Best Practices for Managing Cybersecurity Threats (Part 2 of 3)

In Part 1 posted a month ago, we went over passwords, multi-step authentication, personnel management precautions and processes for protecting a business’s cybersecurity. In Part 2, we recommend some internal procedures an organization can adopt preventively to mitigate cybersecurity risks. In the upcoming Part 3, we will suggest some IT related measures that will reduce cybersecurity risks, and a response plan for cyber incidents. Please note that what we recommend are not exhaustive lists; think of other measures to add to our lists. Businesses large and small face cybersecurity threats daily. No amount of prevention can give the peace of mind that a cybersecurity insurance policy can provide.

Your Company’s cybersecurity policies:

1. Establish and execute a social media policy to prevent employees from posting unauthorized corporate information on Facebook, Twitter, LinkedIn, etc.
2. Never click on a hyperlink or open a file from untrusted source.
3. Establish a Bring Your Own Device (“BYOD”) Mobile Workforce Policy: be aware of risks of attacks on mobile phones through which hackers can access your company’s network.
4. When using the corporate IT network to visit websites or sign up for services for either business or personal use, always look for the padlock and HTTPS in the address bar. If the site is unprotected or marked “not secure”, do not enter any information.
5. Be in the know about phishing websites using Domain Validated (DV) SSL Certificates to make their sites look more “real” and “trustworthy”.
6. Request everyone to sign a statement that they will follow these cybersecurity policies.
7. Set up penalties for not following those policies.

Data information storage & software:

1. Keep All Software Updated Update software as soon as it is available to keep yourself a few steps ahead of the hackers who try to find of way into your network from vulnerabilities in older versions of software.
2. Stay up to date with new technologies and best practice Know and implement the latest technology, tools, security best practices, vendors to keep your infrastructure safe online.
3. Comprehensively review all your data Businesses have a lot of data stored on IT systems, backups, in the cloud, on hard drives, and with third parties. Deduplicate and eliminate what is not really needed.

Anticipatory procedures for potential cyber security breach:

1. Prepare specific cybersecurity policies and procedures in advance for each type of incident of cyber security breach, such as stolen or lost devices, cellphone, USBs, computers that contain unencrypted data, malware, cyber extortion, etc. List step-by-step guide for each scenario, and make it accessible quickly and easily.
2. Create procedures for documenting all details for any incident, such as a chronology of events, steps for preservation of compromised systems, all parties involved and other responses. Have a process to review the preventative cybersecurity measures and the plan after every cyber incident.
3. Have lawyers’ contact info at hand in case an incident disclosures unencrypted vital information, identities info or payment card information.
4. Have contact information handy for law enforcement and cybersecurity experts.

To be continued.

Rick Callaway’s team at Pacific Diversified always go extra miles to protect businesses, their properties, employers and employees.  We focus on insuring commercial real estate such as office buildings and multi-family dwellings, apartments, restaurants, hospitalities, senior housing.  We offer cyber security insurance to all companies as well as general liability insurance. Please call 925 788 5558 for an appointment, or email: rcallaway@pdins.com
CA Insurance License #  0K07568