4 Steps for Businesses to Enhance Cybersecurity

4 Steps for Businesses to Enhance Cybersecurity

A growing array of security and privacy threats, individually or in combination, poses significant financial, reputational and physical harm to businesses, organizations and the communities they serve. It is critical for organizations of all sizes to understand these various exposures and learn how to detect and address them.

"Protecting Security and Privacy in an Interconnected World", a new report from Arthur J. Gallagher & Co. (an international insurance brokerage and risk management services firm), examines common and emerging technological vulnerabilities and the steps that organizations can take to prepare for, mitigate and address them.

Adam Cottini, report author and cyber liability insurance and risk specialist, notes that cyberattacks can be financially, competitively, politically or ideologically motivated. They can even be the work of thrill-seekers with no specific agenda. These attacks can come from outside or within the organization.

Regardless of their origins or the motivations behind them, cyberattacks can have serious, potentially devastating consequences.

Common cybersecurity and privacy threats arise from:

  • Hacking – Use of a computer to gain unauthorized access to data in a system
  • Malware – Short for malicious software, malware is any software used to disrupt computer operations, gather sensitive information or gain access to private computer systems
  • Social engineering – The psychological manipulation of people into performing harmful actions or divulging confidential information
  • Human element (errors/mistakes/malicious) – While these threats may lack malicious intent, the human element is uncontrollable

Some of the most harmful consequences are:

  • Unauthorized access to Personally Identifiable Information (or PII, which includes protected health information and payment card information) as well as confidential information
  • Cyber extortion
  • Business interruption
  • Damage to data
  • Bodily injury/destruction to physical property
  • Theft of funds
  • Reputational risk (loss of trust from customers – resulting in loss of sales)

Cottini is also Managing Director of Cyber Liability Practice for Arthur J. Gallagher & Co., and he spotlights the growing threat from connected technology.

"Security may not always be the manufacturer's top priority because considerations such as speed to market and returns on investment tend to overshadow the investment in security," he said.

"The more networked technology we use, the more ways there are for hackers to infiltrate databases and cause financial or physical harm. Thus, there is a growing need for organizations and individuals to be vigilant in protecting connected systems from the consequences of these threats."

4 immediate steps for organizations to ensure that they are better prepared when a data breach occurs:

  1. Bringing together representatives from all functional areas with responsibilities for managing cyber risk to identify and set high-level security priorities, understanding that reducing this risk involves more than an organization's information technology team
  2. Cultivating an internal culture of security awareness, educating and training employees to report suspicious activity or potential/actual breaches
  3. Developing an Incident Response Plan detailing the organization's process for addressing a potential or known breach
  4. Interviewing multiple qualified breach response attorneys in advance of a breach, and selecting more than one, in the event that a conflict arises

Common best practices that may help organizations prevent network security intrusions include using secure remote access methods, segmenting networks and applying appropriate access controls, implementing necessary patches and updates and applying firewalls.

Insurance coverages

Insurance coverages can come into play in the event of a cyber breach, including the third-party liability and first-party breach response and operational costs that are eligible for coverage under a traditional cyber insurance policy.

Some cyber exposures, including many related to the Internet of Things, are not covered by a traditional cyber policy but may be covered under other property/casualty insurance policies.

Cottini also details the critical steps that organizations should take immediately after a breach has been detected to ensure that insurance applies.

Given the number of coverage variables, Cottini finally recommends that organizations seek the advice of an insurance broker with expertise in cyber insurance to avoid encountering any unanticipated coverage gaps if a breach occurs.

Additional information related to this topic and cybersecurity jobs can be found here.

Article published by icrunchdata
Image credit by Getty Images, DigitalVision Vectors, id-work
Want more? For Job Seekers | For Employers | For Contributors