Cybersecurity: Who’s in your computer?

By Michael Duffley
It seems like every day we read another headline about a cyber attack or data breach. Cybercrime is a very real threat facing any company today. In their 2017 “Annual Cybercrime Report,” Cybersecurity Ventures predicted that global cybercrime damages will top $6 trillion annually by 2021. These damages include destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, and post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. Businesses that aren’t addressing these real and growing threats expose themselves, their employees, their vendors, and their clients by not following best practices and insuring their risks properly.
Keep this in mind – the hackers, whether they are a lone wolf operating independently or more organized groups of individuals, are expecting a return on their investment. They are spending time and resources working to develop better schemes and more effective protocols in order to improve their success. This is a business to them, complete with planning, strategy, areas of expertise, and growth.
Business owners must treat their defense against these threats with the same level of seriousness, know and implement the most common threats and the best practices to prevent and avoid an attack. And in case you do suffer an attack, protect the business with proper insurance coverage. All business owners should be aware of the developments around cyber attacks. The first step is consulting with your risk management or insurance partners for guidance and education around what your risks are and how to prevent and protect against them.
According to research from Symantec, worldwide ransomware attacks increased by 36 percent in 2017. The report also found that emails are being increasingly used by hackers, with an estimated 1 in every 131 emails containing malware. Depending on how many emails your organization receives, that could mean multiple exposures to malware on a daily basis.
Furthermore, a study done by Panda Security concluded there are more than 230,000 new malware samples produced every day, and this is predicted to rise. The study estimated that Trojans were the main source of malware, being responsible for more than 50 percent of all malware.
So what can you do to minimize your risk? Aside from the usual security advice of using strong passwords, avoiding the use of the same password for different sites, refraining from clicking on strange links in emails, these are some of the best practices for individuals to adopt to prevent an attack:

1. Download a password manager, such as Keeper, Dashlane, or LastPass.
2. Use a VPN.
3. When clicking links in an email, hover over the link to make sure the address matches the URL you’re trying to visit.
4. Make your social media accounts private. As a business, there is even more you can do to minimize the risk of an attack:
5. Establish security practices and policies to protect sensitive information.

Create policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’ cybersecurity policies.

2. Educate employees about cyberthreats and hold them accountable.

Ensure that your employees are aware of online threats and how to protect your business’s data, including safe use of social networking sites. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.

3. Employ best practices on payment cards.

Work with your bank or card processors to ensure that the most trusted and validated tools and antifraud services are being used. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet. Also, October 1 is the deadline set by major U.S. credit card issuers to be in compliance with the transition to safer, more secure chip card technology, also known as EMV.

4. Control physical access to computers and network components.

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

5. Create a mobile device action plan.

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment. The most effective way to manage cyber attacks is by utilizing the right preventative methods, having a disaster recovery plan, and putting insurance in place that will help cover the losses associated with a cyber attack.