In today’s ever evolving cyber age, data has become one of the most valuable assets of every business. Cyber protection is essential for your business, but it’s equally critical to reduce your cyber exposures and build resiliency to prevent, or at least minimize, a cyber-attack in the first place.
What are the implications for your business if it were to suffer a data breach? Could your business recover? These are the types of questions nearly 100 business owners and entrepreneurs faced while attending Startup Peel’s #EmergingBiz Cyber Talk: Scaling Through Resiliency on July 24, 2019.
Based on the discussion, Sovereign offers four key take-aways that any business can use to help them manage their cyber exposures.
Participating in the #EmergingBiz Cyber Talk: Scaling Through Resiliency (top, left to right) Jean Nickerson, Silicon Halton; Charles Finlay, Rogers Cybersecure Catalyst; Daniel Bishun, Brampton Entrepreneur Centre; Melloney Campbell, Startup Peel; Julie Palacios, Sovereign Insurance;
(bottom, left to right) Ajay K. Sood, Symantec Canada, and Takara Small, CBC Metro Mornings, Moderator.
1. Inform and educate
"Education is key, and it’s not only an IT responsibility and risk. It’s everyone’s responsibility.”
Employee cyber security training is essential. In a corporate setting, human error is the weakest link in the security chain. Employers need to educate employees of impending risks and vulnerabilities and how to avoid them.
Cyber security should be a pillar of the corporate culture and this can be achieved in a number of ways:
- Conduct regular sessions with your employees where you can discuss real world examples of security incidents and make it relevant to what people do
- Incorporate cyber security best practices into the discussion and protocols when you’re onboarding new employees
- Train individuals on the actions they should take if they suspect a security threat, and don’t forget to periodically test individuals to affirm that they truly understand what they should be looking out for
2. Mitigate cyber risks
Here are some mitigation strategies that businesses can use to protect their data:
- Encrypt data: Encryption can be an effective cyber-crime prevention strategy, rendering data difficult to access if it falls into the wrong hands.
- Back up data and store it separately:
Backing up data and storing it separately strengthens your resiliency in the face of ransomware attacks, where attackers lock companies out of their own systems.
- Use strong passwords:
Using unique and complex passwords, changing them often and discourage password sharing
- Restrict network administration rights: Employees can’t mistakenly give away information they don’t have access to. Use robust anti-malware and firewall software. While effective anti-malware tools catch and isolate software viruses when they hit, preventing these viruses from entering your database in the first place is most important.
3. Make a plan
If you collect or store data in the course of commercial activity, you as a custodian are responsible.
On November 1, 2018, important changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) came into force . Both large and small businesses that are subject to PIPEDA must report material personal information breaches to the Privacy Commissioner and the individuals concerned, and keep records of all breaches. “If you collect or store data in the course of commercial activity, you as a custodian are responsible” said Julie.
Therefore, it’s important for businesses to develop incident response plans and put procedures in place to minimize, contain, and recover from a data breach. Incident response plans act as a roadmap to be followed by response teams when a data breach is discovered. Effective plans require the organization to understand the quantity of sensitive data that’s being stored, the type of data (personal data, customer data, intellectual property etc.), how it’s being secured, and who has access to the information.
In the face of a breach, there are two things your company can do to inform how best to respond:
- Identify a data forensics team: Independent forensic investigators can help determine the source and scope of the breach.
- Consult legal counsel: They can advise on your responsibilities under applicable provincial and federal privacy laws.
4. Lean on experts
Some insurance policies include breach preparation and crisis management services and resources.
At Sovereign Insurance, for example, we offer access to breach preparedness resources that can help your business quickly develop and execute a breach response strategy or incident management plan.
These services can include:
- Crisis management
- Notification assistance
- Breach victim remediation planning
- Media relations consulting
- Regulatory communication
- Personalized access to a breach preparedness website
Having the right type of expert to help you navigate the complexities and nuances of data security can make all the difference when you’re preparing for or facing a breach.
To be resilient is to be informed, proactive, and supported. Talk to your insurance broker to ensure you’re getting access to the resources and expertise you need to be just that.