5 Cyber Safety Best Practices to Help Boost Your Company’s Security [Infographic]
Cyber threats remain a top concern across businesses surveyed by Travelers. As cyber threats continue to evolve, businesses of all sizes are targeted by increasingly sophisticated attacks. Ransomware attacks alone have increased over 150% in the last year1 and impacts from other common cybercrimes, like social engineering fraud and business email compromise, can be substantial.
The Travelers Risk Index consistently shows that cyber threats are a top business concern, yet less than half of businesses say their companies have adopted basic prevention practices.2 Being prepared is still the best defense against cyber threats.
5 CYBER READINESS PRACTICES
As cyber threats continue to evolve, businesses of all sizes have been targeted by increasingly sophisticated attacks.1
Cyber is the #1 concern across all businesses, yet many are unprepared and have not implemented basic prevention measures.2
Here are 5 steps businesses can effectively implement to boost their cybersecurity:
1 Implement Multifactor Authentication (MFA)
2 Keep Systems Up-to-Date
3 Use Endpoint Detection and Response (EDR)
4 Have an Incident Response (IR) Plan
5 Back up your data
Learn more about how Travelers CyberRisk policyholders can become more cyber resilient with coverage and access to pre & post breach services to better anticipate, withstand and recover from a cyber event.
1Security Magazine: The Rising Tide of Cyber Insurance Premiums
22021 Travelers Risk Index
Travelers.com
Travelers Casualty and Surety Company of America and its property casualty affiliates. One Tower Square, Hartford, CT 06183
This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.
© 2022 The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries. CP-9655 Rev. 9-22
Security and privacy protection challenges are ubiquitous. According to Tim Francis, Travelers Enterprise Cyber Lead, protecting privacy and sensitive data is essential for all companies. He recommends all organizations adopt a culture that will constantly strive to protect systems, privacy and sensitive data.
Start with an assessment:
- Know your environment. Build and maintain an inventory of all computing equipment (including networking devices) and the software running on them. You can’t protect what you don’t know about.
- Determine how your company identifies, assesses and mitigates data security and privacy risks.
- Conduct audits or reviews of the company’s data privacy and security measures.
- Interview internal IT professionals (chief data officer, information security officer, privacy officer, data stakeholders, etc.), or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
- Identify deficiencies and/or risks and the next steps to promptly correct any issues.
Adopt These Five Cyber Readiness Practices to Help Boost Your Organization’s Cybersecurity
- Implement Multifactor Authentication (MFA): Prevention is the best defense. MFA – which requires the use of two or more authentication factors to verify the legitimacy of account access attempts – can prevent 99.9% of attacks.3 MFA should be used for all users all the time to help prevent cybercriminals from accessing a business’s system or infiltrating a network, which can lead to ransomware attacks and other cybercrime schemes perpetrated against an organization.
- Keep Systems Up to Date: Make good cyber hygiene part of your plan. Maintaining awareness and control of your IT assets is key. Your cybersecurity plan should include strategies for keeping systems up to date. An unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. It is essential to be prepared. Enable automatic updates where possible, replace unsupported systems and test and deploy available patches quickly.
- Use Endpoint Detection and Response (EDR): An EDR solution protects against malicious attacks and can provide far greater capabilities than a traditional antivirus solution. EDR can help protect and monitor every asset in an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. EDR technologies monitor for anomalous behavior on each system rather than simply searching for malware.
- Have an Incident Response (IR) Plan: The goal of an IR plan is to provide a clearly defined, focused and coordinated approach to responding to cyber incidents. This will enable the organization to limit the damage and hasten a return to normal. Getting back to business with limited impact after an attack is only one benefit of having a good IR plan. Your IR plan also shows your partners, suppliers and clients that you take cybersecurity seriously.
- Back Up Your Data: Make copies of important data and system configurations and protect them. Businesses and organizations typically store many kinds of data, using a variety of computer systems, on networks that may be local, global or somewhere in between. Data on a system or network can include Protected Health Information (PHI), Payment Card Information (PCI), Personally Identifiable Information (PII), intellectual property or other propriety or confidential information.
Backups protect that information against human errors, hardware failures, cyberattacks, power failures and natural disasters, and are one of the most important steps that an organization can take to protect against cyber risks. Backups should be frequent, regular and systematic. A best practice is the 3-2-1 backup strategy:
3. Create one primary backup and two copies of your data.
2. Save your backups to two different types of media.
1. Keep at least one backup file off-site and offline.
Choose an Insurance Provider That Offers Pre- and Post-Cyber Breach Services
Cyberattacks can happen to any organization. Travelers offers their CyberRisk policyholders pre- and post-breach services:
- Travelers eRiskHub®, powered by NetDiligence®.
- SentinelOne® Endpoint Detection and Response (EDR).
- HCL Technologies Cyber Resilience Readiness Assessment and Cyber Security Professional Consultation.
- HCL Technologies Security Coach Helpline.
- HCL Technologies cyber security training videos.
- Cyber Breach Coach®.
- Travelers Claim services.
- Additional consultation is available through Travelers Risk Control.
Travelers goes beyond insurance coverage. Get the tools you need to help your business become more cyber resilient so you can better anticipate, withstand and recover from a cyber event.
To learn more about CyberRisk coverage and these available services, talk to your insurance agent or a Travelers representative.
Sources
1 Security Magazine: The rising tide of cyber insurance premiums in the age of ransomware
2 2022 Travelers Risk Index
3 Microsoft: One simple action you can take to prevent 99.9 percent of attacks on your accounts
More Prepare and Prevent
4 Ways Cyber Insurance Helps Protect Your Business
Learn how cyber insurance can be essential in helping a business recover after a data breach.
4 Steps to Help Manage a Data Breach
It is critical that business owners know what to do in the event they are breached.
How Multifactor Authentication (MFA) Can Help Protect Against Cyber Threats [Video]
Multifactor authentication (MFA) can help stop cyber attacks by requiring a second form of verification that can block most account-compromising attacks.