Cyber threats are an ever-present concern across businesses, nonprofits and public entities with organizations of all sizes often targeted by advanced and evolving attacks. The annual Travelers Risk Index shows cybersecurity persistently remains a top concern. The impact of cybercrimes like ransomware attacks, social engineering fraud and business email compromise make the implementation of robust cyber readiness practices essential for every organization.
Implementing these Travelers cyber readiness practices can help achieve a high five for cyber readiness in protecting your sensitive data, trust and operations.
Security and privacy protection challenges are ubiquitous. According to Tim Francis, Travelers Enterprise Cyber Lead, protecting privacy and sensitive data is essential for all companies. He recommends all organizations adopt a culture that will constantly strive to protect systems, privacy and sensitive data.
Start with an assessment:
- Know your environment. Build and maintain an inventory of all computing equipment (including networking devices) and the software running on them. You can’t protect what you don’t know about.
- Determine how your company identifies, assesses and mitigates data security and privacy risks.
- Conduct audits or reviews of the company’s data privacy and security measures.
- Interview internal IT professionals (chief data officer, information security officer, privacy officer, data stakeholders, etc.), or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
- Identify deficiencies and/or risks and the next steps to promptly correct any issues.
Adopt These Five Cyber Readiness Practices to Help Boost Your Organization’s Cybersecurity
- Implement Multifactor Authentication (MFA): Prevention is the best defense. MFA – which requires the use of two or more authentication factors to verify the legitimacy of account access attempts – can prevent 99.9% of attacks.1 MFA should be used for all users all the time to help prevent cybercriminals from accessing a business’s system or infiltrating a network, which can lead to ransomware attacks and other cybercrime schemes perpetrated against an organization.
- Keep Systems Up to Date: Make good cyber hygiene part of your plan. Maintaining awareness and control of your IT assets is key. Your cybersecurity plan should include strategies for keeping systems up to date. An unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. It is essential to be prepared. Enable automatic updates where possible, replace unsupported systems and test and deploy available patches quickly.
- Use Endpoint Detection and Response (EDR): An EDR solution protects against malicious attacks and can provide far greater capabilities than a traditional antivirus solution. EDR can help protect and monitor every asset in an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. EDR technologies monitor for anomalous behavior on each system rather than simply searching for malware.
- Have an Incident Response (IR) Plan: The goal of an IR plan is to provide a clearly defined, focused and coordinated approach to responding to cyber incidents. This will enable the organization to limit the damage and hasten a return to normal. Getting back to business with limited impact after an attack is only one benefit of having a good IR plan. Your IR plan also shows your partners, suppliers and clients that you take cybersecurity seriously.
- Back Up Your Data: Make copies of important data and system configurations and protect them. Businesses and organizations typically store many kinds of data, using a variety of computer systems, on networks that may be local, global or somewhere in between. Data on a system or network can include Protected Health Information (PHI), Payment Card Information (PCI), Personally Identifiable Information (PII), intellectual property or other propriety or confidential information.
Backups protect that information against human errors, hardware failures, cyberattacks, power failures and natural disasters, and are one of the most important steps that an organization can take to protect against cyber risks. Backups should be frequent, regular and systematic. A best practice is the 3-2-1 backup strategy:
3. Create one primary backup and two copies of your data.
2. Save your backups to two different types of media.
1. Keep at least one backup file off-site and offline.
Choose an Insurance Provider That Offers Pre- and Post-Cyber Breach Services
Cyberattacks can happen to any organization. Travelers offers their CyberRisk policyholders pre- and post-breach services:
- Travelers eRiskHub®, powered by NetDiligence®.
- SentinelOne® Endpoint Detection and Response (EDR).
- HCL Technologies Cyber Resilience Readiness Assessment and Cyber Security Professional Consultation.
- HCL Technologies Security Coach Helpline.
- HCL Technologies cyber security training videos.
- Cyber Breach Coach®.
Travelers goes beyond insurance coverage. Get the tools you need to help your business become more cyber resilient so you can better anticipate, withstand and recover from a cyber event.