Cybersecurity is like antibiotics. Every time there’s a new security measure introduced, hackers will find a way to breach it. While some industries, such as financial and health, are hacker favorites, any business can be vulnerable if best practices aren’t followed. In 2017, “ransomware” attacks around the world exceeded $5 billion according to the Cybersecurity Business Report while Hackmageddon reports that in 2017 there was anywhere from 64 – 80 hacks per month—more than double the 2016 breach counts. Billions of people are affected by these hacks, but how are these cybercriminals targeting businesses in 2018?
Here are the top five biggest cyber risks for any businesses with an online presence:
- Going phishing. Phishing attacks rose 38% between 2015 and 2016 according to the “Key findings from the Global State of Information Security Survey” from PricewaterhouseCoopers. Phishing, or luring users towards malware (a dangerous software code) has been a long-standing favorite of hackers. However, now phishing is taking place in multiple spaces including mobile devices and cloud architecture (such as your go-to Google Drive folders). Malware is usually released when a person clicks on a “phishing email,” and is then used to steal vulnerable information such as social security numbers, medical records, and financial documents. Malware can record keystrokes to get information such as passwords and destroy a computer’s memory to make it run painfully slow.
- Failing to regularly change passwords and use double authentication passwords. One of the most effective ways to ward off breaches is to take a double-pronged approach: Change passwords regularly (make sure they’re complex) and use double-authentication. Multi-authentication is even better. It requires the user to provide at least two means of accessing information, which makes it extremely difficult for hacking software to untangle.
- Not having a cybersecurity system in place and regularly updated. If a business doesn’t have a cybersecurity system and policy in place, they have almost no defenses against breaches. Some businesses might have included a cybersecurity protocol as part of their SOP, but when’s the last time it was updated? Both breaches and security measures are fluid and constantly evolving. If a breach occurs, fast action is critical—but without a policy, nobody will know what to do.
- The BOYD trend. In the Digital Era, virtual offices and telecommuting are increasingly common. Some employers are offering a “bring your own device” approach to workers and contractors, but that opens up an incredible amount of risk. These personal devices are linked to your business. BOYD & Mobile Security’s study reports that 20% of organizations experience at least one type of security breach per year, mostly from malware and dangerous Wi-Fi connections. Human error continues to be the weakest link, and when you have unrestricted personal devices tapping into your business, it’s a recipe for disaster.
- Evolving risks coupled with old infrastructure. While hackers are getting better, faster, and smarter, a lot of businesses are trudging along with outdated infrastructure. Software is just part of the cybersecurity threat. Hardware can also be a big problem area, especially when it’s old and doesn’t allow for the latest software and patches. Some software, like Java, requires outdated plugins that can also lead to breaches. When a business buys new hardware, its ability to update needs to be a priority.
With so many cyber risks out there, what can businesses, including those on a budget, do to protect themselves?
- Put a cyber policy in place if it’s not there already, update it, and regularly maintain it. Make sure it also includes a recovery plan.
- Require passwords for all employees to be regularly changed with at least double authentication.
- Update both hardware and software on a regular basis, including patches when available.
- Hold regular cyber security training for all staff members.
- Add cyber liability insurance and data breach insurance coverage to your existing business owner’s policy and general liability policies.
In the event of a data breach, a business must respond quickly to help protect impacted individuals and your business’s reputation. A cyber liability and data breach insurance policy can help with response-related expenses including, costs to notify impacted individuals and good faith advertising. And in most states, cyber security coverage is available to help cover legal defense and liability expenses if your business is sued because of a breach. Check out our cyber liability coverage page or contact a Gallo|Thomas advisor to learn more.