You may notice a heavy emphasis on cybersecurity in many of our latest blogs and videos. The reason is simple – we believe it’s a critical concern that is being underemphasized by many organizations. Sadly, we still talk to companies who wait until they are victims before they take cyber crime seriously enough to adopt protective measures.
SN’s latest series of Tech Talk videos hit on three cyber topics worth checking out.
Cyber insurance is designed to mitigate losses associated with a cyber incident including data breaches, business interruption, network damage, and fraud and privacy violations. Typically, general liability and property insurance for businesses exclude cyber risks from their terms. Thus, cybersecurity insurance is a stand-alone type of coverage. Most insurance companies will require a certain degree of security as a precondition of coverage. Additionally, the more secure your organization is, the lower your rate will be. It would be wise to perform a vulnerability assessment BEFORE you engage in cyber insurance conversations. A vulnerability assessment provides you with an opportunity to address any issues well in advance of insurance company inquiries.
Patch management is the process of managing upgrades for software and applications, and it is a critical step in protecting your company. A patch helps to fix existing issues, but when you miss or avoid updating a patch, it creates a vulnerability that cyber criminals look for and exploit. So why isn’t patch management happening consistently? Hundreds of patches are released monthly which makes it not only a bit complex, but a significant strain on time. Ideally a company should manage patches daily, but in reality, very few companies are in a position to do so.
Cyber security can be overwhelming, particularly if you don’t have a full-time IT staff or the staff you have are strapped for time and/or resources. Many organizations are not sure how to determine if their company is even on the right track. A good starting point is to ask these questions about your technology environment:
- Do we have an incident response process in place?
- Are we managing our vulnerability?
- Is our data encrypted?
- Are we compliant with HIPPA?
- Do we communicate security practices/policies to employees?
- Are we regularly training staff on cyber security?
- Are we conducting a penetration test at least once a year?
- Depending on the answers to these questions you may range anywhere from completely vulnerable to moderately secure to fully prepared. These questions can lead to more detailed conversations about your data and its level of security, and get you moving in the right direction.
If you feel overwhelmed by technology and the risks of cyber crime, the best course of action is to partner with professionals who know exactly what to do and when to do it. You don’t need to figure it all out on your own. The first step is to zero in on weak areas by conducting a vulnerability assessment. Once you know where to focus, it’s much easier to develop a plan and implement proactive measures. Ready to take that next step towards a safer and more secure environment? Contact me today for a quick and easy vulnerability assessment.