8 Simple & Cost Effective Ways to Reduce Your Cyber Risk
1. Dual Authorization
- Always have multiple people signing off on checks, ACH transactions, and wires.
- Call the vendor directly with a number you have on file or a number you can find publicly.
- Call the number on an invoice - you could be calling the hackers directly.
- Email to confirm payment details - you could be emailing the hackers directly.
2. Domain Keys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance (DKIM & DMARC/SPF)
- These are standards that authenticate your email server and help provide even more protection against being compromised.
3. Adding in MDR Services/Endpoint Protection (Also Called EDM)
- Managed detection and response (MDR) services are a great way to maintain a dedicated cyber risk management program through a third-party service without an extensive budget.
- Many MDR services provide 24/7 real-time cyber incident response(IR) and security consulting services.
4. Cloud-Based Backups That Can Be Quickly Restored
- Keeping data stored on a remote server allows users to instantly access that data in the event of an outage, failure, or cyber attack.
5. Add a Secure Email Gateway (SEG)
- What is an SEG?
- SEG is a type of software that monitors emails, both sent and received.
- They defend against spam, malicious attacks, and fraudulent content while ensuring that legitimate emails still make their way to the intended recipient.
- Popular vendors include Proofpoint, Mimecast, and Barracuda. The cost is usually less than $5 per month.
6. Multi-Factor Authentication (MFA) on Email and Remote Access to Networks
- MFA is a security measure that requires more than one method of authentication in order to confirm who a user is and grant access. This is generally free and should be implemented for email, network access, and privileged users.
- Chip and pin on debit cards
- Answering a security question to log into your bank account
- Entering a specific code that has been sent to your cell phone (this is typically used for personal bank accounts)
- This feature is included and free for most email software, but the email provider does not default you to the most secure settings. Instead, they default your settings to the easiest setup.
7. Use a Password Manager
- Password managers assist in generating and retrieving complex, strong, unique passwords.
8. Employee Training
- Employees are the weakest link, accounting for 90% of claims. Make sure to provide training and build a culture of awareness around cyber security.
- Recommended employee training: KnowBe4 – www.knowbe4.com
The descriptions of coverages listed in this article are brief and subject to the provisions, limitations, and exclusions that can only be expressed in your policy and related endorsements. For additional information of how Swingle Collins & Associates can assist in meeting your coverage needs, please contact your dedicated risk manager. The information contained in this article is provided for informational and educational purposes only. It contains general information on insurance issues and may not reflect the most current developments in insurance coverage and is unlikely to apply in all factual scenarios. The information does not include all the terms, coverages, exclusions, limitations or conditions that may be contained in the actual insurance contract language. The policies themselves must be read for those details. Sample policy forms will be made available upon reasonable request. Thank you.