Fighting Cybercrime
HSB, a specialty insurer that is part of Munich Re, along with Trail of Bits, a New York cybersecurity firm, recently presented a “Hacker Lab” to provide risk mitigation resources for small business owners. The event showed that cybercriminals view small business both as a target and as a conduit to attack their clients and that most cyber attackers enter a company through email and browsers. HSB and Trail of Bits provided risk management tips that make sense for insurance agencies and their small business customers:
1. Outsource payment processing. Avoid handling card data on your own. Reputable vendors can protect that data better than you can.
2. Separate social media from financial activity. Use a dedicated device for online banking. Use a different device for email and social media.
3. Think beyond passwords. Never reuse them and don’t trust any website to store them securely. Set up a two-factor authentication; this sends a secret code to your phone verifying your identity.
4. Educate and train employees. Establish a written policy about data security. Educate employees about what types of information are sensitive or confidential and what their responsibilities are to protect that data. Also, most scams and malicious attacks arrive through email so be sure your team is prepared and alerts others when they are received.
5. Stay informed. Evaluate the entire chain of events in a potential attack. From assessing your email infrastructure to your users’ responsiveness to your browser’s vulnerability, identify where your organization is most at risk. Then, question the security of your business lines, vendors, suppliers or partners.
6. Stop transmission of data that is not encrypted. Mandate encryption of all data. This includes data at “rest” and “in motion.” Also consider encrypting email within your company if personal information is transmitted. Avoid using Wi-Fi networks.
7. Secure your browser. With the growing popularity of watering holes – malicious code installed on trusted websites – how do you know which websites to trust? Forget individual patches. Keep updating the latest version of your browser.
8. Secure your operating system. It’s far easier to break into older operating systems like Windows XP or OS X 10.6. Take advantage of major security improvements in newer operating systems.
9. Secure your router. Make sure someone can’t intercept all the data sent through it. It’s important to set a strong admin password on your router and a WPA2 password on your Wi-Fi.
10. Secure your data. Always have a backup. Ideally, your backups should be encrypted and off-site in case there’s a fire or burglary.
Try these and other protective measures for the sake of your employees, customers and your own business.