Ransomware is the most common type of malware. It is often mentioned in the News and media outlets because it’s one of the most damaging cyberattacks to an organization. Over the last few years, ransomware attacks have increased. Unfortunately, single mitigation or siloed measures are not enough to prevent the constantly evolving threats. It is the best interest of every organization to consider adopting a multi-layered strategy to protect their devices, systems, and networks. That way, your organization is protected against ransomware and your data is protected from natural disasters. Every strategy should include several layers of defense with several mitigation measures or security controls at each layer. In this blog, we will review 4 security controls to help your organization become cyber resilient.
No matter what security measures you implement, Assurance IT recommends that every business PREPARE their organization first. That includes planning ahead, providing security awareness training for employees, practice your recovery plan and considering cyber insurance. For more details visit the Government of Canada website.
Let’s go into each one in more detail:
Having one or two solutions in place with no incident response plan attached to it will unfortunately not protect your business. Therefore, the prepare phase is to set up an incident response plan that monitors, detects and responds to an incident. It also identifies which employees are responsible for each part of the plan as well as instructions on in case of an incident. There is a lot of planning that goes into it but consider this planning like your fire escape. The chances of a fire are slim but every building plans ahead and includes multiple fire escapes.
Today, security awareness training is the equivalent to teaching an employee how to use a computer 20 years ago. In both scenarios, the training is essential for the job. Security awareness training is essential for every person using a computer.
Security awareness training is also the most cost-effective way to add a layer of protection to your business. 95% of ransomware attacks are due to human error. Therefore, if you can reduce the chances of your employees from making an error, you are ahead of most companies. To know the security awareness training level of your employees, we recommend a staged phishing attack to see what percentage of employees click the email. Reach out to us if you have questions on how to set this up.
Now that you have an incident response plan and trained your employees, it’s time to practice a run through. This is meant to find any flaws in your plan so you can make improvements. As your organization changes (adds employees, changes goals, updates policies), your response plan might need to be updated. As a result, we suggest running a simulation every 3 months to 6 months. The run through is also meant to test how effective your response is and to see if it meets expectations. Before we compared the incident response plan to a fire escape in a building. Practicing recovery is the equivalent to a fire drill.
Cyber insurance is a fairly new industry. As a result, it’s constantly changing and updating how it serves businesses. But that doesn’t mean it doesn’t deserve some attention. Large enterprises usually get cyber insurance because they do not want to be stuck with a huge bill if they get attacked online. Cyber insurance is a security blanket in addition to their security controls. Just like you have car insurance or house insurance, cyber insurance is that peace of mind that should anything happen, you have someone in your corner. Cyber security is ideal for organizations who are proactive in their cyber security. We would recommend looking into it to get a better understanding of the pre-requisites to getting covered.
There are four security controls every business of any size needs to be cyber resilient. They include plan ahead, provide security awareness training for employees, practice recovery and consider cyber insurance. With these security controls in mind, you will foster a culture of security and cyber awareness. Book a meeting with Assurance IT, to answer your questions.