Is your organization doing everything possible to prevent cyberattacks?
The FBI’s Internet Crime Complaint Center (IC3) received 467,361 complaints in 2019 and recorded more than $3.5 billion in losses. Business email compromises schemes alone accounted for more than $1.7 billion in losses. Ransomware has been another growing threat – the IC3 received 2,047 ransomware complaints with adjusted losses of $8.9 million in 2019, and attacks have been becoming even more costly and sophisticated in 2020.
If you’re not doing everything possible to protect your company, it’s only a matter of time before a cyberattack targets your company. October is National Cybersecurity Awareness Month, and this year’s theme is “Do Your Part. #BeCyberSmart.”
Are Your Systems Secure?
Your organization likely uses many computers and smart devices connected via a network. This system is only as strong as the weakest link.
- Is everyone at the organization using strong, unique passwords and two-factor authentication?
- Is sensitive data encrypted?
- Are all operating systems and programs kept updated with the latest security patches installed?
- Is anti-virus software installed on all devices, and are regular scans performed?
- Is the Wi-Fi network secured with a strong router password and network encryption?
- Do you have secured backups of all essential data?
- Do all security measures apply employee-owned devices used for work, smart devices and remote work arrangements?
- Has the system been audited by a cybersecurity professional?
Are Your Processes Secure?
A secure computer system is a strong defense against cyberattacks, but it’s not all about technology. You also have to consider the human element. Some cyberattacks, including business email compromise and phishing schemes, work by tricking individuals into revealing sensitive information, making fraudulent wire transfers or diverting payroll.
- Have all workers received cybersecurity training? Employees in all departments – not just the IT department – should know how to keep their computer secure, how to avoid clicking on suspicious links, and how to avoid spoofed emails and text messages that try to mimic a legitimate source.
- Are there strong policies regarding portable devices? Portable devices, such as laptops and flash drives, can be lost or stolen. Other security issues can occur when employees connect to Wi-Fi networks that aren’t secure at coffee shops or other public places.
- Do you have a procedure in place to verify all requests for wire transfers, payroll changes or sensitive information? Scammers often pose as vendors, clients, managers or employees to make requests, and the email addresses used may be off by only a single letter. Take steps to avoid these schemes, such as flagging external emails and requiring verification for all sensitive requests.
Is Your Company Adequately Insured?
This year’s shift to remote work arrangements has increased cyber exposures for most companies. Do you know what you would do if everyone in your company was locked out of your systems until you paid a ransom? Do you know if you have coverage for a data breach event? These are important questions to contemplate now. Contact your BNC Insurance advisor for a cyber liability coverage review.