5 Cyber Safety Best Practices to Help Boost Your Company’s Security [Infographic]

Cyber threats remain a top concern across businesses surveyed by Travelers. As cyber threats continue to evolve, businesses of all sizes are targeted by increasingly sophisticated attacks. Ransomware attacks alone have increased over 150% in the last year¹ and impacts from other common cybercrimes, like social engineering fraud and business email compromise, can be substantial.

The Travelers Risk Index consistently shows that cyber threats are a top business concern, yet less than half of businesses say their companies have adopted basic prevention practices.² Being prepared is still the best defense against cyber threats.

Security and privacy protection challenges are ubiquitous. According to Tim Francis, Travelers Enterprise Cyber Lead, protecting privacy and sensitive data is essential for all companies. He recommends all organizations adopt a culture that will constantly strive to protect systems, privacy and sensitive data.

Start with an assessment:

• Know your environment. Build and maintain an inventory of all computing equipment (including networking devices) and the software running on them. You can’t protect what you don’t know about.
• Determine how your company identifies, assesses and mitigates data security and privacy risks.
• Conduct audits or reviews of the company’s data privacy and security measures.
• Interview internal IT professionals (chief data officer, information security officer, privacy officer, data stakeholders, etc.), or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
• Identify deficiencies and/or risks and the next steps to promptly correct any issues.

1. Implement Multifactor Authentication (MFA): Prevention is the best defense. MFA – which requires the use of two or more authentication factors to verify the legitimacy of account access attempts – can prevent 99.9% of attacks.³ MFA should be used for all users all the time to help prevent cybercriminals from accessing a business’s system or infiltrating a network, which can lead to ransomware attacks and other cybercrime schemes perpetrated against an organization.
   
   
2. Keep Systems Up to Date: Make good cyber hygiene part of your plan. Maintaining awareness and control of your IT assets is key. Your cybersecurity plan should include strategies for keeping systems up to date. An unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. It is essential to be prepared. Enable automatic updates where possible, replace unsupported systems and test and deploy available patches quickly.
   
   
3. Use Endpoint Detection and Response (EDR): An EDR solution protects against malicious attacks and can provide far greater capabilities than a traditional antivirus solution. EDR can help protect and monitor every asset in an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. EDR technologies monitor for anomalous behavior on each system rather than simply searching for malware.
   
   
4. Have an Incident Response (IR) Plan: The goal of an IR plan is to provide a clearly defined, focused and coordinated approach to responding to cyber incidents. This will enable the organization to limit the damage and hasten a return to normal. Getting back to business with limited impact after an attack is only one benefit of having a good IR plan. Your IR plan also shows your partners, suppliers and clients that you take cybersecurity seriously.
   
   
5. Back Up Your Data: Make copies of important data and system configurations and protect them. Businesses and organizations typically store many kinds of data, using a variety of computer systems, on networks that may be local, global or somewhere in between. Data on a system or network can include Protected Health Information (PHI), Payment Card Information (PCI), Personally Identifiable Information (PII), intellectual property or other propriety or confidential information.
   
   Backups protect that information against human errors, hardware failures, cyberattacks, power failures and natural disasters, and are one of the most important steps that an organization can take to protect against cyber risks. Backups should be frequent, regular and systematic. A best practice is the 3-2-1 backup strategy:
   
        3.  Create one primary backup and two copies of your data.
        2.  Save your backups to two different types of media.
        1.  Keep at least one backup file off-site and offline.

Cyberattacks can happen to any organization. Travelers offers their CyberRisk policyholders pre- and post-breach services:

• Travelers eRiskHub®, powered by NetDiligence®.
• SentinelOne® Endpoint Detection and Response (EDR).
• HCL Technologies Cyber Resilience Readiness Assessment and Cyber Security Professional Consultation.
• HCL Technologies Security Coach Helpline.
• HCL Technologies cyber security training videos.
• Cyber Breach Coach®.
• Travelers Claim services.
• Additional consultation is available through Travelers Risk Control.

Travelers goes beyond insurance coverage. Get the tools you need to help your business become more cyber resilient so you can better anticipate, withstand and recover from a cyber event.

To learn more about CyberRisk coverage and these available services, talk to your insurance agent or a Travelers representative.

Sources
¹ Security Magazine: The rising tide of cyber insurance premiums in the age of ransomware
² 2022 Travelers Risk Index
³ Microsoft: One simple action you can take to prevent 99.9 percent of attacks on your accounts