Cyber risk insurance has become an absolute must for all businesses operating in Alberta.
If you are a business owner with an eCommerce component and store sensitive customer data, then you are vulnerable to cybercriminals who are on the lookout to steal your data and sell it on the dark net for a hefty sum by launching a cyber attack.
A cyber attack can take different forms and shapes such as identity theft, phishing, denial of service, theft of information, unauthorized malware installation, or even accessing your website to post inappropriate content.
Although cyber risk insurance provides you coverage in the above instances, it is still a best practice to observe simple rules that can protect you from the malicious attempts of internet predators to steal data, disrupt your business operations and cause damage your reputation.
Make out phishing
The use of fake emails, text messages and websites can allow cybercriminals to entice staff to enter their passwords, credit card numbers and more.
Train employees to recognize phishing, especially fake emails, text messages and websites and make them aware so that they don’t get enticed to enter their passwords, credit card numbers and other personal details.
Employees should be made not to click on suspicious links or enter information on unknown websites, can help reduce the risk of sharing vital information. Examples of risky URLs include hyphens, numbers, spelling mistakes and the “@” symbol.
Store passwords securely
As a best practice passwords should be stored securely and employees must be encouraged not to write the passwords near their workstations.
Computers screens should lock quickly
Set up your computers in a way so that they lock quickly and prevent aunauthorised access even by staff with the organization.
Start a departing employee rule
Establish a rule that passwords will change when any employee leaves the company, whether on good or bad terms.
Make your website secure
Secure your website, especially if you are in eCommerce business or have a need to store sensitive customer data. It is recommended that you:
- Limit access to only a small number of employees.
- Take a back up of your system regularly.
- Review logs regularly to identify suspicious activity.
- Select a web hosting service that offers services in web security, so that security gaps can be quickly identified and fixed.
- Use generic business accounts for website contacts
Have a data recovery plan ready
Have a plan in place in case there is a disruption or a data breach. Steps include:
- Take a backup of all files and folders that are at risk during a data breach and keep updating it regularly.
- Use a backup application that provides automatic and continuous backup.
- Store backups at a secure location and keep testing them.
- Do an annual test to check system restoration so that it is always ready.
- Be ready to communicate to users, customers, clients, in case there is a breach.
- Take professional liability insurance and cyber risk insurance.
Increase your email security by having an effective spam filter that reduces the risk of cybercrimes. Tell employees to avoid clicking suspicious emails, enable HTTPS to encrypt data and assign emails based on generic departments or roles.
Avoid using public Wi-Fi for business purposes
By following this practice you can lower the risk of hackers accessing your information.
Turn off features not required
Unless needed, avoid using features like GPS, wireless connection, and geo-tracking as these will prevent cyber criminals from accessing your information.
Establish a no-apps rule
Make a no-apps policy for all devices and computers that have been provided for business purposes. In case apps are required to be downloaded for business purposes, just ensure that they are approved and are from trusted sources.
Protocols for safe access
Ensure that all devices and computers have strict access protocols. Have a password policy that makes it challenging to decipher passwords and keep changing passwords frequently.
Make a social network policy
Make a policy that restricts access of employees to social networks using the business network and through devices and computers provided to employees for business purposes.
The above rules will protect your business from cyber attacks and will serve as an added source of protection in addition to the cyber risk insurance policy that you buy.