Experts across the industry constantly remind us that it’s only a matter of time before criminal cyber activity affects each and everyone of us. One only need scan the headlines to see how organizations large and small are targeted in an attempt to steal their intellectual and financial assets.

The nation’s critical Colonial energy pipeline was hacked and shut down last year while, to date, more than 600 clinics and hospitals have been affected by ransomware.

But, there are concrete steps we can all take to defend ourselves and our assets from being compromised. ECA member firm Marcum LLP, has identified a series of specific practices that is days is highly effective in defending against cyber attacks. 

Conduct a cybersecurity assessment so you know your exploitable risks

Have an outside expert evaluate your risks and provide a list of identified issues sorted by severity. Internal resources tend to miss material items. Start remediating and fixing anything critical right away. Do not confuse a compliance audit (SOC2, PCI ROC, etc.) with a cybersecurity assessment.

Add or improve a cybersecurity liability insurance policy

This provides coverage for key expenses in the event of a breach or loss, including, cyber forensics, legal counsel, crisis communications, notice, credit monitoring, and may cover business disruption. Claim payouts are directly impacted by how secure you can demonstrate your organization was PRIOR to the claim event. Some insurance carriers offer discounted premiums if you have had a satisfactory cybersecurity assessment done recently.

Ensure your vendors are as secure as you are

Most breaches are caused by weaknesses in third-party vendors. For example, Target with its HVAC vendor. Check your contracts for security responsibilities including rights to audit, annual reports on security from a third party, agreements for security events and co-accountability definitions. Build close relationships with your key IT/cybersecurity providers. The time to get to know them is not the day you have a major security problem. Consider dropping vendors that provide commodity or low-value products/services if they create a cybersecurity risk for you.

Build your incident response plans and test them regularly 

This starts with knowing your critical systems. How long can you operate while these systems are completely or partially down? What does it cost your business per day? Assume your systems will be down and potentially breached. Understand exactly what you need to do to get back up again. Backups are not enough, full restorations must be tested. Practice different scenarios with your leadership team.

Individual Security Measures

On a more individual level, experts remind us that there are practices we should all be following in order to minimize our personal cyber exposure. According to the U.S. government you can avoid cyber risks by taking steps in advance:

  • Limit the personal information you share online. Change privacy settings and do not use location features. 
  • Create strong passwords by using upper and lower case letters, numbers and special characters. Use a password manager and two methods of verification.
  • Keep software applications and operating systems up-todate. can avoid cyber risks by taking steps in advance: 
  • Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true, or needs your personal information. When in doubt, do NOT click.
  • Protect your home and/or business using a secure Internet connection and Wi-Fi network, change passwords regularly.
  • Don’t share PINs or passwords. Use devices that use biometric scans when possible (e.g. fingerprint scanner or facial recognition).
  • Check your account statements and credit reports regularly.
  • Be cautious about sharing personal financial information, such as your bank account number, Social Security number or credit card number. Only share personal information on secure sites that begin with //. Use a Virtual Private Network (VPN) that creates a more secure connection.
  • Use antivirus, anti-malware solutions, and firewalls.
  • Back up your files regularly in an encrypted file or encrypted file storage device.
  • Do not click on links in texts or emails from people you don’t know. Scammers can create fake links to websites.
  • Remember that the government will not call, text or contact you via social media about owing money.
  • Keep in mind that scammers may try to take advantage of financial fears by calling with work-from-home opportunities, debt consolidation offers and student loan repayment plans.