A little over a month ago, I wrote about how being vigilant wasn’t going to be enough to stay safe on the internet. Don’t get me wrong, being vigilant about technology safety is a base-level requirement, like understanding elemental concepts like “fire hot” and “that scorpion is dangerous”. But knowing you need to be careful and exerting the discipline and training to actually be safe are miles apart in execution. In case you haven’t heard my analogy before, internet security is likely juggling dozens of plates while hackers continually toss more plates into your hands. They win when you drop even one plate, and they have an endless supply of plates and patience while they wait for you to lose focus. But what if you could add some robot arms to your juggling act?
We can all use an extra hand (or two) these days
At one point, it was possible for a normal human being to self-manage their business technology. Many business owners saw it as a rite of passage in securing their own domain name, spinning up a website and email boxes for all their employees, while simultaneously ordering a bunch of computers in black-and-white boxes. You could buy and install virus and spam protection from a friendly nerd named Norton and it did the trick. All was (relatively) well until the internet connected everything and hackers discovered that cybercrime was profitable. Hugely profitable. They upgraded quietly while the rest of the world marched on oblivious, starting an arms race in which our self-built technology infrastructure was outpaced before we even know there was a race. While you were busy running a business (and not a never-ending technology upgrade parade), they were running their own business of dismantling or bypassing your rapidly aging technology security.
Unfortunately, the insurance companies see this, and are now recommending or requiring all companies big and small to use advanced security tools that even the large enterprises with dedicated IT staff are only now adopting. But here’s where you have the advantage in this juggling act: big companies need a lot more robot arms than you do to keep all those plates in the air but, as always, there’s a catch: you still need some robot arms and implementing them isn’t as simple has mail-ordering some parts in a Holstein-colored box. Today’s new security technologies are complicated like you might imagine robot arms to be, and even worse, if you install or use them incorrectly, the insurance companies might even deny your claims. But you have this covered because you are partners with C2, right? Call us and ask about our new security bundle for small businesses – let’s add some robot arms to your juggling act!
Image by kiquebg from Pixabay
With the recent ransomware attacks on large US companies like fuel distribution company Colonial Pipeline and now JBS, one of the world’s largest beef and pork suppliers, some of you might be thinking, “Oh good, they are focusing on the big fish now,” which gives us smaller companies a little breathing room. While this may make sense from purely predatory “Animal Kingdom” point of view, size matters naught on the internet. The difference in effort and cost to target a big company versus a small one isn’t large enough to deter them from pursuing both. In fact, due to the continually widening dark web market of Ransomware-as-a-Service (RaaS), targeting small companies is just as cost-effective as large ones. After all, 50 ransoms of $1000 is the same as one $50,000 score.
What does this mean for you?
Businesses large and small are starting to understand that it’s no longer “if” you will be attacked, but “when”, and in addition to tightening up their technology, they are also getting insurance to cover potential cyberattacks and ransomware demands, like the ones that Colonial faced (they paid, by the way) and what JBS is facing now. Because claims on these types of policies are on the rise and show no signs of slowing, the insurance providers are now asking for their potential cyber policy holders to batten down their hatches in preparation for the coming storm. Here are the things they are looking for:
- Does your company use two-factor authentication for all of its critical infrastructure? Not only email, but VPN/Remote access and administrator credentials for your company’s network as well.
- Is your company’s critical data backed up to an encrypted, offsite location that is protected by two-factor authentication?
- Are you running up to date malware protection on all devices that access company data and networks? The big gotcha here are all the personally-owned computers people have pressed into service during the pandemic.
- Are all devices that contain sensitive data encrypted? This includes mobile devices, and again, personally-owned equipment.
- Is your network protected by enterprise-grade firewalls and protocols?
Additionally, insurance providers might also be looking for these advanced security implementations that normally were only deployed by larger companies with dedicated technology and security staff, including:
- Dedicated network intrusion detection and active countermeasures.
- An information security policy in place for your company that governs how your company retains, protects and disposes of critical, confidential data.
- Regularly scheduled penetration testing of your company’s data networks.
- Regularly scheduled security audits of all company technology.
- Designated security officer/manager responsible for the company’s security.
- Regular training of all company staff on information security policy and practices.
When shopping for a cybersecurity policy, or expanding your current coverage to include it, you will be asked about some, if not all, of the above items, and your answers may determine the cost of your premium, or whether the insurance provider will underwrite you at all.
Image by Free stock photos from www.rupixen.com from Pixabay