Don’t take the bait: recognize and avoid cyber attacks
Cyber risk is a threat to companies of all sizes. The ever-changing cyber landscape makes it increasingly difficult to ensure your safety online. Smaller businesses are continuing to be targets for cyber attack, with a recent report from Coalition showing there has been a 57% increase in attacks on companies with under 250 employees.
Ransomware and email compromise are still the most prominent and most concerning forms of cyber attacks. Cybercriminals are doing a lot more damage and are capable of much more than they used to be. Phishing emails, which often contain malicious links or attachments, can be very cleverly executed. The compromise of a single email account could give hackers access to your entire business network.
Don’t let your business fall prey– business owners and risk managers from all industries should be proactive in understanding your risk profile and taking steps to reduce the cyber risks your business is exposed to. Time dedicated to cyber prevention in the coming weeks and months could save you from much larger consequences in the future.
Prevention
Learn how to spot suspicious emails
- Verify that the sender’s email address has a valid username and domain name.
- Check for spelling errors in the sender’s email address and in the message body, for example having numbers or punctuation in place where a letter should be.
- Check the tone of the email – does it sound demanding or too good to be true?
- When in doubt, report and show the email to IT or the security team at your company.
Regularly update operating systems and third-party applications
- Keep up to date with the latest software updates for all the applications that you use. Outdated or unsupported software creates easy vulnerabilities for cyber criminals to take advantage of.
- Configure every application you can to update automatically.
Offline backups
- Regularly back-up all important company files and store these backups in a safe place that is offline such as an encrypted external hard drive.
- A comprehensive cloud-based backup system is also a viable backup method, as long as your backups are stored separately from the rest of your digital operations.
For more in-depth tips on prevention, see our blog post on education and training tips.
Recovery
Practice your recovery steps
- Running a simulated ransomware attack will help you practice your recovery procedures so that you will be more prepared if you ever find yourself in the real situation. The more you practice the better you will become at identifying potential weaknesses and learning the best way to respond.
- Have a written or printed out plan of key contacts and how you will respond in the event of a cyber attack.
Proactive communication during incidence response
- Take control of the narrative and own what has happened before someone else does.
- Be transparent about how your company has responded to the attack, how you are protecting your customers and stakeholder’s data, as well as what measures you plan to take to prevent an attack from happening in the future.
- Talk about any security and technology enhancements that you’ve added after the breach.
Have a notification plan
- Have a notification plan in place for how you will inform your customers, partners, employees and other relevant stakeholders. Your legal liability and reputation are at stake, so it is important to distribute thoughtful and thorough information as quickly as possible.
Having Cybersecurity Insurance can be beneficial in managing risks and controlling the level of impact after a breach. Due to the ever-increasing number of cyber attacks, insurance companies are reducing coverage options on cyber policies. You can expect higher rates in industries that are at an increased risk of cyber attack including healthcare, finance, retailers, education, manufacturing, construction and non-profit organizations.
If you’re interested in exploring your options for cyber protection for your business, submit an application through our online quote system to get started today or call 1-866-387-FUSE (3873).