All businesses have concerns that require attention, but one of the more recent areas that demanding focus is cyber security. Advancements in technology and the internet have made conducting business easier than ever. However, it has also left many businesses vulnerable to new areas of risks.
In 2010, the federal government of Canada showed how seriously they were taking cyber threats when Minister of Public Safety, Vic Toews, and Minister of Natural Resources, Christian Paradis, unveiled Canada's Cyber Security Strategy, a plan intended to curb cyber threats.
"The internet has become an invaluable tool for Canadian families, businesses and governments," Minister Toews said. "But just as cyberspace is constantly evolving, so too are the cyber threats to our security, prosperity and quality of life. It's time to take protection of Canada's cyberspace to the next level...."
While the government's plans to improve national cyber security are laudable, it is up to individual businesses in all industries to protect themselves. Data breaches by hackers and cyber criminals may result in stolen personal or financial customer or employee information, stolen company banking information, or deliver damaging viruses and malware. Such breaches may not only damage a business's reputation and result in lost customers, they can also leave the company vulnerable to lawsuits. It is with this in mind that businesses should do all they can to make sure they are protected.
The right coverage makes all the difference
Businesses looking to protect themselves should first focus on being properly insured. Cyber risk insurance is designed to guard against financial loss from data breaches and attacks to network security. This coverage can serve other business needs as well, such as privacy, crisis management, technology errors and omissions, and media and intellectual property issues. No matter what a business's needs are, a cyber risk insurance policy can be tailor-made to fit its requirements.
Businesses should contact a HUB International agent to explore their options when it comes to cyber risk insurance, as well as risk management. In addition to offering custom policies, HUB International provides numerous tools aimed at reducing the risk of cyber threats.
Preparation and prevention
Once a business has obtained the proper insurance coverage, it should focus on preparing for and preventing cyber threats. The first step is understanding what types of threats businesses must deal with.
According to the Government of Canada's official website, cyber criminals have developed dozens of ways - from email scams that target employees or malware that gathers sensitive information - to exploit the vulnerabilities of businesses. As time passes the attacks are becoming more complex and effective. Knowing what you are up against will help you protect against it.
According to a four-week study by the Government of Canada, the most common threats businesses face include:
- Viruses, worms and Trojans (100 percent)
- Malware (96 percent)
- Botnets (82 percent)
- Web-based attacks (64 percent)
- Stolen devices (44 percent)
- Malicious code (42 percent)
- Malicious insiders (30 percent)
- Phishing and social engineering (30 percent)
- Denial of service (4 percent).
It is also important for employees to be aware of these risks and understand how to prevent them. This means keeping all employees in the loop, not just those focused on the technical side of a business. The more information employees have, the easier it will be for them to avoid risky behaviors.
"Every risk is real and plausible to some degree, but some are more likely - and could have more impact - than others", according to Danny Bradbury of The Guardian. "For example, an IT person may not understand the importance of intellectual property theft, but a product development manager may realize that the theft of an important blueprint could cost the business millions. That knowledge can help IT minimize the risk of a particular network segment being compromised."
Businesses should also work on prioritizing which cyber risks could be the most damaging and focus accordingly on prevention. After all, every business is different, and certain risks will affect specific businesses more than others.
"Prioritizing cyber-risks involves understanding them in a business context," Bradbury continues. "The analysis should have two components: The likelihood of a cyber-risk occurring, and the cost to the business should it happen."
Having prioritized the risks, businesses should put plans in place to deal with their key threats, then regularly testing these plans to search for weaknesses. When a business has policies in place intended to deal with risks, it will be much easier for all involved to work on fixing a problem as quickly as possible.
Here are some tips from HUB Risk Services on how to create an effective cyber risk mitigation and response plan that will reduce your company's exposure:
- Identify key people who are responsible for risk management, information technology, legal notifications, media inquiries, public statements, and communication with business partners, vendors, and law enforcement.
- Regularly test your plan and walk through possible scenarios to identify weaknesses and make improvements.
- Maintain a data inventory - where is it located, who controls it and whether it is encrypted. Knowing what data is lost will help guide your response in the event of a data breach. If you are unable to determine the scope of the breach, you must operate and respond from the perspective of a worst-case scenario, which entails notifying regulatory agencies, customers, partners and vendors.
- Train employees on the proper procedures for handling data or transporting equipment offsite.
Remember, large organizations are not the only ones at risk. Smaller businesses can be more vulnerable than larger ones as they often use third-party hosting and information processing that can be the entry point for attacks.
If you have not already done so, contact your HUB advisor today and start developing a strategy to protect your business from cyber risks.