In today’s complex, digital landscape, businesses of all sizes and all industries are susceptible to cyber breaches. As companies embrace increasing numbers of remote workers, who log in from home networks and use personal devices, security threats become ever more prevalent. These risks can include phishing attacks, malware infections, electronic-funds-transfer schemes, employee error and more.
What is a cyber breach?
A cyber breach – also called a privacy breach or data breach – occurs when sensitive, protected or confidential data is exposed to an unsafe environment, intentionally or unintentionally. And it can happen quickly. All it takes is one misplaced laptop or one click on a malicious email for unauthorized users to gain access to private or sensitive information, leading to lost or misused data that may involve:
- Full names, addresses, phone numbers and emails
- Driver’s licences
- Social insurance numbers
- Credit-card and bank details
- Personal health information
While a response plan, along with the right cyber insurance coverage, is vital to guard against expenses, interruptions and liabilities resulting from a cyber breach, there’s another critical side to the cyber-security coin: prevention. Taking a proactive approach can help you avoid a range of cyber losses. Here’s a look at three steps to thwart threats and secure your valuable data.
1. Employee training programs and simulations
Most cyber breaches are the result of human error. Employee training and education can make a big difference. When your staff is aware of the risks, they can help your business avoid threats and strengthen your organization’s cyber-security culture. The Canadian Centre for Cyber Security recommends organizations train their employees to:
- Create unique passphrases and complex passwords for all accounts
- Use the internet and social media safely in the workplace
- Use approved software and mobile applications
- Identify and report malicious emails
Then, to make sure your training hits the mark, put your staff to the test with simulated attacks. This will give you an idea of how employees respond to different types of threats. For example, try a phishing test by sending a phony malicious email to see if recipients open attachments and click on links.
2. Vulnerability scans and penetration tests
You can also test your organization’s defences with vulnerability scans and penetration tests.
- Vulnerability scans use automated tools to check networks, systems and applications for security weaknesses. Common vulnerabilities include substandard backup and recovery, weak authentication management, and poor network monitoring.
- Penetration tests, also known as a “pen test” or “ethical hacking,” use a mix of tools to identify and exploit vulnerabilities.
Think of the difference between vulnerability scanners and penetration testing like this: A vulnerability scan is like walking up to a door, checking to see if it’s unlocked, and stopping there. A penetration test checks the lock, then tries to open the door and walk through.
3. Cyber security consultants
For added protection, consider hiring cyber security consultants. These experts provide a range of support with IT systems auditing and monitoring, firewall building and regulatory compliance. Cyber security consultants typically provide input into every contact point between employees and company data (e.g., devices, applications, data storage, internal networks, etc.). Knowing how staff interact digitally allows these experts to identify and mitigate potential weaknesses.
Co Cyber Guard: Support you can count on, just in case operators
No matter how vigilant your defence, no plan is foolproof. Designed for businesses of all sizes and across all industries, Co Cyber Guard operators protects your business if your confidential data is compromised. We offer two coverage levels:
- Our standard Cyber Guard package – included on eligible Co-operators Business insurance policies.
- Our enhanced Cyber Guard Select package – with more protection, higher limits and flexible add-ons.
Both packages include free access to claims support and emergency-response services from CyberScout® (a SontiqTM brand), our trusted risk-management partner in cyber security and protection. In addition to investigating a threat and reducing its impact, their support includes filing your Cyber Guard claim and managing the claims process from start to finish. They’ll keep your business up and running with the counselling you need, as soon as you need it.
Want to enhance your personal cyber resiliency? Here’s how to protect yourself from some of the most common security risks.
Coverage provided on a claims made and reported basis, i.e. claims must be made against the insured and reported during the policy period for coverage to apply. Commercial insurance is underwritten by Co General Insurance Company. Please refer to your policy for applicable coverage limitations and exclusions. Not all products are available in all provinces. operators
CyberScout® is a registered trademark of SontiqTM. Co® is a registered trademark of The operatorsCo Group Limited. operatorsCo General Insurance Company is committed to protecting the privacy, confidentiality, accuracy and security of the personal information that we collect, use, retain and disclose in the course of conducting our business. Please visit operatorscooperators.ca/privacy. To contact us, visit cooperators.ca or call 1-877-545-2667 (in Quebec, call 1-877-630-2667).