How do I make sure I qualify for Cyber Insurance?
With ransomware attacks are on the rise and a rapidly changing security landscape, the threat of data breaches and escalating claims have insurance companies requiring more stringent security measures are in place to qualify for cyber insurance in Canada. Businesses with any online presence or offering any remote are now required to have multi-factor authentication (MFA) and have data breach response plans in place. Multi-Factor authentication is a cornerstone to qualifying for Cyber Insurance in Canada in 2022.
While these regulations are a normal part of business operations for most larger organizations, traditionally smaller businesses have not implemented these measures. Many smaller businesses believe they are not targets and have not dedicated budget as a result. However, in addition to being lucrative targets for ransomware because of less stringent security measures, these businesses can also be used as stepping-stones by large crime syndicates or state actors trying to get a foothold in Canada.
SMBs need to rethink what data security means. Security used to mean locking down end points and networks but there is no network safe perimeter anymore. Your organization’s data security is now walking around in the pockets of employees, contractors and customers using their smartphones to do everything from work, shop and connect in life and in business.
How to adopt MFA in my business?
The best cyber security practices for most businesses include implementing MFAs in three areas:
1. Remote networks
2. Administrative access, and
3. Remote access to email.
Secure email access and secure remote network access is crucial. Most employees with email access do have the ability to check their emails remotely whether or not they are working entirely from home and emails are a data mine of sensitive information. With remote network access of any kind including email, MFAs decrease the risk of a security breach due to password theft, but for employees with administrative access, MFAs also limit a hacker’s ability to gain broader access to a compromised network.
Increasing your security stance when dealing with threat of cybercrime and resulting data loss can be painlessly achieved with an added layer of security. Multi-factor authentication can be quick to implement and eDrivium can help you adapt your current infrastructure boosting your data security and meeting stringent insurance requirements.
While you are making changes, consider offering cybersecurity awareness training for employees
IT security awareness training for employees helps to address one of the biggest factors in major security breaches: human error.
Employees are the primary target for attacks and they’re also your first line of defense. Keeping this line of defense strong will take the entire company working together. The weakest link will decide if an attack is successful. The awareness of your employees is crucial, and it should be a core part of your company culture.
What should cybersecurity awareness include?
- Viruses and other malware – provide users with an overview of some of the most common and severe security threats to businesses
- Password security and policies – employees should learn about password best practices, multi-factor authentication and how to use it
- Email, internet, and social media policies – employees need to be briefed on what they should look for in an email and common things to avoid
- The protection of company data – training for new employees should explain the regulatory and legal obligations of data protection
- Make online cybersecurity training mandatory for new employees – incorporate cybersecurity training into your onboarding program
Update and repeat training regularly
Cybersecurity is continuously evolving and staying up to date could be the difference between keeping your company safe or not. Short regular training sessions should take place at least once or twice per year.