In the wake of the recent worldwide ransomware attack that impacted so many businesses around the world, the protections afforded by cyber insurance may be looking more and more attractive. Whether your business was directly impacted or not, you likely felt the shock waves produced when many companies in diverse industries suddenly couldn’t access their data.
What this attack also showed is that, just because you’re a small business or you the industry you operate doesn’t seem like a likely target for hackers, you’re not immune from broad attacks like these, and the cost to your business can be very real. Although the direct threat from the recent attack may have passed, it’s a near certainty that another is on the horizon, and each new one may be even more disruptive than the last.
Make Sure It’s Covered
Whether you already have cyber insurance coverage in some form or are considering acquiring it for the first time, you’ll want to go over your policy carefully to make sure that ransomware and other forms of cyber extortion are covered. This is particularly important due to the relative newness of this type of coverage, which means that you can’t assume anything is standard. While it’s always a good idea to read the fine print on your business insurance policies, it’s especially essential when it comes to cyber insurance.
Specifically, ransomware protections as part of your cyber policy should cover any ransom you pay, the cost of a forensic investigation into the attack, the restoration of any data that was lost, any legal fees incurred because of the attack, and the cost of the resulting business interruption.
Of course, it’s always better if you can avoid being the victim of a ransomware attack to begin with. Although there is no way to guarantee absolute security in these situations, there are several concrete steps you can take to protect your company and limit your exposure. These include:
- Educating your employees about phishing scams, how to recognize a suspicious email, and what to do about it.
- Regularly updating software on all company systems and connected devices, and ensuring that the same thing is done for your servers, particularly if that’s something that you outsource.
- Making it a company policy to change passwords on a regular basis, possibly through mandatory prompts. You may also want to institute minimum requirements to make sure all users’ passwords are complex enough.
- Require anyone with access to your systems to use multi-factor identification.
Limiting your risk by taking these relatively simple steps will not only reduce your susceptibility to various forms of cyber-attacks, but it can also contribute to lower premiums for your cyber insurance coverage. It’s essential to remember that technology is constantly evolving, and that means you can’t simply put a few protections in place and forget about them. You need to reassess your systems on a regular basis, making sure they’re still adequate relative to the sophistication of the threats that exist, and ensuring they’re properly updated so that they can do the job they’re supposed to do.
If you’d like to learn more about the ways we can help you improve your cyber protections, as well as the excellent cyber insurance coverage we offer, download our cyber risk assessment and protection guide: