Implement our cyber risk protection checklist to protect your business. As you may know, cyber attacks can pose a significant risk to your business, especially if you aren’t prepared. According to Radware’s latest Global Application and Network Security Report, the average cost of a cyber-attack is over $1 million. Cyber crime comes in many forms, from hacking to cyber theft, reputational damage and even the fraudulent transfer of business funds.
With the threat of cyber attacks increasing, it’s more important than ever to protect your business. Many attacks result from a business being unprepared or under-prepared for the threat. By taking proper action, you can significantly minimize your risk.
Manage the risk your business faces by implementing this cyber risk protection checklist:
Antivirus and Firewall Protection
Antivirus and firewall tools protect your business the way a burglar alarm and sturdy structure protect a home. These systems work to keep cyber attacks from penetrating business systems, sounding the alarm if an attack does get through.
In today’s business world, it’s important to protect not only critical end-points, but central systems as well.
Use antivirus protection to protect against computer viruses and malware:
- Administrators should run regular antivirus scans on the entire system, not just your workstations.
- Whether your servers are onsite or in the cloud, they should also be subject to regular scans.
For firewalls, proper configuration is critical:
- Research suggests up to 99% of firewall breaches are caused by simple errors in configuration.
- For your firewall, an internal system modem is like a hole in the side of your house, so ensure this risk is eliminated with a systems audit.
- Configuration of both end-point and internal firewall architecture can protect against other threats, like compromised laptops and USB drives.
- Regularly check and update your firewall configuration settings to ensure complete protection and efficient performance.
Network Password Protocols
Passwords are like the key to your home. Just like you wouldn’t leave your house key lying around, don’t be careless with your company’s password management. Try these tips:
- As many as 81% of business data breaches are due to poor password protocol, so it’s important to effectively manage this risk.
- Strong passwords, of 8-12 characters and containing a combination of uppercase and lowercase letters, numbers and symbols, can go a long way toward minimizing the risk of a cyber attack.
- Don’t allow weak passwords, such as “12345” or “password1” and words from the dictionary or patterns of numbers or symbols.
- Always require the use of different passwords for each account and service. A trustworthy password manager can be utilized if needed.
- Enforce strong password safety measures on company mobile devices and laptops.
- Incorporate rolling updates to prompt users to change passwords either monthly or quarterly.
- Also update relevant passwords when a personnel change occurs.
Patching and Updates Maintenance
Patching and updates maintenance is an incredibly important part of your cyber risk protection. The recent Equifax data breach was due to a two-month-old unpatched bug vulnerability. New vulnerabilities in software files and systems may be discovered regularly. Patches published to fix the bugs can occur as often as once a day, so managing this process is key:
- Conduct a comprehensive inventory of devices, OS versions and applications. Forgotten systems and devices can lead to neglected updates and the risk of a successful attack.
- Determine how often critical services are patched and updated and look for ways to minimize risk from unpatched vulnerabilities.
- Monitor for new patches and vulnerabilities, and ensure a process is in place for testing, configuring and rolling out fixes.
- Audit your patches to ensure your administrators are aware of any failed or pending patches that may be critical.
Phishing Awareness Training
Many workers know they should avoid a suspicious email but spotting today’s most common phishing tactics is getting more difficult. Savvy hackers cost businesses $2.7 billion with phishing scams in 2018 according to the FBI, so it’s important your business and employees are prepared. Recent tricks include:
- Send an invoice
- Request a password reset
- Request to update payment info
- Prompt to click a download link
- Impersonating or compromising the credentials of a boss or VIP
- Faking websites or compromising real websites
- Hiding links in PDF and Office attachments
Ensure employees are trained to spot these threats and your business enforces safe authentication procedures prior to all fund transfers.
Porting and Internal Network Traffic Controls
Keeping unwanted traffic out of your network is ideal, but what happens when that fails? This is where porting and internal network traffic controls comes into play.
Should any unauthorized visitor get into your home, you want to ensure they don’t find the bedroom safe unlocked and open. The same goes for your business systems. Ensure the following:
- Network segmentation is designed so only those who need it have access to critical systems.
- Other computers that connect to the network are segregated from these critical systems and sensitive information centers.
- Common ports are “closed” or protected by default.
- Follow procedures to ensure access changes maintain network security.
- Review logs daily for unusual or suspicious behavior.
Back-Up System Protections
Even if a cyber attack doesn’t result in the theft of your business’s trade secrets, client data or financial credentials, a great deal of damage can be done if such data is damaged or lost. Having adequate back-up system protections in place is crucial. Consider these tips:
- The best systems include multiple, redundant backups. These backups should be segregated from the network and stored in geographically isolated locations to avoid contamination in the event of a network intrusion.
- Recommended back-up frequency can range from every day to monthly, depending on the needs of your business.
- If your business incorporates more sensitive systems and larger numbers of records, you should back up more frequently.
Cyber Liability Policy Coverage
Given the potentially devastating impact of a cyber attack against your business, the right cyber liability policy coverage can mean the difference between your business surviving the attack or closing shop.
Cyber liability coverage can help cover costs related to a cyber attack or data breach, including:
- Privacy breach notification expenses
- Loss of income
- Regulatory fines and penalties
- Other related expenses
For the best protection, purchase standalone coverage with broad, comprehensive coverage and no sublimits. CyberLock Defense Insurance offers this protection, plus CyberLock Defense is more affordable and more accessible than any other cyber liability policy available.
Learn additional cyber risk protection checklist items and discover the benefits of cyber liability insurance for your business.