As our dependency on technology increases, ensuring your business is cyber-secure is more important than ever. According to the Canadian Centre for Cyber Security’s National Cyber Threat Assessment 2020, “…cybercrime remains the most common threat faced by Canadian organizations of all sizes.”
Improve your company’s cybersecurity with these best practices.
- Usage policies
Outline how employees and other stakeholders may use work devices and manage information to help your staff understand how to avoid data breaches and cyberattacks.
Detail what are acceptable and unacceptable uses of the internet, email and company devices, who the policy applies to and disciplinary actions that will be taken if misused.
- Password policy
Strong passwords are a must. A password policy should address using different passwords for different platforms and changing them regularly. A strong password is at least 8 characters, includes at least one number and symbol and a mix of lowercase and uppercase letters.
The Canadian Centre for Cyber Security recommends creating a passphrase.
- Reduce administrative access
Keep administrative access restricted to select individuals.
- Data backups
Regularly backup your data and store in a secure and encrypted location (online or physically) so it may be readily recovered. Test backups to ensure they are uncorrupted.
- Software updates
Regularly update your operating system, anti-virus and firewalls to protect against new threats.
- Employee training
Educate staff on cyber risks and company cybersecurity policies. Training should include:
- How to recognize common cyberattacks such as phishing schemes;
- What to do in response to a cyberattacks; and,
- Company cybersecurity policies (including passwords, securing devices, etc.).
- Device security
Implement automatic lock screens and train employees to lock devices when unattended. Implement “clean desk policies” to discourage employees from leaving sensitive information on their desk.
Consider two-factor authentication (2FA) – especially when employees work remotely. This requires employees to verify their login through a secondary system such as an authenticator app. For remote staff, having a VPN (Virtual Private Network) may offer additional protection.
- Ongoing risk assessments
Assess your cyber risks on an ongoing basis to adapt to changing threats.
- Response plans
Have a written plan in place to lessen the impact of a cyberattack. Include business interruption contingencies, a list of who may be affected by a breach and key contacts within and outside the company.
Keep a detailed log of incidents and responses and incorporate lessons learned into your best practices.
A proper cyber insurance policy may help your business recover from a cyberattack and might include:
- Cyber-attack response expertise – Professional support to guide you through a cyber-risk event.
- Business interruption – If revenue falls due to a cyber-attack.
- Loss or corruption of data – Addresses expenses of recovering data.
- Privacy breach –Helps cover liability expenses involving compromised third party data.
- Legal Expenses – Expenses to retain cyber/privacy legal expertise.
- Reputational injury –Costs to manage reputational damage, including hiring PR professionals.
- Cyber extortion – Ransomware is a source of severe cyber claims. Expenses include IT forensic costs and potential payment of ransom demands.
Cyber liability insurance coverage will differ from market to market. Contact your insurance professional to review your specific needs.
Click here to download the PDF.