You’ve probably seen this kind of headline a lot lately — “(Fill in the blank company name) computer network hit by ransomware attack.”
Honestly, by now, you may have even become a bit immune to the headlines, and that’s understandable. It’s kind of like having cyber fatigue. I know I have it, but here’s the thing — we can’t ignore the issue, so I encourage us all to hold strong and prepare!
Importance of Cyber Risk Management Strategies
Risk is inherent in everything we do. You can choose to avoid, control, retain, or transfer the risk — all of those are acceptable cyber risk management techniques. Notice I didn’t use the word ignore, though. In fact, “ignore” does not address the risk and is not a risk management strategy.
Now you may be saying, “Great, I’m on board, but I have limited resources, so what can I actually do to keep my organization safe?” Well, I have a few “HELP”-ful suggestions that will have a positive impact on protecting your company from a cyber loss that does not cost a lot.
How
How do you protect your company from cyber loss? Here are 5 easy steps to get you started:
- Establish a culture of security, as every employee will be your front line of defense
- Train your employees on how to recognize phishing (social engineering) attempts
- Establish easy protocols for employees to report suspected phishing attempts
- Empower your employees to recommend procedures to reduce risk in their day-to-day work environment
- Reward good behavior
Establish
From there, you’ll want to establish:
- Dual controls for wire transfers
- A requirement that any changes to payment instructions are voice-verified at a pre-established number
- Processes to limit access to your computers and network components for those who need access
- Protocols to implement software patches as soon as possible
Leverage
This step is where you start using the resources available to you — your bank and cyber insurance policy.
Ask your bank to assist with audit and/or suggestions for changes to your wire transfer protocols, and use the free resources available through the Federal Trade Commission (FTC), Small Business Administration (SBA), and your cyber risk insurer.
Additionally, if you have purchased cyber insurance, use the free services offered to policyholders.
Plan
Lastly, plan, plan, and plan again. You can do this by backing up your data and storing it separately in a secure location, encrypting your back-up data, testing your data back-up, creating an incident response plan, and testing your plan through a “table-top” simulation.
Work with Specialists
So, there you have it. Start with the HELP plan, then I’d recommend working with your Information Technology (IT) specialists to implement tools such as multifactor authentication (MFA) and/or an Intrusion Detection System.
You can also reach out to our teams at Holmes Murphy and CSDZ. We have cyber risk experts on hand to help you!
Lastly, congratulations! You took the first step in building a better defense against cyber criminals simply by reading this blog. Cheers to making our systems more secure!