None of us wants to experience a data breach. But none of us can predict the future and all of us can be a victim of a data breach.
Have you ever wondered what if data breaches happen to your business?
What are the impacts of it?
How will you respond to it?
What is the cost of it?
Can you imagine the worst things that can happen to your business?
According to a new report from IBM and the Ponemon Institute, the average cost of a data breach in 2020 is $3.86 million. The report shows a 1.5% decrease in costs from 2019 but still a 10% rise over the last five years.
“This includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as a result of bad publicity, and regulatory fines”.
Data breaches have resulted in legal fees, major fines, and headaches!
A data breach isn’t just about the damage to your business computer system, it also can damage your reputation negatively and puts your customers at risk.
But as a smart business owner, you are not going to move into a building you own and not insure it from burning down. That’s why it is great that you have taken the first step in buying cyber insurance.
What is Cyber Insurance?
Cyber insurance covers you and your business from cyber threats, such as data breaches. It concerns your websites, email accounts, and your data.
It provides support for your cost of:
- Forensic Investigation
- Ransom Payments
- Reputation and Crisis Management
- Network Restoration
- Regulatory Fines
- Legal Fees
It also helps you with:
- Notifying your customers about the data breach
- Restoring your customers’ data, and
- Repairing your computer system
When you buy cyber insurance, it’s like you’re buying a promise. A promise that if a data breach happens to your business, your cyber insurance company is going to assist you to make your business whole again.
BUT there might be an incident that you won’t get any help from your cyber insurance company.
Because there is no standard form on what is covered under a cyber insurance policy. Different companies require different best practices that are followed to ensure you are protected so make sure you read your policy.
What are the things you need to be doing if you want any chance of a payout?
1. You require cloud/online backup
Keeping business files including photos, cad, videos, music, servers, and documents is critical to all businesses. If they were destroyed due to ransomware or just by accident, we need a reliable backup we can restore from.
Online backup eliminates human forgetness. We can get someone in the office to swap over the backup drive every day, however, sometimes they forget, sometimes they get corrupted, and sometimes there’s just not enough historic data.
Cloud storage is taking over as it is automatic, we can have a lot more history, and companies like NZCS help manage and test restores to ensure you have your files when you need to restore them.
Also, check the reasons why people are migrating to cloud storage.
2. You need to use secure long passwords and have lockout policies
Strong passwords are a must when it comes to preventing yourself from cyber attacks. Passwords need to be at least 12 characters long with capital letters, numbers in order to give hackers headaches!
You can also have an account lockout policy to block attempts when a hacker is running an attack where they try to get in using brute force. Hackers will download a list of passwords from prior breaches and try each one. If you get a number of invalid attempts in a short period of time you know that either the user has forgotten their password or someone is trying to bang the door down.
Click here to find out more about setting up your account lockout policy.
3. Set up two-factor authentication (2FA) for all your remote access
The 2FA adds a second method of identity verification to secure our accounts. It can be your phone, a fob, or your fingerprint. Attackers can’t access your account even if they have your password because they need access to the second factor as well.
You use a code. Whenever someone attempts to log in to your account, you will receive a text message or an email with a one-time randomized 6-digit number.
If you want to enable two-factor authentication in your Google account, follow these steps:
- Go to Google Account and log in to your account.
- Click on the Security tab on the left.
- Click on 2-Step Verification.
- Click the Get Started tab.
- Enter your Google password to verify it’s you.
- Click Try It Now.
- Tap Yes on the Google pop-up that appears on your phone or tablet.
- Confirm your phone number. It serves as the backup option in case Google Prompt doesn’t work.
- Enter the 6 digit code that you received to your phone number and click Next.
- Click Turn On to enable the 2FA.
4. You need to have Anti-virus
Antivirus software is like the security guard at the gate of your house. It protects you from any kind of threat. Installing an antivirus software to your computer is a necessity. It helps you address the malware attacks before they can cause harm to your computer system. It shields you from any kinds of cyber threats.
Also, check what are the top 3 cyber threats.
You should also consider asking your IT provider about adding EDR (Endpoint Detection and Response) protection to add a further layer of protection.
5. Have proper money handling policies
If someone in the firm is emailing you a bank account number or requests money is being moved, are you calling them or using a paper form as a way of double-checking if it came from the person that sent the email?
Be careful when setting up payees in the bank by pasting the bank account number that once you save it, the number is still correct.
Learn how to spot a phishing email. You may also arm your employees with knowledge because they are your first-line defense against cyber threats.
Contact NZCS for further advice on your cyber security practices.