Feel like you’re jumping into the middle? This is the last post in a four-part series. Check out the first post in this series on Cyber Security

While attackers do typically look to exploits weaknesses in cyber defenses, Coalition, a cyber security insurance company, stated 60% of claims from 2019 to 2020 resulted from human error. Likely many of those could have been avoided through education and understanding of cyber security protocols.

Here are some of the ways Metis IT can aid you in implementing a cyber security-focused infrastructure to better protect your business and your customers from potential cybercrimes or breaches.

1. Increase Email Security

Email has become common in our daily lives, both personally and professionally. But unfortunately, email is not a secure form of communication. In more than half of claims, email is the point of entry for attacks that resulted in data or financial losses. To increase security, consider an Email Hosting Provider (a platform that manages your email traffic) experienced in cyber defense and initiating a Mail Proxy, which works with an email service provider to filter out malicious emails.

 

2. Implement Multi-Factor Authentication

Did you know that four out of five email intrusions happen because of weak or stolen passwords¹? Using Multi-Factor Authentication increases security to your email, network or other business-critical systems. Some MFAs use text messages, and others use emails or phone calls to verify the identity of the person logging in. It’s likely people will be familiar with Google’s Two-Factor Authentication (2FA).

 

3. Maintain Good Data Back-ups and Regularly Update Software

Frequently backing up your data and updating software could make or break you in the case of a ransomware attack. If your critical systems become encrypted, recent full back-ups and current software could mean you are up and running with a full recovery rather than dealing with a complete loss.

 

4. Secure Remote Access

The global pandemic shifted the landscape from office-based to work-from-home, bringing about a whole new set of additional risks as company’s gave employees remote access. To increase the security of remote access, consider implementing an access management or authentication proxy, encryption, requiring stronger passwords, and limiting access or authorization to critical business data.

5. Use a Password Manager

Since it recommended to use varied passwords with a mix of numbers, letters and symbols, using a password manager increases the likelihood that employees will follow through with this practice. The password manager works like a vault, storing all the unique application and platform passwords encrypted behind one singular master password.

 

6. Scan for Malicious Software Often

Imagine for a moment how many people have to access your networks or send and receive emails within your business. Each one of those touches provides an opportunity for an attack. Having antivirus software in place and regularly scanning for viruses, worms and other malware lessens the probability of something getting into your network. Plus, Endpoint Detection and Response, EDR, is an enhanced version of antivirus software that can identify, detect and prevent threats to your cybersecurity.

 

7. Encrypt Data

By encoding your data, you essentially hide it from anyone who gains access to it through malicious intents. Encryption helps you protect private information and adds to the security of communications between client applications and servers as well as external communications.

 

8. Raise Awareness of Cyber Security

Seems like a no-brainer, but this is sometimes the overlooked link in the armor. Since cybercriminals are going to target anyone from rank-and-file workers to C-Suite level, small businesses to large corporate organizations, making everyone aware of cybersecurity protocols – and ensuring they are implementing them – is crucial to being vigilant and avoid them becoming victims of an attack that affects the whole company.

Bonus:

9. Purchase Cyber Security Insurance

Even if you do follow all the best practices, cybercrimes can still occur. In the case of a successful breach, wouldn’t you rather know that you are covered? Cyber Security Insurance coverage, such as those protections offered by our partners at Brown & Brown <http://www.bbrown.com/> may mitigate the damage and/or losses resulting from the malicious attack.

Sources : 2021 Coalition Cybersecurity Guide, CyberSecurityGuide.org/resources/cybersecurity-101

This post was co-authored with Brown & Brown

Feel like you’re jumping into the middle? This is the third post in a four-part series. Check out the first post in this series on Cyber Security

Did you know that more than 43% of cyber attacks target small businesses, who often don’t have the security and technical expertise of larger organizations? That’s according to a report from the Global Cyber Alliance. Not surprising to us at Metis IT; we see these attacks are happening all around us.

Plus, from 2019 to 2020, Coalition, a cyber-security insurance company, reported a 67% increase in the frequency of business email compromise attacks in the first half of 2020, as well as 47% increase in the average ransom demand.

How can you protect yourself then from threats to your data and network? Cyber security insurance, like that offered by our insurance partner Brown & Brown, is a protection product developed to potentially protect businesses from the effects of cybercrimes via malware, ransomware, phishing attacks and other methods attackers use to compromise your network. It can also be referred to as cyber risk insurance.

Here are some of the most common claims seen by providers of cyber security insurance:

• Funds Transfer Fraud: Through social engineering and phishing, funds are relegated to the attacker rather than the proper recipient.
• Data Breaches: Personally Identifiable Information (PII) or Protected Health Information (PHI) of your customers is exposed, allowing for the possibility of identity theft.
• Business email compromise: Email spoofing or phishing attempts can lead to data breaches or funds transfer fraud/loss.
• Ransomware/malware attacks: Data is encrypted, or systems disabled to proper business personnel, until a ransom is paid; in some cases, data may be exposed if ransom demands are not met.
• Web application compromise: Targeted attack results in a direct compromise of a web-based product, like an ecommerce platform.
• Technology errors or omissions: Failure in technology or services causes an interruption of business or even loss on behalf of the customer.

Cyber security insurance can assist businesses of all sizes in various industries in the event of a cyber attack, offering aid or recovering losses resulting from the breach or encryption through malware and ransomware. The insurance may cover hardware or loss of business income during the attack.

One possible bonus of seeking out insurance coverage is the initial assessment of your current cyber security defense. You’ll get a good picture of what you can do to increase the likelihood of fending of the initial attacks and where additional vulnerabilities may lie. Plus, you’ll have an ally to help you battle and recover in the instance of a threat or successful attack.

Insert Quote:

“We strive to provide comprehensive risk management solutions that help protect the information and people our customers value most,” says Carder Dallas, Commercial Sales Executive with Brown & Brown. “We combine integrity, innovation, and experience to offer more than just policies, but real plans for protection.”

 

How to Get Cyber Security Insurance

1. Find a broker. Just like car insurance or health insurance, you’ll want to find a reputable representative like our partners at Brown & Brown http://www.bbrown.com/ to provide you with options for your business.
2. Ask for an assessment. While you might avoid the physical for life insurance, this is not something you want to skip. This is how you understand specific risk factors you may face.
3. Once you have a good idea of what your options are and what you need, it’s time to customize your policy to meet your business’ needs.
4. Don’t forget to try out any security tools, subject matter experts or educational opportunities the cyber security insurance company offers to stay up-to-date on the latest topics and tech.

Do you want to learn more about how to protect your company and employees from cybercriminals? Don’t miss our next post!

Sources: 2021 Coalition Cybersecurity Guide, CyberSecurityGuide.org/resources/cybersecurity-101

This post was co-authored with Brown & Brown

Feel like you’re jumping into the middle? This is the second post in a four-part series. Check out the first post in this series on Cyber Security

Likely no one could have ever imagined a couple of decades ago how vast the reach the internet and technology would be today. Cellphones, tablets and laptops, plus global connectivity are commonplace now. There is an ever-expanding flow of data being created and shared across networks and interconnected digital systems.

And with millions of people depending upon technology, the internet and the constant exchange of information, cybercriminals are seemingly always looking for new and creative ways to hack into systems and steal it for their own gains and purposes.

There are three common ways that they do this, using targeted attacks through phishing, ransomware and malware. Understanding what these are and how they can affect your network security and customers’ private data is exceedingly important in today’s digital climate. These are conversations we at Metis IT have with our clients every day.

First, phishing is a cybercrime which targets emails, text messages or calls by someone posing as a legitimate individual or company to entice the victim to provide personal or private information or money. Often emails are sent with malicious attachments. These attacks are focused on large groups with the hope that at least one victim will be tricked into acting as the attacker wishes. Once the malware attachments are open, cybercriminals can obtain all kinds of information, even potentially stealing the victim’s identity.

Additionally, phishing scams can focus on one or few victims; this is called spear-phishing. Attackers are looking to gain information from specific targets in a strategic way. To target public figures or those with immense wealth or social status is referred to as whaling. Typically, the motive is to extort money from the victim.

The second way cybercriminals target businesses is through malware. This is software developed specifically to damage, disrupt or obtain unauthorized access to a computer system or server.  Delivered via email or by accessing a website, web users may be attacked through virus or spyware designed to infiltrate the network, track the user’s activity, corrupt data or hold devices hostage.

Which brings us to our third way companies may be targeted: ransomware.

Ransomware entails an attacker encrypting data or disabling devices or access to a business’ critical systems or information in exchange for a ransom. This could be extortion for money or a particular action, but the threat is in exposing, sharing, or even selling access to the data or systems if the ransom is not met.

Unfortunately, malware or ransomware may be present in an individual user’s computer or a business network for some time before being noticed. It may lay dormant until directed to activate, or it may only be noticed when the computer begins running slower or experiences frequent crashes.

Having a cyber security defense in place can help prevent these types of nefarious attacks from being successful and potentially halting your business’ productivity. Fortunately, we can discuss with you the options available.  And our friends at Brown & Brown can share information about cyber security insurance and how you can shield your systems, employee-users and data from cybercriminals.

Want to learn more about cyber security and how you can best safeguard your business and its digital presence? Check out our next blog post!

Sources: 2021 Coalition Cybersecurity Guide, CyberSecurityGuide.org/resources/cybersecurity-101, techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them

This post was co-authored with Brown & Brown