Ransomware – it’s on the rise, and everyone could potentially be a victim, but the insurance companies are fed up. A change of thinking in the insurance landscape has resulted in some insurance companies no longer forking out the money for the growing number of ransomware claims they are receiving – and rightly so. Ransomware can be big business for criminals as it can generate a profitable return if they hit the right organization, but paying the ransom is only adding fuel to the cybercrime fire by enticing more and more people into it through the promise of huge rewards. But it needs to stop here.
For companies with a higher level of cybersecurity preparedness, ransomware can be devastating, but for those with next to no cybersecurity strategy or management, it would be catastrophic without the financial aid of insurance providers. Too often, companies rely on their Cyber Insurance to pick up the financial slack for their lack of preparedness, and this will hopefully change with insurance companies like AXA continually putting their foot down and refusing to cough up.
The importance of having an actionable cybersecurity plan is growing these days as organizations have started to realize that it is no longer a matter of IF you will be targeted but WHEN. Therefore, it remains the responsibility of the company to ensure they have the right controls and defenses enabled to best protect not only themselves but also their clients and business associates, and changes to insurance policies will push more businesses in this direction. So, what areas should your organization be focusing on to improve your level of cybersecurity preparedness?
Endpoint Protection
Connecting laptops, cell phones, tablets, IoT devices, and other wireless devices to corporate networks opens more channels for security threats, particularly if those devices do not have an adequate level of protection.
Vulnerability and Patch Management
Assessing your organizations vulnerability when it comes to cyberattacks is a must and should be a regular part of your cybersecurity preparedness strategy.
Good vulnerability management is usually done in 4 stages:
- Discover areas of vulnerability
- Report the potential systems at risks in detail
- Prioritize the vulnerabilities to be fixed based on risk level
- Respond to the prioritized list
Patch management is ensuring that all software used in the company is up to date. Software is regularly updated by the manufacturer to patch previously unknown security flaws in the existing version. If software is not continuously updated, your business will be more at risk than you realize.
Security Awareness Training
Human error accounts for a large portion of data breaches. While we can’t completely remove the human component, we can reduce the frequency with the right training. Staff should be regularly trained in cybersecurity procedures, protocols, and awareness to not only protect the business but also protect themselves.
Update Policies and Procedures
Lapsed and neglected cybersecurity policies and procedures can prevent employees in your organization from knowing how to handle a threat efficiently and effectively to stop it from infiltrating your systems further. Security policies and procedures should be regularly reviewed, updated, and incorporated into your employee training programs.
Backup
This point can’t be stressed enough. Backing up your data regularly is the simplest thing an organization can do to protect their access to critical data. In the event of a ransomware attack, the malicious actor leverages the importance of your critical data to your company and even upon payment, may not return access to it. Backing up your data will ensure that, regardless of what happens, you can access the data you need.
Of course, there is no failsafe security plan that will protect every aspect of your organization completely, but it is better to have strategies and procedures in place that will help minimize the risk of a potential attack as well as reduce the damage incurred.
Your security should not be overlooked…
Securing yourself and your organization is a constant battle and one that is never over, but if the right strategies and procedures are not in place, you can be guaranteed that you will definitely lose the fight – repeatedly. If your organization’s online security is something that you feel could be improved, then give the Merit Technologies team a call today to see what they can do to protect you.
Article provided by James Edwards.
