How to Create Strong Cybersecurity and Leverage It To Save Money
Cyber crime evolved in the past year. Hackers found new opportunities to compromise businesses thanks to a quickly spun-up work from home environment. The fear of most organizational leaders is ransomware attacks, where attackers gain access to your systems over the course of 3-4 months, mine data which they will later sell, and then lock everything down so your team can’t access company resources until you pay the ransom.
Business email compromise (BEC) caused more damage than ransomware in 2020. BEC is when an attackers gain access to admin credentials in your email system and begins impersonating your company. They email clients from regular employees and attempt to spread the infection to client systems. They will also try to use your company’s credentials to create scams dressed as regular business transactions.
Many companies sought cyber security insurance with the mindset that they’ve already done everything they can to prevent an attack – relying on the insurance as a primary defense.
This has caused premiums to increase and insurance providers to tighten up requirements before awarding coverage. TechNoir still recommends seeking cyber security coverage, with the caveat that business owners must understand that they will not receive good coverage unless they have an involved and proactive cyber security practice.
This doesn’t mean you need to hire a CISO, but it does mean that it’s your responsibility as a business owner to stay current with your lines of defense. Providers want to know that you regularly test the measures you implement, and that they’re effective. We’re going to teach you how to invest in cybersecurity for cheaper than the cost of your current insurance premiums (or get better value out of your current coverage).
The 5 Cyber Security Checkpoints for Business Owners
You don’t need to know how to code or use cybersecurity tools yourself – you don’t even need to have someone on your team do it. Most insurance companies want to know what you’re doing in the following 5 key areas of cyber hygiene:
- Endpoints
- Means of Communication
- Leaked Credentials
- Aware Employees
- DNS Protection
Endpoints are things that connect to the internet (Wireless Access Points, Workstations, Cameras, Phones, etc.).
Means of communication is implementing filters that weed out malicious spam before it reaches employees (emails, internal messages).
Leaked credentials is conducting regularly checkups on the dark web for credentials being sold (email addresses, passwords, usernames, phone numbers, credit cards, etc.).
Aware employees are trained employees who actively avoid and double-check risky looking emails or links.
DNS protection is creating a “phone book” of verified websites that are allowed to interact with your company/that your employees can interact with. This is usually tied to professional cybersecurity organizations (Cisco Talos, DHS, etc.) that update the lists of good and bad websites.
You can purchase software that covers the fundamental layers of cybersecurity cheaply, but implementation and monitoring requires professional expertise. Additionally, technical expertise is necessary to provide insurance companies evidence that your layers of cyber security are effective.
Avoid State-Sponsored Hacking Targets
If you have IT professionals on your team, you should ask them if they’ve used tools covering those areas in the past. Some IT Companies with a cyber security practice, like TechNoir, offer complimentary audits that will help you determine if your company’s cyber security hygiene is properly managed.
While any security is better than none, even some cybersecurity vendors have been subject to major hacking incidents in 2020/2021. That means that setting up a tool and letting it run without proactive management is not an option. Microsoft, Solarwinds, Fireeye, and Mimecast are all major names in the IT security space whose platforms were compromised in some way.
A hacked vendor is particularly dangerous because hackers gain the ability to hack any of their customers. Imagine the president of a country is somehow swapped with an exact look alike with bad intentions, and then that imposter begins giving out catastrophic orders and passing bad information along.
The only way to mitigate this risk is to keep close eyes on your system and have redundant layers of security if one vendor falls victim to a major attack. Hacked vendors carry an inherently larger risk, which can translate to worse premiums.
Insure Yourself Before Rates Increase
The purpose of this information is to ensure your company is able to get affordable cyber insurance early by implementing a simple cyber security management system. As insurers grow their understanding of business cyber security (or lack thereof), they’re poised to grow their warriness in awarding coverage at the historically low rates we saw last year.
Per Gallagher’s 2020/2021 report, “Ultimately, we are projecting rate increases in the range of 15% to 50% for cyber insurance buyers… We will see a wider underwriting lens that will expand to an increasing use of loss modeling tools and continual system scanning, utilizing both in-house and outsourced IT security resources as they evaluate prospective insureds,”
The best thing you can do for your company is arm yourself with a dedicated cyber security management company to take care of this for you. Within the cyber space, most attacks are already caused by internal employee mistakes, like clicking a shady email.
A cyber security vendor will analyze your current practices, and provide you with information that is presentable to insurers. With rates poised to skyrocket, the costs of implementing cyber security will likely be tremendously offset compared to insurance premiums – not to mention negative externalities like a diminished brand image resulting from a successful attack.