Blaine Dennis-  Sales and Risk Manager

So if you have not heard on 05/12/2017 a large scale ransomware attack started to spread at a rapid pace.  This “ransomware” was designed by hackers to “lock-down” systems files and demand a ransom to restore the files.  This attack hit more than 150 countries and more than 300,000 computers, demanding that the user pay anywhere from $300 to $600 to regain control of their files.  Now this attack did not just hit your average, everyday user with minimal security measures in place.  This attack targeted large corporations who spend millions on securing their systems against attacks like these.  

So what did I learn from this attack?  To put it simply, this shows that we have a growing problem with keeping up on defending the ever growing cyber attack threat.  As I am keeping up on this story my thoughts keep going back to our small to medium sized business’s who store a large amount of data relating to customers, employee’s, financials and other proprietary information.  If large corporations, with large cyber security budgets, security protocols are being pierced by these hackers, how does one in a small to medium sized organization secure their technology?  

This question is one that I am sure most small to medium sized businesses are addressing as the cyber security threat increases.  So do we throw our hands up and say I just hope it doesn’t happen to my organization?  Or do we proactively try and put safeguards in place and transfer some of our risk?  I would suggest the later and this transfer can be achieved in a multitude of ways.  First and foremost we should try to minimize the exposure to such attack by implementing best practices in regards to our technology policies.  Here are some tips to help you minimize your risk:

  1. Update your systems on a regular basis.  I would suggest you turn on auto updates to make sure updates are being completed as they come out.
  2. Back up your data on a regular basis. 
  3. Train your employees on your cyber security policy frequently.
  4. Limit physical access to your workstations.
  5. Require individual user accounts.
  6. Change passwords regularly.
  7. Have an action plan in place to respond to any potential threat and make sure all employees are trained on how to respond.

Even with all these practices in place you still can be a target for a cyber attack.  So how do you minimize the damage to your bottom line if you are affected.  One answer is to look into cyber liability and data compromise coverage.  These policies are tools you can use to transfer your monetary risk and can be tailored to fit your organization.  If your agent has not talked to you about this coverage I would suggest having a conversation with them immediately.  The majority of analysts looking into the risk of cyber attacks to organizations say that this risk is only going to increase in the coming years.