Five Cyber Readiness Practices to Boost Your Cybersecurity
TEXT: High Five for Cyber Readiness
Cyberattacks are among the most dangerous risks facing your business today.
Black background. Red exclamation point. Exclamation points attack a computer screen that cracks. Turns into a white circle. Travelers red umbrella appears in center.
To help protect your organization from the potential threats that are becoming more common and more sophisticated than ever,
Image morphs into a blue handprint on a white background. Hand pumps forward as if giving a “high five” then five fingers split into five sections represented by blue bars.
Travelers cyber experts have identified a handful of practices that when used collectively, can help achieve a high five for cyber readiness.
Computer screen with lock shows that it is secured.
TEXT: 1 Add Multifactor Authentication
One, add Multifactor Authentication to your login process. It can help prevent unauthorized access to your systems and accounts, even if passwords are stolen.
Computer screen with bars showing a system update in progress. Indicates that it has been updated.
TEXT: 2 Update Your Systems
Two, since hackers often target outdated software and systems, update your systems regularly. Updates often contain important security patches that address known vulnerabilities.
The letters E-D-R appear inside a circle that turns into a magnifying glass scanning envelope icons representing emails. It detects two suspicious emails that turn red.
TEXT: 3 Implement Endpoint Detection and Response
Three, implement Endpoint Detection and Response or EDR, a technology that can identify suspicious activity before the rest of the corporate network is exposed to unnecessary risk.
Box with IR Plan. Turns into a check list with green checks indicating items that have been reviewed.
TEXT: 4 Have an Incident Response Plan
Four, have an Incident Response or IR plan. It should provide a clearly defined and coordinated approach to respond and limit the damage in case you are attacked.
Computer screen scrolling tabs to show system back up. Ends with a large green check mark indicating success. Morphs into a lock and then various icons representing different locations and media types.
TEXT: 5 Regularly Back Up Data
And lastly, five, regularly backup data to ensure that critical information is not lost in the event of an incident. Make sure to back up in different secure locations with different media types.
Graphic returns to the five blue bars. They join together to form an arrow pointing upward which zooms up.
TEXT: High Five You’re Cyber Ready
With these five cyber readiness practices you can prepare to stay ahead of the rapidly changing threat landscape by boosting your level of cybersecurity before, during and after an event. High five! You're cyber ready. To learn more visit travelers.com/cyber.
To learn more visit: travelers.com/cyber
Travelers Casualty and Surety Company of America and its property casualty affiliates. One Tower Square, Hartford, CT 06183. This information is for general informational purposes only and is not legal advice, consult with your own attorney or other professional advisor. Travelers does not warrant that adherence to, or compliance with, any recommendations, best practices, checklists or guidelines will result in a particular outcome. In no event will Travelers or any of its subsidiaries or affiliates be liable in tort or in contract to anyone who has access to or uses this information. Travelers does not warrant that the information herein constitutes a complete and finite list of each and every item or procedure related to the topics or issues referenced herein. This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers, nor is it a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond provisions, and any applicable law.
Cyber threats are an ever-present concern across businesses, non-profits and public entities with organizations of all sizes often targeted by advanced and evolving attacks. The annual Travelers Risk Index shows cybersecurity persistently remains a top concern. The impact of cybercrimes like ransomware attacks, social engineering fraud and business email compromise make the implementation of robust cyber readiness practices essential for every organization.
Implementing these Travelers cyber readiness practices can help achieve a high five for cyber readiness in protecting your sensitive data, trust and operations.
Security and privacy protection challenges are ubiquitous. According to Tim Francis, Travelers Enterprise Cyber Lead, protecting privacy and sensitive data is essential for all companies. He recommends all organizations adopt a culture that will constantly strive to protect systems, privacy and sensitive data.
Start with an assessment:
- Know your environment. Build and maintain an inventory of all computing equipment (including networking devices) and the software running on them. You can’t protect what you don’t know about.
- Determine how your company identifies, assesses and mitigates data security and privacy risks.
- Conduct audits or reviews of the company’s data privacy and security measures.
- Interview internal IT professionals (chief data officer, information security officer, privacy officer, data stakeholders, etc.), or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
- Identify deficiencies and/or risks and the next steps to promptly correct any issues.
Adopt These Five Cyber Readiness Practices to Help Boost Your Organization’s Cybersecurity
- Implement Multifactor Authentication (MFA): Prevention is the best defense. MFA – which requires the use of two or more authentication factors to verify the legitimacy of account access attempts – can prevent 99.9% of attacks.1 MFA should be used for all users all the time to help prevent cybercriminals from accessing a business’s system or infiltrating a network, which can lead to ransomware attacks and other cybercrime schemes perpetrated against an organization.
- Keep Systems Up to Date: Make good cyber hygiene part of your plan. Maintaining awareness and control of your IT assets is key. Your cybersecurity plan should include strategies for keeping systems up to date. An unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. It is essential to be prepared. Enable automatic updates where possible, replace unsupported systems and test and deploy available patches quickly.
- Use Endpoint Detection and Response (EDR): An EDR solution protects against malicious attacks and can provide far greater capabilities than a traditional antivirus solution. EDR can help protect and monitor every asset in an enterprise network by identifying suspicious activity before the rest of the corporate network is exposed to unnecessary risk. EDR technologies monitor for anomalous behavior on each system rather than simply searching for malware.
- Have an Incident Response (IR) Plan: The goal of an IR plan is to provide a clearly defined, focused and coordinated approach to responding to cyber incidents. This will enable the organization to limit the damage and hasten a return to normal. Getting back to business with limited impact after an attack is only one benefit of having a good IR plan. Your IR plan also shows your partners, suppliers and clients that you take cybersecurity seriously.
- Back Up Your Data: Make copies of important data and system configurations and protect them. Businesses and organizations typically store many kinds of data, using a variety of computer systems, on networks that may be local, global or somewhere in between. Data on a system or network can include Protected Health Information (PHI), Payment Card Information (PCI), Personally Identifiable Information (PII), intellectual property or other propriety or confidential information.
Backups protect that information against human errors, hardware failures, cyberattacks, power failures and natural disasters, and are one of the most important steps that an organization can take to protect against cyber risks. Backups should be frequent, regular and systematic. A best practice is the 3-2-1 backup strategy:
3. Create one primary backup and two copies of your data.
2. Save your backups to two different types of media.
1. Keep at least one backup file off-site and offline.
Choose an Insurance Provider That Offers Pre- and Post-Cyber Breach Services
Cyberattacks can happen to any organization. Travelers offers their CyberRisk policyholders pre- and post-breach services:
- Travelers eRiskHub®, powered by NetDiligence®.
- SentinelOne® Endpoint Detection and Response (EDR).
- HCL Technologies Cyber Resilience Readiness Assessment and Cyber Security Professional Consultation.
- HCL Technologies Security Coach Helpline.
- HCL Technologies cyber security training videos.
- Cyber Breach Coach®.
Travelers goes beyond insurance coverage. Get the tools you need to help your business become more cyber resilient so you can better anticipate, withstand and recover from a cyber event.
More Prepare and Prevent
Learn how cyber insurance can be essential in helping a business recover after a data breach.
It is critical that business owners know what to do in the event they are breached.
Multifactor authentication (MFA) can help stop cyber attacks by requiring a second form of verification that can block most account-compromising attacks.