We live in an age where organizations store most of their information digitally. Businesses are responsible for protecting any sensitive data like their clients’ personal information. Therefore, companies need to take appropriate steps to ensure their data isn’t breached or compromised. Having a strong understanding of the risks associated with data and IT security can help your organization avoid a privacy breach.
Risks – In order to protect your business, you need to understand the risks you may be vulnerable too.
Hackers: There are people out there who are looking to exploit vulnerabilities in computer systems and software. These peoples’ intentions are generally malevolent, and their actions can be damaging to your business. Hackers can:
- Steal or alter information
- Plant or alter code for malicious purposes
Malicious Code: Code in software systems and scripts that is meant to cause unwanted effects, security breaches, or damage to a system is known as malicious code. Three of the most common types of this code are:
- Viruses: This is a type of code that attaches itself to a program or file allowing it to spread from one computer to another. Viruses are housed in executable files (.com or .exe extensions) and require human action, like running an infected program, to infect your systems.
- Worms: A worm is a piece of code that is similar to a virus in design. Like a virus, worms spread from computer to computer; unlike a virus, they can travel unaided by human action and are self-replicating. A worm can send multiple copies of itself from each computer it has infected, allowing it to spread more effectively and efficiently than a virus.
- Trojan horse: A Trojan horse is a piece of code that is hidden in otherwise harmless software (hence being named after the Trojan Horse that infiltrated the city of Troy in Ancient Greece). Trojans vary in in capability and severity; ranging from making small alterations to your software, to creating backdoors into your systems allowing for major security breaches.
IT Risk Management
One of the best ways to manage your cyber risks is to develop an IT Risk Management plan for your business. The best risk management plans use industry best practices and standards to create proactive and reactive policies to help your business identify potential risks and hazards like unauthorized:
- access and use
- disclosure
- disruption
- modification
- or destruction
of your companies’ IT systems. Take the following into consideration when planning and implementing an IT Risk Management plan for your business:
- Your plan should consist of formal, documented policies that address: the scope, roles, responsibilities, compliance criteria, and methodology for assessing cyber risks. The plan should include an outline of all digital and IT systems used by your business including their function, importance to the organization, and the data they process and store.
- The cyber world is ever evolving, and risks are constantly changing and emerging. In order to keep your plan relevant to current cyber risks, your business should review your plan annually, or whenever there is a major change in your organization related to your IT systems.
Selecting an ISP
When selecting an ISP (Internet Service Provider) for your business, make sure you do your due diligence. An ISP provides your business with internet access and other web services. Most ISPs maintain their own web servers and offer web hosting. Many companies utilize their ISPs web hosting offerings to back up files and emails; implement firewalls; and in some cases, host their websites.
When selecting an ISP for your business, you should not only be looking to work with an ISP that can meet your needs, you should be looking for one that can best mitigate your exposure to a cyber attack or breach. When making your decision, consider the following:
- Security – Is the ISP using security best practices? Does it use SSL and encryption to protect submitted information? What is their history in terms of security breaches?
- Privacy – Does the ISP have a privacy policy? When it comes to your information, are you comfortable with: who has access, how it is handled, and how it is used?
- Services – Does the ISP you’re considering offer all the services required to meet your business’s needs? Is there the necessary technical support available to help your business utilize the ISPs services?
- Reliability – Does the ISP have a reliable history? Look into the ISP’s historical trends before making a decision. ISPs whose services are consistently unavailable due to maintenance, security issues, and high traffic volume are best avoided.
- Speed – Does the ISP have sufficient internet connection speeds to meet your business’s operational requirements?
- Recommendations – What are your peers with credible experience saying about the ISP? What are their experiences?
Protect Your Business
To mitigate your business’s risk in the digital landscape, you need to be proactive. By understanding cyber risks and your business’s vulnerabilities, implementing risk management policies to ensure your business is following IT security best practices, and utilizing the security features and services of a quality ISP; you are protecting your organization’s digital information and properties.
Unfortunately, with the ever-changing nature of digital technologies, your business will always face the risk of a cyber attack or breach. When your security measures to stop a cyber attack fail, it can be financially devastating. Cyber insurance is available to protect your business in the event of a successful attack. Our commercial brokers have the expertise to assess your business’s digital vulnerabilities and ensure you have the proper coverage to protect against a data breach.
This Cyber Risks & Security document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.
© 2018 Rayner Agencies Ltd. All rights reserved.