Businesses are responsible to ensure that sensitive data in their possession - physically or digitally - is not compromised. D ue to COVID-19 restrictions, many businesses are having to adjust their operations to stay in touch with clients, generate revenue via on-line sales, enable team members to work from home, and meet virtually. All these changes create increased cyber risk. These transitions are a first for many businesses that are being implemented at rapid speed with most learning as they are executed with no time to formalize procedures for maintaining the security of their data and networks.
 
Below we take a brief look at how these areas expose your business and the mitigating steps you can take to balance productivity with protection.
Blog
On-line Sales
Remote Workers
Cyber risks continually evolve as cyber criminal's schemes escalate. The more informed we are of the criminal's tactics, the better position we are to protect our data and networks.
 
Not all cyber breaches will be known immediately.  After a breach, the criminals may quietly observe, learn, and collect valuable data of your organization, including bank account numbers, personally identifiable information of your clients and employees, your intellectual property, etc.  You may not know until weeks or months later, when they execute their ultimate theft plan.

What are some of the cyber criminal tactics used to expose your business? Learn More
Steps to Protect Your Business
  • System Updates - This is the simplest but often the one taken for granted and overlooked. Keep all operating systems, browsers, router firmware, phones, and all devices updated. Updates are often done to rectify software vulnerabilities.

  • Multi-factor Authentication - This should be enabled on both business email and network access. This adds a layer of security to protect against compromised credentials requiring users to confirm their identity by providing extra information (i.e., phone number, unique security code either texted or mailed to them) in addition to their password. 

  • Role-Based Access Control - Limit employee access to systems and applications to only those required of their position.

  • Email Server Settings - Set your email server to filter out suspicious phishing emails.
  •  
  • Complex Passwords - Create a password policy that requires employees to change their passwords regularly, avoid using the same password for multiple accounts, and defines the minimum level of complexity (upper, lower case, numbers, and symbols) Consider strong and unique passphrases).

  • Emails - Restrict work emails from personal use. This reduces the likelihood of employees receiving malicious emails exposing your business.

  • Approve Applications - Restrict the use of any unapproved applications on devices used for business.

  • Supply Company Hardware - Whenever possible, provide company-issued hardware instead of employees using personal devices and restrict use to business-related. Employees using personal tools to access your organization’s network makes a successful data breach both more possible and harder for intrusion-detection tools to discover.

  • System Backup - Have a secure data backup solution on-site and off-site that you periodically test to ensure you can restore your system from the backups.

  • Utilize Next Generation anti Virus - This behavior-based software will scan devices for unusual behavior and determine if there is a threat to devices, networks, and servers.

  • Check Company Emails for Suspicious Email Forwarding and Mailbox Rules - Criminals will set up these rules so they can monitor learn contacts, sensitive info, etc. This learned information helps them create malicious emails that look authentic.

  • Use only Approved Streaming Service - Determine which streaming services your business is confident of the security of and restrict all business-related activity be done through these defined services. Cyber criminals look for security gaps in these video teleconference applications to take advantage of so always have a heightened awareness when using and minimize any private information shared
.
  • Strong encryption - Utilize strong encryption of your data while in transit and even when at rest. Limit and document those that have access to the encryption keys.

  • Standard Protocols - Have standard office protocols that are followed by all including those working remotely.

  • Device Settings - Ensure that default and built-in applications are secure. Turn off the allowance 3rd party applications access to your private data, contacts, and location. Most social media applications have these turned on by default. Opt-out of account syncing and single sign-on solutions for faster logins. Enable a lock screen with PIN and device encryption. Mobile devices that are lost or stolen can make you vulnerable. These simple steps keep you and your organization safe.

  • Use a VPN (Virtual Private Network) or SRA (Secure Remote Access) -These are connection methods used to add security and privacy to private and public networks.

  • Remote Workers Home Network - If remote work requires using personal internet, discuss good security practices (complex passphrase, logins on home modems and routers have been changed from defaults, etc.)

  • Vulnerability Assessments - This can help uncover entry points in your business system which a security expert can then provide recommendations to eliminate the identified risk.
Educate and Train Your Employees
They are Your First Line of Defense!
It is critical to provide employees with training on cyber threats and how to respond. An initial training should give them a solid ability to identify cyber criminal tactics and how to handle. Equally important, though, is providing regular on-going training in security best practices. These pieces of training should include:

  • recognizing phishing emails
  • verifying a sender email address is legitimate (be aware of misspellings, etc..)
  • having increased caution to not click on malicious links sent in an email or text messages. These are one of the easiest ways for cyber criminals to gain entry into business networks and individual computers.
  • examples of cyber criminal tactics
  • how to identify secured websites
  • Importance of protecting their phones, laptops, ipads from theft
  • expectations of reporting any potential security incidents immediately
 
Remote workers can be more trusting than traditional workers when working on their personal equipment. Training is especially critical for them as well as having a remote work policy that clearly states expectations regarding device use, appropriate work environment, and protection of proprietary information.
Cyber liability insurance  is a crucial part of insurance programs today for businesses of all sizes across industries.

This policy provides coverage for costs a company incurs to recover from a data breach, virus, or other cyber attacks and covers legal claims resulting from the breach. Equally important to the coverage it provides, is the team of carrier experts available to the business at the time of a breach to help expedite the business recovery and assure compliance with notification requirements.

Contact us today to discuss this valuable protection!
For past email communications related to COVID-19 visit our website
If it matters to you, it matters to us!
413-243-0089