Confronting the possibility of a cyber threat affecting your business is a daunting, yet absolutely necessary task. It can happen to any business, large or small, at any time. Businesses that will thrive in the aftermath of an attack will have understood their risk prior, and made appropriate steps to protect themselves. Risk managers and insurance agents must work together to address exposures faced by the entity they have been enlisted to protect.
The first question you must ask to understand your risk; how reliant is the business on technology? To assess, consider the number of customer records and where they are stored, whether all of the data is encrypted, and also who has access to them. Then, identify what the technology risks are for the business. Take into account how many prospect and customer accounts are stored on their devices, and also how they communicate using technology (business to business, business to consumer, or business to government) to get a clearer picture of their situation.
Only once the risk is understood, can steps be taken to mitigate it. Here are three initial steps to take to lessen the impact of your business’ cyber risk.
- Select appropriate loss control methods
- Review password standards
- Update all software
- Encrypt all data prior to uploading it into the cloud
- Update, or create, a thorough data security policy
- Create a plan to pay for losses
- Review current insurance coverages, and identify additional exposures
- Look for loss control service provided by the carrier
- Monitor the results
- Update policies and procedures
- Require training for all employees
Using this article as a helpful starting point, please feel free to reach out to Brian Kilcoyne, CIC to understand your risk further. He is reachable by phone at (617)612-6515, or email at firstname.lastname@example.org.