November 29, 2016

Cyber security is becoming a mounting concern for businesses in Ontario and across Canada. Both large and small organizations are being targeted by hackers, and there is an increasing awareness that cyberattacks have become a risk for everyone — not just companies with large amounts of electronic data.

On October 21, the scale of this threat was put into stark relief with the massive Denial of Service (DoS) attacks on Dyn, a DNS provider based in the Eastern United States. The attacks affected a number of major Internet platforms (serviced by Dyn), including Twitter, Netflix, Reddit and a host of others.

What made this cyberattack unique was its source. DoS attacks typically come from networks of computers infected with malware (called ‘botnets’) and controlled remotely by hackers. In this case, the botnet that attacked Dyn included mostly Internet-connected devices, such as printers, cameras, smart TVs, and even baby monitors! The attack raised major concerns around the security of Internet-connected devices — often referred to as the ‘Internet of Things’.

Whether a cyberattack comes from computers or from the Internet of Things, there are certain strategies that will help protect you from these threats — no matter the circumstances. In this blog, the team at the Ostic Group Insurance will discuss a few top cyber security tips, which you can easily implement for your business.

Educate Your Employees

The main threats to your cyber security are your own employees and other users! Now, we’re not implying that your employees are thieves — just the opposite! All it takes is one forgetful person, leaving their password in the wrong place (or making their password “123456”), and your system can be compromised.

If you want to minimize this risk, it’s important to educate your employees about best practices for cyber security. Go over the topics in this blog with them. Teach them how to use the company’s network safely, especially when on non-work computers.

Make sure they use strong passwords with both upper and lower case letters, numbers and symbols — and change them every 60 to 90 days. Passwords can be cracked by hackers in a number of ways, but strong passwords will significantly decrease the likelihood of a security breach.

Protect Sensitive Data

You should add extra layers of security to protect your most valuable data. Purchase encryption software for record-keeping purposes, so you can protect sensitive information such as employment records, confidential client information, and bookkeeping.

If you have an internal program, we recommend adding a two-step authentication system. A two-step authentication will require a second confirmation after your password is entered. For example, it may send a text message to your phone with a numerical code or ask you to answer a personal security question.

Finally, implement formal policies around cyber security. Cover situations such as the use of company programs on non-work computers (make sure you log out). Your policies should also detail how often passwords must be changed, how they may be stored, and so on.

Backup Your Data Regularly

Maybe the most important tip for a small to medium-sized business! Although your records may not contain anything that will affect your business in serious ways, the loss of data can seriously impact your ability to function. In many ways, data backup is your true insurance policy!

Regular data backups will ensure you can recover important information, even if everything is lost during a breach. You won’t leave yourself open to blackmail from hackers who lock down your computers, and it protects you from simple human error at the same time.

Get Cyber, Privacy and Media Insurance

Although a data backup may cover you against the intellectual loss of a cyber attack, it will not protect you from a financial loss. That’s why it’s important to get a Cyber, Privacy and Media Insurance policy. Policies of this type are able to cover the following:

  • Any kind of data loss (electronic, personal and other)
  • Electronic privacy breaches — as well as the physical theft of electronic devices or confidential documents.
  • Theft of data stored in your own computer systems, third-party hosting, or even in the cloud.
  • All cyber crimes, including phishing scams, telephone hacks, identity theft, wire fraud and cyber extortion.
  • Marketing done through social media, blogs, emails, blog comments and so on — even if done by employees without employer’s knowledge or signoff!

To get a quote for cyber insurance, contact the Ostic Group in Ontario today!