Even if you were not a victim, every company should do the following three absolutely free and easy things, with the expectation that you might not be so lucky next time around:
1. Assign Responsibilities
When responding to a cyber attack, efficiency is critical. Time wasted figuring out “who’s on first” deciding who is going to do what can lead to mistakes. Certain critical tasks must be done early, such as communicating with employees, hiring attorneys and forensic computer experts, and responding to press questions. The time to decide who is going to take responsibility for each of these tasks is before an attack is discovered.
2. Cultivate a Culture of Security Awareness
By now, all employees should be aware of the threats of phishing e-mail and ransomware clickbait. But keeping employees vigilant and motivating them to do the right thing is also critical. One easy way to promote proper employee actions is to reward employees who do the right thing by alerting the IT department of threats they have received. Rather than being brushed off or treated as routine, these employees should be given a clear signal through public acknowledgement and praise that everyone has a role in cyber security.
3. Know What Information is Stored and Where
Every business has private information of some kind, even if it is limited to employee records, stored in various locations. It might be in the cloud, on multiple computer hard drives, on laptops, in paper form, file cabinets, in databases and spreadsheets. To the greatest extent possible, companies should keep an inventory of these locations and also seek keep that list of locations small. Maybe an employee’s backpack gets stolen out of the parking lot; make sure that a database of private information is not inadvertently stolen with it.
There are lots of other things, both free and that require a budget, that can be done in response to the WannaCry attack and all of the other examples of the past few years. It seems to me a good idea to preemptively create a BitCoin accounts (“wallets”) to avoid delay in responding to ransomware attacks. Insurance is available to defray the costs, including ransom amounts and business interruption expenses, that companies suffer in an attack. I will leave it to computer security experts to advise on preventative technical solutions and procedures.
It becomes more and more clear at time passes that every company should be prepared to deal with a cyber attack. If you are worried about your company’s current state in terms of data security, we highly recommend you look into Cyber Insurance. Allow us to guide you on your search step by step. Get in touch with your UniAmerica Insurance agent today or give us a call at 1-310-835-3373.