2016 was yet another year where cyber risks, data breaches and cybercrime made international headlines. From the October cyberattack on Dyn that resulted in disrupted internet service across North America and Europe, to the Yahoo data breach in December that saw 1 billion accounts compromised, to the hacking of the Democratic National Committee that resulted in thousands of leaked emails (as well as countless other incidents throughout the year), we never stopped hearing about cyber threats.
Cyber risk will no doubt be a big focus again in 2017. Whether you’re a consumer or a business owner, you need to plan ahead and assume that your private information will always be exposed to risks. In addition to taking preventative measures that can help you avoid becoming a target, you also need to ask yourself “how can I recover from a hack or data breach when I’m targeted?”. Unfortunately, most online users don’t even take the time to ensure they have adequate password security, so there’s a lot of cyber risk planning we could all benefit from in the new year.
Planning for cyber risks in 2017
Always keep in mind that you could be an easy target
When a big corporation or government experiences a data breach, it makes headlines. But increasingly, small and medium-sized businesses are the silent victims of cybercrime that you don’t hear about. Every day, Canadian small businesses suffer smaller-scale cyber attacks that may go unreported. According to a survey conducted by Public Safety Canada last August, nearly 70% of Canadian businesses have been victims of cyber attacks with an average cost of $15,000. Depending on the size and state of your business, the cost of an attack can be more than an inconvenience.
It’s safe to assume that in 2017, cyber risk will still be prevalent as cyber criminals become more sophisticated and mid-sized and smaller businesses play catch-up.
Educate and train your employees
While most people understand that cybercrime is a real threat, they might not understand specifically how they are targeted and what precautions they need to take. Understanding what risks you and your employees are exposed to and making sure that they follow company policy to ensure their safety is an important first step. Cyber security and risk management aren’t just for the IT department to worry about – they should be central to your employee education, policies and procedures.
It’s especially important for employees to understand that they may be specific targets of highly sophisticated phishing attacks. These e-mails are designed to appear as if they’re coming from other employees, executives or even suppliers. Many breaches occur due to human error or social engineering. If an employee isn’t trained to look for the right clues or speak with someone from IT before opening the e-mail or clicking on a link, your data could be stolen or held hostage by ransomware.
A cyber risk management plan
Many small businesses might have firewalls, data backup, virus scanners and the like, but those are only specifics tools that play a role in a larger plan. Managing cyber risk is just like managing any other types of risks. You need to have a formal plan in place to ensure you know what cyber risks your business is facing, how to identify those risks and how to prevent them. If you’re a Federated Insurance customer you can take advantage of our RiskWise program and speak to an expert that will help you craft a risk management strategy.
Mitigating cyber risk isn’t just about playing defence; it’s also about having a plan of action for when a data breach happens. With the proper plan in place, your business will be aware of cyber risks and your employees will know how to identify a potential incident when it occurs. Reacting quickly may also help your business contain the damage so that it’s minimized. Finally, having adequate insurance that includes cyber coverage is an essential part of a cyber risk management plan.
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.
RiskWise is a trademark of Federated Insurance Company of Canada.