By Anita Byer, Setnor Byer Insurance & Risk
October may officially be Cybersecurity Awareness Month, but that doesn’t mean businesses can afford to take the rest of the year off. Gone are the days when cybersecurity was seen as an ancillary function. Today, businesses should be thinking of cybersecurity as an essential core function, because that’s precisely what it has become. A single cybersecurity incident can threaten a business’s operations, reputation, bottom line, and in some cases, its very survival.
Protecting against cyber risks, like other operational risks, requires a holistic approach. According to the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), businesses need to develop and maintain a culture of cyber readiness. This is obviously easier said than done, but it’s not impossible. CISA recommends incorporating the following essential elements to increase the likelihood of successfully creating a culture of cyber readiness.
Your Leaders. Workplace culture often reflects leadership, so any changes must start at the top. Ownership and management must invest the time, money and resources needed to effectively drive cybersecurity strategies, policies and procedures.
Your People. Making people part of the first line of defense against cyberattacks reduces vulnerabilities and drives a culture of ownership. Personnel must be trained to recognize cybersecurity risks, like phishing, password hacks and malware.
Your Systems. Cybersecurity requires knowing which devices are connected to your network, which applications are in use, who has access to these, and the security measures in place. A cyber-ready business proactively keeps its systems up-to- date and secure.
Your Surroundings. Access to your digital environment, like access to your physical workplace, must be limited. Setting access privileges and establishing operational procedures requires knowing who operates on your technology and with what level of authorization and accountability. User and access management is a complex, yet crucial component of cybersecurity.
Your Data. Information that is stored, processed or transmitted must be protected. Identify and backup all critical and sensitive data and have plans in place to recover and restore systems, networks and data in the event of an attack.
Your Crisis Response. Plan, prepare and conduct drills for cyber-attacks and incidents, like a fire drill. This involves having incident response plans and procedures, trained staff, assigned roles and responsibilities, and incident communications plans.
While a culture a cyber readiness can significantly enhance cybersecurity, it isn’t foolproof. Every business should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.