Why Even Small Businesses Need Cyber Liability Protection
Do you think your business is so small that it is …
Social Engineering Fraud: a broad term describing scams in which a bad actor tries to trick, deceive and manipulate victims into providing confidential information and/or funds
Funds Transfer Fraud: refers to scenarios in which a bad actor obtains money based on false representations
Business Email Compromise: when a bad actor obtains access to a business email account and imitates the owner’s identity
Computer Fraud: the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system
A type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.
Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
Ransomware can be devastating to an individual or an organization.
A breach of security safeguards is defined in PIPEDA as “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards that are referred to in 4.7 of Schedule 1 of PIPEDA, or from a failure to establish those safeguards.”
“PIPEDA’s accountability principle provides that an organization remains responsible for the personal information it has transferred to a third party for processing.” Therefore, the principle organization is responsible for breach reporting if a breach occurs with the third party processor.
Technological integration and interconnected products (Internet of Things) are transforming our lives and the way we do business.
The smartphones we know today didn’t exist ten years ago. Thirty years ago, people didn’t even own computers!
In today’s world we’re surrounded by smart products and computing devices embedded in everything from your fridge to the industrial control systems that keep our country running.
These devices collect data that computer scientists combine with analytics to enhance processes and improve products, efficiencies, the customer experience and much more.
Increased connectivity also means increased exposure to cyber threats, and all devices connected to your network become possible points of entry for cyber criminals to access that network.
Additionally, all device groups (i.e. cameras, alarms, lights, etc.) are running different software. This matters because all software contains bugs, and the bugs that can be exploited leave you vulnerable to cyber-attacks.
Every unique piece of software requires regular, ongoing updates and patches to fix these bugs, hopefully before they’ve been exploited by cyber criminals.
Most, if not all, areas of business rely on a combination of the internet, computers, IT infrastructure, and support for day-to-day operations.
If any one of these 4 requirements are not available then all other areas of the business will be affected.
The reality is cyber incidents threaten the organization as a whole. These incidents have the capacity to suspend a company’s entire operation, which may affect its ability to meet contractual obligations, result in reputational damage, or even leave the company exposed to legal claims.
Directors & Officers have a fiduciary duty to effectively manage an organization’s risk. The consequences for inadequacy can be irreversible. The responsibility put on those in upper management is held to a higher standard as they make decisions on behalf of the company.
Being a cybercriminal is a full-time job. They “punch in” and “punch out” every day, have weekends off, vacation days, etc. With so much time and money dedicated solely to cybercrime it’s no surprise that they are better equipped than most of our IT departments.
It’s human nature to make mistakes and those mistakes may be at your company’s expense.
When it comes to cyber security, complacency is not an option. Those in upper management have a higher standard of responsibility placed upon them as the decisions they make impact the entire company. As a result, Directors and Officers are held accountable for their actions or in-actions.
Not just one, but multiple. We’re talking backups for your backups! Online, offline, cloud, external hard drives, paper… whatever the medium you need to ensure there is more than one copy of the critical data needed to run your business.
A VPN creates an encrypted tunnel between you and a remote server. It offers a secure way to connect to the internet, encrypting the data sent over the connection which gives you better levels of privacy while online.
What’s an end-point? An end-point is any device that is physically an end point on a network. Laptops, desktops, mobile phones, tablets, servers, and virtual environments can all be considered end-points. Keep an inventory, ensure all end-points have up to date software and antivirus, and wipe all sensitive data from end-points that are no longer in use.
NextGen Anti-virus (NGAV)
Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioural detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented. NGAV is cloud-based, which allows it to be deployed in hours instead of months, and the burden of maintaining software, managing infrastructure, and updating signature databases is eliminated.
Why is patching so important? Security! The most critical and obvious benefit of patch management is heightened network security. Patches are often created after a company has experienced a data breach to ensure other businesses’ data remains safe, and applying a patch as quickly as possible lessens the risk of your business becoming affected. Patches typically come with performance improvements which results in increased productivity.
For cyber security to truly be effective you need participation from everyone. Every employee, every day. The most cost effective way to avoid unnecessary cyber incidents is to constantly educate and train your staff. Once a year. “Code of conduct” style training is not enough in today’s world. The threat landscape is constantly evolving therefore you should be constantly educating. Your people can be your best defence, but without the proper tools and training, we can assure you they are the weakest link.
Insurance is an integral part of any risk management strategy. Cyber risks are complex and difficult to comprehend, but what we do understand is these risks exceed almost all organizations’ risk tolerance thresholds.
MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). MFA helps protect you by adding an additional layer of security, making it harder for bad actors to log in as if they were you.
Incident Response Planning
An incident response plan (IRP) is a set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.
By having a well-documented and practiced IRP, your organization will be better equipped to handle and recover from cyber incidents.
Do you think your business is so small that it is …