BizTOOLKIT
Neglected Cyber Hygiene Endangers Businesses By Jennifer Chenault Cyberattacks have been leading the news cycles this year after recent hacks on oil pipeline operator Colonial Pipeline and meat processor JBS shut the companies down. Cybercriminals have also devastated small businesses around the country. In the United States, the average cost of a data breach was $8.64 million, according to a study by IBM and Ponemon Institute. Businesses that offer cyber insurance know the cost will rise in the coming years as ransomware attacks become more widespread, so many are tightening coverage limits and even placing sub-limits in their ransomware coverage. Business owners should accept the reality that attacks can come at any time, and good cyber hygiene could be the difference between a regular day at work or a lockout with a multimilliondollar ransom. Employee Awareness Training
In our modern economy, most employees are connected to the inter-
118 BizTucson
<<<
Fall 2021
net through their digital devices. One computer-savvy employee isn’t enough to protect a business from a cyberattack, and employees are the front line between a business and a ransomware attack. Broad company-wide trainings can ensure that good cyber hygiene is a daily concern. Penetration Testing
Sometimes the best way to evaluate a company’s defenses is to test them with a fake cyberattack. Companies exist today that have the technical knowledge to run a simulated cyberattack on a business’ computer systems to help the company evaluate its risks and security gaps. Security Controls
To stay ahead of an attacker, network security controls can help surveil and reinforce a company’s online defenses. Businesses should invest in endpoint detection and response solutions (known as EFR) that monitor the devices that connect to a company’s network. Tested
backups and multifactor authentication (MFA) login methods require users to clear two levels of logins using additional credentials — beyond their usernames and passwords — to make breaking into a network difficult. Cyber Incident Response Plan
Creating a cyber incident response plan (also known as an IR plan) is essential to create a well-rounded defense against hackers. These IR plans are essentially instructions that explain how a company should prepare for, detect, respond to and recover from cyberattacks. With our local expertise and global reach, the team at Lovitt & Touché can lead your company through proper cyber hygiene techniques while insuring your company’s assets. Jennifer Chenault is a VP with Lovitt & Touché, helping clients create insurance programs that address their unique needs. Reach her at jchenault@lovitt-touche.com. Biz
www.BizTucson.com