Did you know that the average amount of time a hacker is actively in and monitoring your business data is around 284 days? That’s a good 10 months’ worth of observing transactions, downloading your files, and stealing employee information – all which can be sold on the black market for a premium. Once you’ve realized it, it’s already too late; you’re playing catchup and working through disaster and reputation recovery for months or perhaps longer. All of this and more was discussed at the Cyber Security Breakfast hosted by Warwick and featuring special guest speakers from Meyers, Roman, Friedberg & Lewis, as well as Zito Insurance. In case you missed it, here’s the presentation:
If you’d rather read than watch a video, here’s what you need to know—because it’s not a question of if a cyber attack will occur, but when it does and how well-equipped your organization is to handle it.
The Facts About SMBs and Cyber Security
Warwick/Continuum security consultant Ryan Hesske explained that while cyber threats are a real concern for SMBs that unfortunately many ignore it, as “SMBs have nothing worth taking” which simply isn’t true. It’s this mindset, in fact, that makes smaller and medium-sized businesses the most vulnerable, as well as the most valuable, to hackers. In addition to believing they’re too small to matter, businesses also tend to err on the side of necessity, rather than caution. Taking a liability-insurance approach to security measures, Ryan pointed to the data breaches of Equifax and Target. Equifax didn’t take advantage of a security patch that would have strengthened the digital ecosystem, and Target didn’t place enough security around network access, inadvertently allowing entry to sensitive information via an HVAC vendor with system accessibility. Both of these brands considered a security breach to be an ‘if’ and not ‘when’ scenario – a costly but avoidable mistake.
The bottom line, according to Hesske, is to be able to recognize the various types of seemingly innocuous situations. Know the three pillars of IT are process, people, and technology; create a roadmap to your desired state of IT and never forget that large or small, no business is immune to attack.
Create a Culture of Awareness and Preparedness
Jonathan Hymen, partner at Meyers, Roman, Friedberg & Lewis, says it’s not only what your IT department knows, but how your organization as a whole approaches cyber security and creating a culture of awareness. According to Hymen, businesses need to encourage company-wide education and be proactive with protective measures. With (inadvertent) employee error as the number one cause of a $4 million dollar on-average mistake, Hymen says you can get started with the following:
- Mandate the use of complex passwords.
- Stress the importance of separate passwords for work and personal use.
- In the event that a company-owned device is lost or stolen, have it wiped before anything else. Often, the assumption is that the service carrier should shut off service to the device. This, however, won’t protect the data stored on it.
- Never employ open WiFi. Always take the time to create a secure, password-protected network or provide virtual private networks (VPNs) as connection alternatives.
- Develop a plan, keep it up to date, and ensure your employees are familiar with not only the plan but the latest in cyber threats and hacker tactics.
- Know the law: in the event of an attack, know what your company may be liable for and the actions to take as to avoid additional negative repercussions.
Protect Your Employees, Your Clients and Customers, and Your Business
Did you know that much like other types of insurance products that you can also rest assured with the peace of mind that cyber liability insurance provides, but that only one in three businesses has it? While some providers include a line or two of general blanket coverage which is better than nothing at all, it’s preferable to hold a completely separate and cyber-specific policy.
According to Chris Zito of Zito Insurance, a cyber liability insurance policy will protect your organization in both first-party and third-party instances (think about your homeowners or car insurance). First party protection includes if your organization had to file a claim regarding monetary theft, extortion, investigative costs, and other causes of loss or downtime. Third party, on the other hand, speaks to breaches in which customer or client information is compromised, where an outside entity is affected and your business is responsible. With regard to underwriting, risk assessment, and cost, consider a health insurance policy: the more preventative measures a business takes and actionable plans it can demonstrate, the more budget-friendly the policy. The overall health of your business’ security plan will dictate what you’ll pay, as well as the types of coverage for which you’re eligible. This is simply another reason why it’s essential to address cyber security as a matter of operations, rather than a luxury or budget surplus afterthought – preparing for the unfortunate reality of the inevitable but being well-protected and properly informed of all possible scenarios.
Get Started Today
Whether you’re looking to learn more about how a managed service provider and cyber security partner can assist your organization now, are interested in future events, or you’re ready to implement an updated security plan, sign up for our newsletter or contact us today. Warwick has been proudly providing technology services and solutions to small and medium-sized Ohio businesses for over 70 years; we’ll walk you through the hows so that your organization and its systems are prepared for the whens of cyber security.