News From the Edge

Tech Tips and Advice from the Experts at Dynamic Edge

Has Your Keyboard Been Getting You Sick?

February 21, 2018 • 9:05 am

Based on some recent studies out of Infection Control and Hospital Epidemiology comes alarming evidence that many of us are getting sick from our computers and other electronic devices.

petri-dish-with-viruses

One recent study specifically out of the University of North Carolina- Chapel Hill found that bacteria are more than at home on your keyboards and phones, pressing for recommendations to regularly sanitize work spaces to prevent you and your coworkers from getting seriously ill.

The study evaluated several sorts of bacteria and the conclusions were simple: clean up your work space.

What’s specifically on that keyboard?

The UNC researchers report that on average there are at least two or more harmful microorganisms on office keyboards—in some cases, they found staph bacterium (cause of bloodstream infections). Depending on your work environment, you may be more prone for more harmful bacteria. For example, if you work in a hospital, your keyboard may be more likely to contain microorganisms patients bring in. Your home office or workspace may be housing different bacteria (or viruses) depend on where you work (even outside of the healthcare environment).

Cleaning your workspace should be an easy solution

Your Clorox wipe container’s marketing says it all—99.9% of microbial contamination is eliminated by taking the simple task to regularly wipe down surfaces (including electronics you touch on a regular basis).

Today I want to walk through some simple ways you can make sure your work environment—phones, tablets, keyboards and laptops (amongst other devices)—is preventing spread of that nasty flu bug that seems to be going around.

Here are some key take homes from recent research:

Any disinfectant will work, but wipes work better—cleaning your keyboard and devices can be as simple as using a Clorox wipe. It really doesn’t matter whether you wipe down your keys with bleach or alcohol, research finds that wiping off the surface with some type of disinfectant will keep your keyboard from harboring nasty organisms. What the research did reveal is that pre-manufactured disinfectant wipes (such as Clorox wipes) were able to keep bacteria at bay for longer times than other products.

Consider wiping down your desk every other day—Researchers found that wiping down a surface kept it clean from harmful germs for about 48 hours. To keep you and your coworkers safe, we suggest wiping down surfaces on equipment that you touch—your laptop, keyboard, phone or tablet (in addition to the surfaces on your desk) every other day to be safe. If you are in an area of high traffic or in a treatment facility (hospital or clinic), you might consider wiping things down more frequently.

Bottom line: wipe down your workspace down with disinfectant wipes often!

Not sure how to clean your electronics? Here are some tips to help you safely disinfect them:

Power Down Your Tech—before wiping down surfaces, be sure your device or computer is shut down properly. If using liquid cleaners (not disinfectant wipes), consider unplugging the adapter prior to cleaning.

Don’t spray cleaners directly onto electronics—I know you might be tempted to douse your device with a disinfectant spray, but this may hurt sensitive electronics. Spray onto a soft cloth to avoid liquids from seeping through cracks or case openings.

Avoid Alcohol On Touch Screens and Monitors—we’ve found that alcohol-based cleaners may hurt touch screens and monitors. Consider using alternative cleaners on these surfaces (bleach wipes work well).

Remember to clean tablets and phones—phones and tablets are petri dishes for bacteria and germs. Tests show that mobile devices often carry more bacteria than a toilet. Yuck!

Wipe down your phones and tablets regularly with a microfiber cloth (you can get antimicrobial cloths to ensure that germs aren’t building up on the fibers). I would recommend washing cloths regularly (probably weekly) to make sure that you’re not just spreading germs around when you wipe devices.

Cleaning That Keyboard—you might be thinking “how in the heck should I clean that keyboard?”. There are too many crevices that may go overlooked. First off, it’s a good idea to clean your keyboard and mouse daily during flu or cold season, especially if you share the computer with others.

Step 1: Unplug your keyboard from the computer (or remove batteries).

Step 2: Turn your keyboard over and shake it a few times to release any larger dust or particles.

Step 3: If you notice a lot of crumbs in between the keys, use a can of compressed air to blow out particles in hard to reach places on your keyboard (focus primarily on the top of the keyboard here). You may also use a mini-vacuum that’s designed to clean keyboards (but these are likely not very easy to come by in a typical office).

Step 4: Wipe the keyboard keys and palm rest with a disinfectant wipe (or slightly dampened lint-free microfiber cloth). I prefer the wipes because they are easy and known to clean well. Make sure your wipes aren’t overly damp—squeeze out excess liquid before wiping your keyboard.

Step 5: Immediately wipe your keyboard down with a dampened microfiber cloth to remove any residue left by the disinfectant wipe.

Step 6: Wipe up any remaining moisture with a dry microfiber cloth (or other soft cloth).

You can take similar steps above to clean your mouse—unplugging it, disinfecting it with a disinfectant wipe, wiping off any residual disinfectant with a damp microfiber cloth, then drying it with a dry microfiber cloth.

Be sure to clean any hard surface at your workplace that you touch often routinely with a disinfectant wipe (especially if more than one personal touches it). Don’t forget to clean up often forgotten surfaces like doorknobs, appliance handles and remote controls).

If we all put a little effort into keeping our office spaces (and electronics) clean, we can do our part to keep our offices healthier this flu season. As always, if you have questions about keeping your office electronics clean, don’t hesitate to call!

Will the Next Ransomware Attack Make You Unable To Bill Your Patients?

February 13, 2018 • 8:30 am

While many of us may not really care too much if we overstep a few HIPAA regulations because we’re too busy trying to keep our business afloat, we often forget that all security risks are NOT created equal. While some HIPAA regulations may simply protect very minor data leaks [yes, keeping patients safe is definitely your goal, but errors happen], big ransom attacks may cause your business to STOP.

ransom-virus

The biggest impact of a ransomware attack? On your medical billing. Without the flow of bills going out and payments getting processed and coming in, how in the heck are you going to pay for your staff and equipment?

With a ransomware attack, will you be able to continue to treat patients? Or will you start having to turn them away because you don’t have their records and don’t want to risk malpractice because your notes aren’t all where they should be (they all are encrypted from that nasty attack that just hit!).

Today I want to discuss why cybercriminals are using ransomware and how your healthcare offices, but this applies to ANY business, can protect themselves from the next ransom attack.

The ransomware economy has evolved—like any market, the ransomware economy has grown and evolved in response to how users react to infections. Because businesses have historically paid hefty ransoms to get their data recovered from an attack, more and more ransomware is being developed every day.

What criminals understand is that businesses—but especially healthcare businesses—need their data ASAP to function. Many make emotional decisions to pay ransoms to get their data back at any cost.

Ransom attacks have recently evolved to threaten to publish encrypted files if ransoms are not paid—to pressurize the likes of healthcare businesses that have special obligations to keep patient data secure.

Software vulnerabilities are being identified at an astounding rate—the software that you are using right now—maybe your Windows operating system, your EHR software or even something as seemingly benign as the application you installed to print on that new fancy printer—might be all targets for cyberattacks.

Cybercriminals are scanning networks for known vulnerabilities (vulnerabilities that companies like Microsoft, Google and Adobe are publishing with fixes) and are penetrating and infecting networks at an alarming rate.

The reason for all of these infections? Healthcare businesses (or rather their IT Support) are failing to patch (and test) their networks, leaving businesses like yours vulnerable to ransom attacks. Your IT Support needs to make sure your systems are patched (and that patches are tested to ensure that the patch actually is working). This means (1) cataloging ALL of your software and operating systems, (2) daily checking for security patch releases and (3) applying and testing patches on your network. That’s a LOT of work for just one or even a couple of guys to do consistently while having to deal with all of the other user problems eating up their time!

[Note: Dynamic Edge clients should be rest-assured that patches are applied and tested when they are released (we have a dedicated team of security specialists making sure your networks are protected).]

Businesses lack recovery plans—another reason why ransomware is SO successful in healthcare, is most IT departments or support fail to plan ahead. When a virus attacks the ENTIRE network, most IT Support react without a clear plan to move ahead, recover files and get your business generating cash flow to keep it moving forward.

Without a tested recovery plan that helps you detect if everything is working properly (and updated when new or changing security threats enter your security landscape) you may risk attacks that leave your business down for WEEKS while an untested restore process is underway. Think of your patients being told that they can’t be treated for weeks. How will that affect business?

Aging and outdated infrastructure—many IT Support companies will simply give you the lip service you want to hear. If you hear things like “we can do that” without ever getting any pushback, there’s likely something wrong.

Many IT Support companies just want your business and won’t get to the brass tax because they don’t want to rattle the cage. When IT Support companies assure that they will support older infrastructure, old operating systems and outdated software, what they aren’t telling you is behind the scenes they are simply crossing their fingers hoping everything will continue to work.

Cybercriminals are especially in tune with scoping out networks using outdated servers (such as Windows 2008 [link]) or operating systems. It is really essential that your business upgrade your infrastructure to close security gaps that may keep your business from staying in business if a cybercriminal were to ping your network.

Lack of user security training—I know that user training might seem like tedious busy work, but the fact is that most of your users have no clue how to detect the latest phishing scams and have no idea what simple steps they need to take to ensure your business doesn’t become the next ransomware victim.

Getting annual training (which I might add is a HIPAA requirement) is an important part of keeping your organization secure from cyberattacks (nearly 98% of phishing attacks nowadays are directed at ransomware infections).

We train users regularly on site at live healthcare cybersecurity training events (or through webinars every other month). Are you interested in our next webinar? (Ask us to sign you up!)

Your business doesn’t have backups figured out quite right—while many IT Support teams ensure you that your backups are working, they NEVER actually check them. Regular tested backups are a key component to making sure your business will be able to recover if a cyberattack (or any other form of disaster) were to strike.

Without good backups to recover from, your business may have lost ALL of its patient records. That means no billing, not patient care, no cash flow, NOTHING. You might as well shut the doors now if your backups aren’t working!

No cybersecurity assessment—most healthcare businesses fall to “this will never happen to us” syndrome. But the problem is, cybercriminals are seeing healthcare as more valuable targets than ever because they aren’t keeping patient records secure and patient records are worth big bucks on the Dark Web.

By overcoming the “never to us” mentality and getting an annual 3rd party cybersecurity assessment, many healthcare businesses are becoming less-likely cyber targets and better protecting themselves from unplanned downtime and outages. Malware and cyberattacks are getting more sophisticated and advanced. Is your cybersecurity keeping up? Contact Us TODAY for a network security assessment.

Why Healthcare Is Particularly Vulnerable To The Next Ransom Attack

February 6, 2018 • 9:16 am

Ransomware is hitting the healthcare field more frequently than any other industry. Why?

questions-about-ransomware

Hackers and criminals understand that healthcare data is precious. Doctors want to protect their patients. They want to keep their patient records from criminals to protect their identities and prevent data theft. They want preserve a trusting environment where patients can share what is really going on so that proper diagnoses are made and treatments administered. The care about the people under their care and don’t want to compromise best possible care (by keeping meticulous secure records to ensure patients are consistently getting care they need and not having to worry about their identities being compromised).

As a business owner, you worry about your office being up and running when it’s supposed to be. Most importantly so effective treatments are done timely, but also to get billing out and payments in. Essentially, you worry about keeping the lights on, keeping your staff paid, and keeping your medical operations running.

As we put more demands on healthcare—with an aging population or with bouts of emergencies related to outbreaks or illness, we all depend on the healthcare system to run seamlessly. But in talking to doctors and administrators, what I’ve found is that many worry that their data systems are not keeping up with even basic security to prevent them from getting ransomware and data breaches.

What I want to briefly talk about today is why ransomware is particularly successful in healthcare environments and 11 relatively straight forward steps your office should be taking or reviewing regularly to make sure your data valuable patient data is safe from ransom attacks.

With the latest attacks on clinics, hospitals, and even EHR systems becoming the norm, you should be seriously evaluating what you are doing to prevent attacks and what steps need to be taken to prevent your office from becoming a ransomware target.

Why is healthcare such a big target for ransomware?

You probably have seen in the news big headlines showing Allscripts hit by new ransomware variant and may be wondering “how do I know my patient data is safe online?” Or you may be seeing different businesses in the local news getting hit with ransomware and think “how do I know my business is safe?” These are both very legitimate and important questions to address in the current healthcare IT security landscape.

What the majority of healthcare offices often tell me is that while they’re concerned with being security compliant (they recognize that HIPAA is a concern), they don’t have the time or the resources to keep their networks secure.

With tightening margins, how can you invest EXTRA in security?

My answer to these concerns is that security should not be an extra! What the majority of businesses in healthcare fail to accomplish is getting expert IT Support that focuses their support efforts to keep healthcare compliant with security concerns. Healthcare IT Security should not be something you seek ‘a la carte’. It should be something you should be expected with the main course! That means keeping patient data secure should be a part of your IT Team’s expertise.

If your on-going support is doing what they’re supposed to be doing—that means if they understand your business strategy, know where your vulnerabilities lie and prioritize fixing critical security risks, you wouldn’t have any problems securing your network from ransomware attacks.

But your likely problem is more like this: your IT Support team DOESN’T understand security fully. They don’t know what’s all involved in keeping your team safe OR they lack the necessary resources to do everything required to ensure patient data is secure.

While the biggest objection I often hear by healthcare CEOs and administrators is that the cost to keeping their data secure is too high, what I’d argue is that the reason IT Security is too high is because you’re not dealing with an IT Support team that is trained in healthcare, trained in security (have at least one qualified CISSP on hand) and that is finding strategic ways to protect your data WITHOUT increasing spending.

And what boggles many administrator’s or CEO’s minds when we walk through a quick and painless 10-minute ransomware meeting with them to review their network’s security against the latest ransomware viruses is that their IT Support FAILED to ensure even basic security!

What can you do TODAY to start prevent ransom attacks like the latest at AllScripts?

While I would highly recommend to start with an unbiased 3rd party ransomware assessment (our assessment is a painless and often eye-opening 10 minute conversation with simple steps to eliminate your chances of getting infected with a ransom virus), here are some first steps to take to avoid being a ransom target:

Patching—I’m always surprised to see clinic, hospital and healthcare office networks WITHOUT critical security patches and updates applied. Criminals are exploiting systems that haven’t been updated or patched simply by walking their network and entering it UNDETECTED. In fact, many of the latest attacks are from IT Support staff NOT keeping patches up to date. Even worse: criminals are adding organizations that have been attacked because of un-patched networks to their list of places to attack again! (They figure, if you were too busy to patch once, why not see if you were too busy the second time). More often than not, hospitals and clinics that were attacked once are getting re-infected with new, more potent viruses a second (and even third) time.

Make sure patches are applied regularly (Microsoft releases patches at regular intervals) and that patches are tested to make sure your systems are all working once they’re applied.

Blocking unwanted traffic—blocking is another line of defense that many healthcare offices miss. I’d say that over 60% of offices I’ve had to remediate from CryptoWall, the offices had NOT updated their antivirus. Another big concern is that while many organizations have a firewall, most are outdated and not doing much to prevent more contemporary attacks from penetrating your network.

Monitoring—having an accurate understanding of what your network should look like will help you detect when suspicious or malicious activity pops up. The problem is that many healthcare organizations have no idea what a normal day looks like on their network, which makes it impossible to understand when computers are getting infected, a virus is moving or some other funny business is going on inside of your network.

Training—let’s be frank. It’s extremely hard to keep up with what’s really going on with cybercrime, phishing attacks and how to protect your users from falling victim to scams. BUT one of the biggest reasons businesses get infect is because users don’t understand (1) how to recognize scams/ ransom attacks and (2) don’t know who to contact if they think something funny is going on within their workstation.

We, as any good healthcare IT Support, train users with latest scams and best practice security hygiene on a monthly basis (live seminars) included in your basic IT Support, which is something any IT Support team should be doing if they are really thinking about your security best interests. (This is also a requirement for HIPAA compliance that can be easily checked off your To-Do list).

Response—another big vulnerability healthcare faces is responding with an attack—if you did not heed the advice above as to how to avoid getting ransomed or breached, you may be put in a very precarious situation of paying a ransom or reporting an attack to law enforcement and HHS. You’ll also need to recover files from backups and restore your records so that doctors can continue to give exceptional patient care or that your facility can run keeping patients safe and healthy.

The problem is: many healthcare organizations have not planned for disaster (or have inadequate plans that have not been tested). When you get ransomed, more often than not when we come in to assist, your IT Support is clueless and your administrators or office staff have no idea what they should do, who they should contact and how they should move forward.

Having a backup and disaster recovery plan (often referred to as a business continuity plan) is essential to recover from a ransom attack. While our IT Support DOES implement all of the aforementioned security tasks (along with many others—too many to list here) to protect healthcare business, we also help write and test a living recovery plan. We make sure that in the slightest event that something happens, that you know (1) who to contact, (2) how to restore your systems and (3) how to make sure everything is working and that you have a clear plan to get back on track, focusing on servicing your patients.

These steps are all pragmatic and should be easily implemented to ensure limiting your exposure to a ransom attack. WannaCry and more virulent and devastating CryptoWall variants are expected to persist in 2018. Had more organizations victimized by these attacks made sure their IT teams had taken more action, fewer would have suffered making risky ransom payments or data losses (in addition to reporting security breaches and paying HIPAA fines).

Are you sure you won’t fall to the next big ransom attack?

Get all the tools to protect your office. Ask us about a ransomware security assessment TODAY.

Tax Season Phishing Scams Popping Up Again With A Vengeance

January 30, 2018 • 8:13 am

Psst!…..Forward this article to your accountants, legal counsel, or anyone else on your team working with W-2 data.

email-phishing-scam

Late last week, we (along with many other security firms) identified a simple and recognizable phishing scam popping again on accountants and other folks working with W-2 forms.

The problem this year?

The scam is more complex and may confuse unsuspecting recipients. The most recent W-2 scam is more complicated than previous scams. After a first request for W-2 information (which contain sensitive information, including Social Security Numbers!), the scammer sends another spoofed email from a separate account following up on the first email—often confusing staff into divulging the requested documents.

While the IRS warns that this scam is targeted at individual consumers, security experts warn that scammer’s real target (and payload) are from businesses like yours!

What should your team be looking for?

The W-2 scam often is spoofed to come from the CEO or CFO of the company and is directed to staff in HR, payroll and an executive assistant.  In fact, some cyber criminals are so good, they research everyone in your company—either on your website, through LinkedIn or other public databases—to identify the targets of the attack. Their up-front investment of 20 minutes of research often pays off big time.

These emails often are asking for urgent attention. The CEO or CFO needs the W-2 information ASAP. Urgency in the message helps create emotion within recipients to act know (instead of thinking first). The criminals are asking for W-2s specifically in the emails because the information enclosed on a W-2 form provides sufficient information—name, address, Social Security Number and income information—to not only fraudulently file false returns and reap big refunds, but to pursue further exploits via full on identity theft.

Here is an example of an email. Let’s say your CEO is named Heather Smith and Steve Adams is your business’ payroll officer:

w2-email-scam

The email seems legitimate. It is timely in that W-2s are being processed right now. The email address seems correct. Some variations may not be sophisticated to completely spoof the sender address (i.e., the address is likely not quite right—this is one tell-tailed sign of a phishing attack). But in some instances, hackers can completely mask emails to appear as if they were sent from the correct address. In this case, we have a sophisticated attack on our hands!

Having heeded advice on how to detect phishing scams (but see our page on avoiding scams here), many users may be very suspicious of such a strange request from a first email.

The problem with the most recent W-2 scams?

Scammers aren’t giving up with just one try! They’re actually upping the ante to a secondary email that lets the user (your accountant for instance) know that they know about the first email and—in some cases—to inform the employee that that first email was in fact a scam. The second email instructs the user to send the W-2 information to a different email address (often a personal address), to something like CEO@gmail.com.

Because of their initial success, we expect the W-2 scam to be widespread for the rest of tax season. According to the IRS, scammers had over 200% gain in success rates in 2017, encouraging many more criminals to implement similar attacks in 2018. Security experts have also seen exponential growth in attacks over the past 5 years with no sign of stopping in the near future. Plus, the low cost to spoof an email, do a little background research on your business and target your employees is relatively low cost, allowing for criminals to reap big payoffs with very low upfront investment.

Bottom line: the cards all show increased W-2 scams and other sophisticated phishing scams for 2018. Scams will be written in better English and will target specific roles in your organization. Without proper training and preparedness, you may lose big bucks if you’re not careful!

What should you do to make sure you’re protecting your users?

Re-educate all of your team—it’s so easy to forget the basics of how to identify a phishing scam, but it’s also easy to overlook good security hygiene at your workplace. If you are a Dynamic Edge client, you can request personalized security training for your office. We also encourage attendance in our cybersecurity webinars, which will count towards your staff’s annual HIPAA training if you work in healthcare and need to stay compliant with HIPAA standards.

Question before your respond—make sure you send the message throughout your office that you’re never going to ask for sensitive information via email. Create a culture that questions and confirms out of the ordinary requests (for information or money) rather than simply following directives.

Never click on links in emails—one of the fastest ways into your network is by getting users to click on spoofed links to malicious websites. Instead of directly clicking on links in emails, we recommend you copying the link address and pasting it in your browser to be safe you aren’t redirected to the wrong place.

Get verbal confirmation—if you or your staff suspects that a request is funny, have them get verbal confirmation before acting. This could save you big time when it comes to divulging sensitive data or making big money transfers.

Bottom Line? Always double check. If something doesn’t seem or feel right, it likely isn’t. And if the request was legitimate, the requester probably will appreciate that you double check with them before risking sending it to a scammer.

Is your team prepared for the next big scams? Is your network vulnerable to the latest ransomware attacks? Contact us today for a FREE ransomware and network security assessment.

Got Cyber insurance? Can you afford the $50K deductible?

January 23, 2018 • 9:30 am

If you’re like many business owners nowadays, you’re probably considering options when it comes to cyber insurance. Cyber insurance will likely protect you from a variety of liabilities that you’ll incur if a cyberattack successfully penetrates your business network.

cyber-insurance

Legal Expenses—if your company is in fact breached, you’ll want to get some legal advice to be informed of all of the specific obligations you have under state, federal and local laws. A company needs to move swiftly through a breach to survive and having legal counsel experienced in cyber incidents can make a big difference.

When sensitive data gets leaked, there may be numerous legal up-hill battles in front of your business. Cyber insurance usually includes coverages concerning about any of the legal incidents.

Forensic work—when your company discovers a breach, you are obliged to determine what has happened and what information was exposed. Expert forensic examinations determine the source of the data breach or attack and, more importantly, help identify files that were touched during the breach.

Cyber insurance should help you determine what was the cause and what files were exposed during the attack—including any sensitive data—need to be evaluated and who needs to be notified of the breach.

Notifications and Press Releases—your company will be required to release a press statement and notification of a data breach. Especially if you have strong regulatory pressure—such as NCUA, PCI or HIPAA—your business will need to notify clients, associates and the public of your breach/attack.

Credit and Identity Monitoring— you will likely be responsible for ensuring identities of your users and clients are safe as a breach requirement.

Your insurance policy will cover you for most of your expenses, likely everything above.

Buy a policy and you’re set, right?

Not so fast!

Read the fine print on your policy. I’m sure your cyber insurance coverage will be contingent that your business is following cybersecurity best practices. At minimum, your insurance company will likely expect you to follow this basic IT Security regimen:

Regular updates and patches—you will be hold responsible for keeping your network up-to-date. Applying security patches across your network is one of your first bets at keeping your business secure.

Train your users—users need to understand their contribution to keeping your network safe. Understanding how to recognize phishing scams, and taking actions to keep your network secure are critical to reducing your risk of a cyber infection.

Backup your network—in the event your network gets infected with ransomware or goes down for whatever reason, having backups will keep your staff working. As long as your team is down, you won’t get cash flow—what’s needed to keeping your lights on!

Monitor your traffic—your IT Support should be vigilantly (daily) monitoring your traffic for suspicious activity. They should investigate anything that is unusual and ensure your network is clean. Monitoring is a critical step in minimizing the effect of malicious activity that may get onto your network.

Test, test, test— I can’t emphasize testing enough. If you don’t test what you do, you can’t guarantee anything is working! Test your backups to make sure you can actually restore files from them. Test patches to confirm they are applied properly. Keep a routine of always testing changes to your network so that you can identify issues and understand a root cause quickly when they pop up.

If you’re not showing persistent effort in protecting your network, you might be at risk to not be covered under your policy (and will have to foot hefty bills!).

BUT, even if you think you are taking proper precautions, many cyber insurance policies require a hefty deductible (around $50,000) before they even kick in. While the insurance policy will prevent you from having to foot the brunt of the cost of a cyberattack (which average over a half a million bucks by latest counts), you will still have a big hole in your pocket after all is said and done if you end up getting a data breach or hack.

Here are a few things to consider before signing your insurance policy.

Get a IT Security risk assessment completed.

The first step to securing your network is to set up a risk assessment and impact analysis. You need to first understand your risks before understanding where your risks lie and what your insurance policy will require. In addition, a thorough security risk assessment will help you understand what kind of coverage you will need from your insurance provider.

Prove cyber event in the case you call on your insurance provider to cover you.

In the event of a cyber incident, you will need to know specifically what your insurance provider requires for you to make a claim. For instance, you may be required to perform a forensic investigation to determine how the breach occurred (in some cases, if you were negligent in patching or keeping your network updated, the policy may not cover you).

You can think of cyber insurance in a similar way to auto insurance. Auto insurance does not give you a green light to drive drunk, just as cyber insurance does not give you the ability to overlook cyber security. Your provider will require specific levels of security to cover a cyber incident (in the event one happens).

Cybersecurity assessments required before coverage begins.

In many cases, your insurance policy will require you to have a full annual cyber security assessment done. Typically an annual assessment will evaluate all potential risks and provide you with actionable remediation steps to securing your business.

The bottom line: Cybersecurity is no joke. Having cyber insurance may be helpful in recovering from a breach, but it is no silver bullet. Your first line of defense against growing attacks is solid IT Security.

Are you thinking about getting a cyber insurance policy, but aren’t sure your business security is keeping you safe. Contact us today about getting a FREE network assessment to identify vulnerabilities.