Why Every Company Needs Cybersecurity Protection
There was a time not so long ago when only big companies were concerned with cybersecurity. Not so any more. Size doesn’t matter. Every company has valuable information that today's bad actors are eager to steal.
We're a small company. No one will bother us.
We don't have anything worth stealing.
We have antivrus software so we're protected.
We have backups.
We'll just recover our lost files.
We have cyber insurance.
We're in the cloud so we're protected.
Our MSP takes care of this for us.
If you said yes to even one of these, you're not alone. But there is more to consider than just protecting your company. You have valued customers and clients who trust you to protect them too. Fortunately, implementing the right cybersecurity protection for your company doesn't have to be complicated or expensive.
The first step is to commit to a security awareness mindset throughout your company. It starts with leadership and a step-by-step action framework.
Implement Cybersecurity Protection With a Step-by-Step Action Plan
1. Start with an IT asset management network discovery.
Where are you now? How does your existing technology framework align with your long-term strategic goals?
2. Create a documented, actionable roadmap.
The results of your technology asset discovery are the foundation for your technology planning. Every company is different, and how you address the results of your discovery should be appropriate for your company.
Also consider cybersecurity compliance requirements from third parties such as insurance coverages, regulatory compliance, business partners, and customers' compliance requirements.
3. Create the right business and technology team who will execute your plans.
Cybersecurity and technology strategy are not assignments that can be offloaded to your IT team. The success of your cybersecurity protection is shaped by strategic leadership and a shared responsiblity throughout the company.
4. We recommend a suite of proven third party services to satisfy your essential cybersecurity protection needs.
However, we always respect your existing business relationships as well as your interest in exploring other solutions. The important thing is adopting the right services that meet the needs identified in your initial discovery.
5. Agree on the selected tools and services.
Consensus on the right technologies comes from joint technical and business input and collaboration.
6. Implement tools and services incrementally.
Small steps mean everyone can continue to meet their day-to-day respnsibilities while still moving the long-term technology initiatives forward.
7. Verify and monitor the results.
Small, measurable outcomes ensure the right decisions have been made. Sometimes, things don't go as planned. That's why manageable action items are the right approach. When the results need to be reassessed, everyone is comfortable with changes.
8. Move to the next step in your technology roadmap.
You move ahead with the next action item on your roadmap. Rinse and repeat.
The 3 Essential Cybersecurity Protections Every Company Needs
1. Replace Legacy Antivirus With Proactive Endpoint Protection
Legacy antivirus software is primarily reactive.
That means it waits to be told what potential malware it should look for. The time delay between the discovery of a new virus and the download of the software update to your company's devices leaves you at significant risk.
Antivirus updates are generally released on a fixed schedule instead of as soon as they are available. The need for quick response is critical.
Each team member often has access to the antivirus settings on his desktop or laptop. There is no centralized management to ensure all devices are updated as quickly as possible.
2. Add Next Generation Advanced Endpoint Security
Next generation security protection is proactive. That's a big deal.
It's like your company's moat. Next generation antivirus is continously listening, learning, and denying entry to anyone who it thinks is an attacker.
The response is immediate. No waiting to be told what to do next.
Since this is proactive centralized protection, everyone in your company has the same continous level of security. No downloads, no overlooked devices.
3. Implement DNS Web Content Filtering
Working online is a way of life for every company. Website access, even ones we believe can be trusted, introduce an additional level of risk that you can reduce.
DNS content filtering, also referred to as web filtering, prevents exposure to malware, malicious, and suspected websites before your team members can access them.
Adding this level of protection is applied to everyone regardless of where they're working. In today's hybrid, remote, mobile, office, home work environment, a consistent security framework is just wise business.
What About Cyber Insurance?
We have heard business leaders say they have cyber insurance coverage so they're not concerned. Their insurance company has them covered. Not so.
What is Cyber Insurance?
Cyber liability is specialized business insurance coverage. This coverage is in addition to your company's general liability insurance policy and is often specifically exclused under this policy. Every insurance company has its own set of coverages, limitations, and exclusions so a careful review with your insurance agent, broker, or company representative is essential.
What is Covered by Cyber Insurance?
According to the FTC's cybersecurity resources
for small business, these are coverages you should have included in your cyber insurance policy:
Data breaches such as loss of personal information. This is especially important if your company receives, processes, transmits, or stores PII or PHI information.
Cyber attacks on your data stored by third parties.
Cyber attacks on your company's network.
Cyber attacks anywhere in the world.
Defense in a lawsuit or investigation.
Assistance in notifying customers of data breaches.
Legal assistance in determining regulatory compliance.
Recovery and replacement of lost or stolen data.
Forensic services to investigate the breach.
Compensation for employees and customers loss of personal data.
What Are Insurance Companies Requirements for Cyber Liability Coverage?
Regardless of your current insurance carrier or policy, it is important to keep these points in mind:
Cyber insurance coverage is not cybersecurity protection. This is coverage that might help you recover damages in the event of a breach or data loss.
The underwriting requirements vary by insurance company, but all companies have firm guidelines that must be met.
The 3 essential cybersecurity protections described above will generally be required by all companies.
You must be able to verify through written documentation that the underwriting requirements have been met. Simply checking the box won't be adequate in the event of a loss. A failure to comply might result in your claim being denied.
The cybersecurity controls outlined on this page are requirements we have found in some companies' underwriting requirements.
Who Is Responsible for Implementing and Monitoring Your Company's Cybersecurity Protection?
Fact: Cybersecurity is a company-wide reaponsibility. It is not a series of checkboxes that can or should be handed off to IT to do. A commitment to the responsible safeguards for company assets, employees, customers, and all trusted business partners starts with the C-suite. The right IT team will contribute to the planning, execution, and continuous monitoring of all systems and resources.
The skills to implement a robust cybersecurity plan have changed. Your valued IT team who keeps the day-to-day plates spinning might not have the cybersecurity skills necessary. It is important to understand who does what, the skills required, and then build the right team with each member contributing.
This matrix which is included in the 18 Questions to Ask Your IT Team About Your Cybersecurity Protection( Free 2022 Edition eBook)
is the place to start.