How Pre-Breach Planning Can Help Protect Your Company

With data breaches on the rise, companies have tightened their information security measures, shoring up their computer systems and locking down their networks. Now, instead of attempting to enter through an increasingly fortified front door, hackers are searching for new vulnerabilities. Many revolve around the person behind the computer instead of the system itself.

“The human has become a weak link and the number one target,” says Tim Francis, Travelers Enterprise Cyber Lead. Sixty-six percent of malware was installed via malicious email attachments, according to the 2017 Verizon Data Breach Investigations Report,¹ an approach that requires an unsuspecting user to allow the attacker inside the network.

Preparation is key to mitigating a potential cyber event. “Creating a human firewall by training your employees and other pre-breach activities to protect your company can have a significant effect on how quickly your business is able to recover after a breach,” says Pascal Millaire, Vice President and General Manager for Cyber Insurance at Symantec, who adds that they can also make you a less attractive target for opportunistic cyber criminals.

What Pre-Breach Steps Can Your Business Take?

1. Train your employees for today’s threats. Make sure to regularly update your cybersecurity training to reflect the latest exploits hackers are using to gain entry to company networks. Test employees on how they react to phishing and other social engineering activities, which use information readily available online to craft convincing emails and other communications with a malicious intent. Train them on how to protect your network when working remotely or when using mobile devices.
2. Encrypt and back up your critical data. With the rise of ransomware attempts, in which hackers attempt to hold data hostage unless companies pay a ransom to retrieve it, it becomes increasingly important for companies to have robust procedures to encrypt and back up critical data, and to have a plan in place to restore that data.
3. Manage your vendors. If you share data or the responsibility for managing that data with third-parties or cloud providers, make sure their information security policies are as strict as yours. In the event of a data breach, you are still the owner and responsible for the data, and for notifying affected customers and employees if sensitive information was breached.
4. Have a data protection and destruction policy. Encrypt sensitive data and require employees to follow encryption procedures when transferring data. Modern encryption, when used correctly, cannot be decoded by unauthorized users. Remember that not all data breaches involve technology. Have a policy in place for shredding paperwork containing sensitive information.
5. Consider cyber insurance. Cyber insurance provides a way for businesses and organizations to mitigate risk and, as a result, be more resilient than they would be otherwise. By combining cyber security and cyber insurance, businesses and organizations can build a stronger defense against emerging cyber threats.
6. Understand your current cybersecurity posture. Working with a cybersecurity professional can help you identify and improve areas of vulnerability. Travelers CyberRisk and CyberFirst^® policyholders can tap into pre-breach services from Symantec, including up to a one-hour coaching session, online assessments to identify areas that may need improving, and role-specific employee training videos.

While you can’t completely prevent a data breach from affecting your organization, the steps that you take today are critical to how you can recover after a breach.

Sources:
¹ http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf