By maintaining a clear claims history, enforcing these cyberattack techniques in your business will help to keep your premium as low as possible.
Protection against first-party losses
1. Avoid phishing attacks
91% of all cyberattacks begin with a phishing email to an unsuspecting victim¹, which is why we’re mentioning it first. Though mainly conducted via email, phishing has evolved to now take place on social media and by text message, where a profile may impersonate a colleague or friend to get the victim to divulge sensitive information.
It's important to regularly educate your employees on the dangers of phishing and how to spot the signs in an ever-evolving digital world. A recent study found that 69% of people in the UK can recognise a phishing attack², but it only takes one person’s mistake to potentially cost your business thousands.
Reinforce the importance of preventing phishing throughout your organisation by implementing the following:
- Monthly compulsory online training
- Distribute spoof phishing emails to test whether your employees click; following up with those that do
- Educate your employees about near misses or industry examples
- Use a quarantine email system to flag and capture suspicious emails before they reach their recipient
2. Back up company data
Long gone are the days when businesses kept physical backups and hard drives – most companies should now be using a secure cloud-based file system to ensure the safety of their documents and data or be looking to transition.
The majority of network or cloud storage solutions, allow you to make backups automatically, minimising obstacles in the process and saving you time. However, if you still use physical backups, ensure that these are stored off-site, separate from a device, and are updated weekly.
Protection against third-party losses
3. Implement anti-malware protection
File sharing is a necessity for any business in the modern age. While it doesn’t make you immune to a cyber-attack, anti-virus software helps to create an extra barrier of defence between your business and a hacker. Despite training your employees, they can still get caught out by an untrustworthy or imitation website when downloading files.
Having anti-malware software in place to flag and block malicious files will help to ensure your devices are less vulnerable to threats such as trojans, ransomware and other exploits that can cause huge financial losses.
4. Enforce the use of strong password protection / 2FA
Enforcing the need for stronger passwords across your organisation by making it a requirement for business accounts, is a great way to get your employees in the same mindset. You should also require regular password changes where necessary.
Setting up two-factor authentication (2FA) can also bolster your account security and can be achieved with a variety of secure authenticator apps, which should be preferred over text message authentication. This is because text message 2FA can be more prone to exploitation from criminals conducting ‘sim-swap’ attacks.³
5. Use a Virtual Private Network (VPN)
Working from home and in flexible locations is now more commonplace than ever, meaning that your employees could be connecting to less secure networks or public Wi-Fi.
A VPN is a service that helps you stay private online by encrypting the connection between your device and the internet. Providing this to your employees working off-site prevents them from being targeted by hackers or getting discriminated against based on their location.