Best Practices for Risk Management

In today’s workplace, it is more important than ever to be aware of the security risks that lurk at every corner of the digital space. Even more important, is having safeguards in place to protect against any threat, breach, or attack that may come your company’s way. Though no one method can be guaranteed foolproof 100% of the time, by utilizing practices for risk management, you are putting your company in a much better position to beat the odds. Here are our suggested best practices.

Encrypting Data
Encrypting data is crucial for keeping proprietary information as secure as possible. When data is stolen, encryption algorithms work to transform sensitive data into unreadable gibberish.

Firewalls
A firewall is a part of a computer system or network which is designed to block unauthorized access while permitting outward communication. It protects hackers from gaining access into a website, monitors applications, and can also be used to prevent employees from sending sensitive data and specific emails.

Virus and Malware Protection
Most companies already have these programs installed. For ultimate effectiveness, you must keep all programs up-to-date and maintain security patches.

Back-Ups
For back-ups, be sure to use a combination of both cloud and off-site storage. Also, it is a great idea to test back-ups on a regular basis to reaffirm their effectiveness.

Review Access Control Policies
It may seem like common sense, but it is important to remember that administrative login credentials should only be given to key company personnel. A clear plan should be developed that designates which individuals have access to what information. Only grant access to data which is necessary to the user.

Collect Logs
Detailed logs are essential for security and troubleshooting purposes. For any application that doesn’t have internal logging, it is advised that you go in and add tools that can log those activities.

Beware of Social Engineering
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Make it a point to continuously train all employees on different types of social engineering attacks and “con games.” What may seem like an obvious scam to one person may not come across as such to another.

Outline Clear Use Policies for New Employees and Vendors
Dispense clearly defined security requirements and expectations to your workers from the beginning to prevent future problems.

Review New Compliance Requirements
Make keeping up-to-date on compliance matters a continuous practice. Doing so will not only keep you in the good graces of regulators but works to keep your company safe as well. There are many ways for a company to protect itself against a breach or attack, and the more safeguards that are put in place the better chance of avoiding a malicious event. One step that cannot be overlooked, is Cyber Security Coverage. When prevention fails, your coverage is what will truly keep your company protected. For more information, please reach out to our cyber security coverage expert Brian Kilcoyne, CIC. He is reachable by phone at (617) 612-6515, or by email at briankilcoyne@hkinsurance.com.