With cyber threats on the rise, Boswell Aftermarket sets out some basic guidelines to keep factor businesses safe from hackers and online intruders.
In this article, with the help of cyber security experts 4ITSec, we will look at the ways in which you can protect your business from an online attack and what insurance covers are available if a breach was to occur.
The media frequently reports on cyber threat and often cites high-profile attacks carried out by organised and sophisticated cyber criminals causing a catastrophic failure to the victim’s systems. These stories make for good reading and make the breach easier to admit to, but the reality is that the most common cause of cyber breach is due to the action or failure of someone inside the company (80%).
The majority of motor factors we see have good levels of cyber protection, especially those that use popular industry software. However, even with the most advanced technology, they are still at risk of a breach. So how do you protect your business from the human element? Here are three basic steps to help protect your business:
- Use strong passwords and ‘2FA’ (two factor authentication) as passwords alone are no longer enough. It is human nature to want a password that is easy to remember but the simpler it is the quicker a hacker will be able to crack it. There are online tools available that will indicate how strong your password is. For example, most indicate that the word ‘password’ will take a hacker under two minutes to crack. It is also imperative that passwords are not shared among employees and are changed every 30 to 60 days.
- Take care when handling large amounts of data. Employees that work with large amounts of data should be discouraged or banned from sending such data via email or transferring to an external hard drive when possible, unless this is encrypted.
- Educate staff on phishing and social engineering. Employees can inadvertently help cyber criminals gain access to company data by not understanding the potential consequences of seemingly harmless actions. Some examples include:
- Clicking on malicious email links – these links are often well disguised. Best practice is always: if the email doesn’t appear 100% genuine, don’t click on it.
- Downloading unauthorised software – even if the software itself isn’t malicious, it can contain bugs that allow cyber criminals access to your system. Best practise is to make this company policy.
- Plugging in unknown or insecure devices – the most commonly used is the USB storage stick, which can contain malicious code that will run automatically when plugged in.
Education is key, but it is recommended that desired behaviours are reinforced through company policy. Banning such activities as the use of storage sticks and downloading of software is the best way to ensure protection.
If an attack breaches your systems, be it through technical or human failure, there is insurance protection available to help you get your business back to the position it was in before the incident. As awareness has grown, so has the number of insurers offering cyber insurance.
The breadth and cost of cover varies and it is important that your broker fully understands your business in order to ensure the best advice for your requirements.
Typically, a policy will protect your IT system and data by:
- Providing practical support in the event of a data breach – including forensic investigations to establish how the breach occurred, whose data has been affected and notification costs.
- Compensation for loss of income – including damage to reputation.
- Costs arising from regulatory investigations or claims for civil damages following breaches of personal data.
- Costs of repair or restoration following damage caused by hackers.
- Protection for copyright infringement.
- Crisis containment cover – access to PR advisors to assist you in managing your reputation.
- Some policies also extend cover to ransoms and theft to funds via electronic means.
