The recent worldwide ransomware attack has many businesses asking if they require cyber insurance.
While this might seem on the surface like a great solution, the reality is even if you were insured and received a payout after an attack, you would still have to deal with the business interruption caused by having your company computers rendered inaccessible.
So while you may wish to consider Cyber Insurance, your best starting point is to ensure you have great disaster prevention measures in place and education provided for staff.
- Ensure you have the latest software updates in place at all times. It’s not worth the risk of getting behind with software updates, then suffering an attack which sneaks in before you catch up. Microsoft released a security update way back in March that (when downloaded and installed) prevented WannaCry from penetrating computers.
- Ensure your staff are educated and aware of phishing emails, email scams and they know how to spot the signs to prevent anything penetrating the front line of your business.
- Password security is a huge issue. There are two great online tools we suggest people use:
- The first is to check if your password has been compromised anywhere – if so instantly change your password on that site and anywhere else it is used. Check this here: https://hacked-emails.com/
- The second – when you are setting/resetting passwords, check how secure that password is at https://howsecureismypassword.net/ and make sure it is marked “green.”
- Don’t use any real words.
- Ensure a mix of numbers, letters, symbols, upper and lower case.
- Use different passwords in different places. If you use the same password everywhere and it is compromised, now every place you used it becomes vulnerable.
- Use a password manager and make sure it has multi-factor authentication turned on (as it will contain all your passwords). LastPass or iCloud keychain are good options.
- Use multi factor authentication (MFA) wherever possible. MFA requires something additional to just your password in order to login e.g. you receive a text with a code. If someone steals your eftpos card, it’s no good to them without your pin. With MFA if someone steals only your password, it’s no good to them without your phone as well (to receive the text message).
Proactive IT risk management is better than any cyber insurance. Insurance can complement it nicely but if your company is too loose in its approach to security you may find it difficult to get insurance, or a successful claim when something goes wrong.
If you would like to discuss this further or are interested in assistance with managing your risk, contact the Dynamo6 team today.