Cyber Security: Back to Basics

October is Cyber Security Awareness Month. Last year, we told you all about Cyber Insurance: what it covers, who should buy it, and why it’s an important part of your commercial insurance portfolio.

This Cyber Security Awareness Month, we are going back to basics.

What is cybersecurity?

According to the international tech company Cisco, “cybersecurity is the practice of protecting systems, networks, and programs from digital attacks,” also called cyberattacks.

What is a cyberattack?

A cyberattack is the work of a cybercriminal who tries to illegally access a computer network, system or program.

There are numerous variations, but the main types of cyberattacks are:

  • Social engineering is when a cybercriminal lures sensitive information out of a victim by disguising themselves as someone else, or through other trickery.
    • Phishing – the most common type of cyberattack – is a form of social engineering wherein emails asking for credit card or banking info are sent from nefarious sources but appear to be from a trusted source. (E.g. An employee gets an email that looks to be from the CEO and “need a quick favour.”) This is also called “spoofing.”
  • Malware is any malicious software used to illegally access or damage a computer network, system or program.
    • Ransomware and spyware are two common types of malware. Both are pretty much what they sound like: ransomware is when a hacker blocks access to your systems or data until you pay a ransom; spyware is malware that steals information from your network.
    • Trojans – malicious software that hide within legitimate software – are another example of malware.

What can I do to protect my business?

Physical and digital protection are both important aspects of cybersecurity. Locking your computer with passwords, and locking your computer in a secure location combine to be a better defense than one on its own.

But it’s not just PCs that are vulnerable to cyberattacks: smartphones are also at risk (and most of us don’t physically lock up our phones when we are not using them). We can, however, still take physical steps to ensure our smartphones are secure, such as not leaving them on the seat in our car when we run into the store to grab a couple things.

While physical security is important, strong, multi-layered digital protections are the key to a robust cybersecurity system.

There are lots of things we can do to protect our networks, systems, and programs, including:

  • Keeping your employees informed about cyber risks and the steps they can take to help minimize this risk.
  • Installing antivirus and anti-malware software and keeping the software up-to-date. This will help defend against any viruses or malicious software threatening your devices.
  • Using a virtual private network (VPN), and requiring all remote workers to access the company systems through the VPN.
  • Encrypting data so even if hackers get into your system, they cannot – without the key – decrypt and steal your data.
  • Installing a cloud security software to monitor the data we store in the cloud.
  • Creating strong passwords that are at least 10 characters, and a combination of letters (upper- and lower-case), numbers, and symbols. (Last year, CNN published a list of the most common passwords to be breached, based on a study by the National Cyber Security Centre in the UK. TL:DR – don’t use 123456, password, or qwerty. Your name, your favourite sports team, and certain animals (monkey, dragon) are also risky choices.)
  • Requiring two-factor authentication for and added layer of login protection.
  • Backing up your data regularly to help you restore your data following an attack.

Since even the best cybersecurity systems cannot prevent all attacks, it is vital to have comprehensive cyber insurance in place to help you recover after an attack.

To get a quote for cyber insurance, contact your commercial insurance broker.