October 8, 2020
The more we evolve as a species, the more technology we create. And in today’s modern world, that technology keeps us connected and online. But as we spend more and more of our time—both work and personal—online, the more risks we see that can lead to financial loss, business disruption, and even reputation loss. In this article, we’ll cover the basics of cyber risk, who’s at risk, and how to manage and assess your cyber security risk.
What is cyber risk?
Cyber risk is often associated with a cyber or online threat to your personal or financial information. But the expanded definition of cyber risk is much broader. Any type of attack that results in a financial loss, disruption in business, or damage to your brand’s reputation is considered part of your cyber risk. And while 86% of data breaches are financially motivated, some cyber risks are only focused on damaging your reputation or delaying sales for your business. The three most common culprits in cyber breaches include credential theft, errors, and social attacks.
Your takeaway: Cyber risk is the opportunity that your business’s software or data is compromised or exposed.
Who is at risk?
While all individuals are at risk for personal financial cyber risk (namely identity theft or stolen credit cards/bank information), businesses carry a large threat as well. Spam messages, pop-ups, phishing emails, viruses, malware, and ransomware on computers, mobile devices, and networks run rampant, looking for an easy way in to then execute the right software or steal and sell data.
However, businesses that store any personal customer information (such as names, social security numbers, phone numbers, social media posts, addresses, etc.), medical information, or financial data—which likely includes the majority of businesses in operation today—are at a high risk for cyber threats.
Healthcare, manufacturing, financial services, and government agencies tend to be the industries most targeted by crime actors. Though small businesses, no matter the industry, also carry high risk.
Your takeaway: All businesses and individuals have cyber risk, but those that deal with more specific information (financial, medical, personal) are larger targets.
How can I manage cyber risk?
Understanding what the largest cyber risks are is the first step to managing cyber risk in your business. Phishing emails, ransomware, malware attacks, and weak passwords are all common attack methods, making email, online browsing, transferring files, and logging in to platforms and networks a target for cyber attacks.
While corporate leadership and IT teams (or a third-party if the IT work is outsourced) are responsible for ensuring devices and networks are secure through the proper software platforms and tools, it’s important to understand the other major cyber risk for your business—the cyber risk that comes from individuals.
Since human errors account for a large portion of data breaches, and a lack of understanding is the largest impediment (46%) to enterprise cyber security strategy, employees at all levels should know best practices for managing risk of cyber attacks.
To mitigate your cyber risk, follow these best practices:
- Determine locations of sensitive/private data.
- Conduct vulnerability assessment regularly.
- Develop an incident response plan that includes:
- Identified risk owners and contacts within the organization
- Clearly defined decision-making guidelines and associated actions
- Usable plan that isn’t overly complex (and shared with the right individuals)
- Regular tests (at least once per quarter)
- Outlined possible data loss incident types
- Clear plan to help and communicate with customers
To mitigate human errors and reduce cyber risk, follow these best practices:
- Use an email gateway to filter out malicious emails before they enter your inbox.
- Implement training to help employees identify phishing attacks.
- Encourage employees to manually navigate to websites and logins instead of clicking on links in emails.
- Train employees to never give confidential information away over the phone and to always call a verified number.
- Require multi-factor authentication.
- Require timely software updates.
- Require frequent and regular data backups.
Your takeaway: There are many ways you can mitigate your cyber risk. Implement practices for both your IT team and your entire organization.
Not only should businesses (as well as individuals) be monitoring their cyber risk with appropriate tools (such as antivirus software, proper cyber risk training, and updated operating systems), cyber insurance is a necessity in today’s modern, online world.
To assess your risk, get started with our three-question assessment quiz
Written by: [Patrick Browns]