attack” – a good starting point is specialist insurer Beazley’s “Steps to Protect Against Ransomware,” which applies to most types of cyber events. Beazley advises:
- Start with a risk assessment. Addressing risks starts with identifying what they are, where they are, and how severe the consequences are.
- Email content and delivery. Enforce strict Sender Policy Framework (SPF) checks for all inbound email messages, verifying the validity of sending organizations. Filter all inbound messages for malicious content including executables, macro-documents and links to malicious sites.
- Manage access effectively. Ransomware doesn’t have to go viral in an organization. Put in place appropriate measures for general user and system access across the organization: privileged access for critical assets (servers, endpoints, applications, databases, etc.) and enforce multi-factor authentication (MFA) where appropriate (for example remote access/VPN, externally facing applications).
Back-up key systems and databases. Ensure regular back-ups that are verified and stored safely offline. Use strong, unique back-up credentials, and secure them separately. Test backups to ensure restoration from them.
- Educate users. Most attacks rely on users making mistakes. Train users to identify phishing emails with malicious links or attachments. Regular phishing exercises are a great way to do this.
- Patch systems and applications. Conduct regular vulnerability scans and rapidly patch critical vulnerabilities across endpoints and servers – especially externally facing systems.
- Secure remote access. Do not expose Remote Desktop Protocol (RDP) directly to the Internet. Use Remote Desktop Gateway (RDG) or secure RDP behind a multi-factor authentication-enabled virtual private network (VPN).
In the aftermath of these breaches and other cyberattacks, companies have been left in financial ruin as they are forced to pay for recovery efforts while simultaneously suffering damage to their reputation. Cyber liability insurance can help protect against many types of cyber-related risks such as data breaches or malware attacks that may compromise your company’s information systems—even if you don’t think it’s at risk.
Cyber liability insurance is a perfect solution for small businesses that may not have the resources to invest in cybersecurity measures on their own.
If you’re looking for new coverage, talk to your provider about cyber liability insurance – and don’t forget to ask them what types of attacks they cover!
Smart companies with data-driven operations should be prepared against these ever-increasing threats; effectively safeguarding themselves from breaches or other disruptions can help ensure business continuity. For more information, contact Mark Densmore – Densmore Insurance Strategies, Inc. 515-967-3390
