After the COVID-19 pandemic and the subsequent move from offices to virtual work environments, employers have started paying serious attention to cyber security. According to the Report “Cost of a Data Breach” from IBM, during 2020 the average cost of a data breach was 3.86 million dollars. More specifically, in the health care industry the average cost was 7.13 million dollars. Cyber security deals with the protection of all the data that is connected to your business, and your IT resources in general. For example, a virus can not only steal your data but damage your computers or servers, depending on the type of “agent” you are dealing with.
Cybersecurity can be Divided in the Following Categories:
- Network security: Focuses on secure connections.
- Software Security: Focuses on keeping software and devices free of threats.
- Information security: Protects data, both in storage and in transit.
- Operational security: Deals with handling and protecting data assets and the permissions users have when accessing a network.
- User education: Ensures that people know the best practices to ensure security in all levels of digital operations and actions. From emails to bank accounts.
- Physical Security: Focuses on physical devices and the security of those devices.
Cyber Security and Cyber Risks in the World of Insurance
The idea behind cyber security is to protect data, as it has been established. But what data, from who, and why? In the world of insurance, there are two types of important data that any firm ought to protect:
- Personally, Identifiable Information.
- Protected Health Information.
A ‘personally identifiable information’ data leak is serious, but in the insurance industry protected health information is really of much more concern. Both kinds of data give potential access to various aspects of a person’s life and its of utmost interest for both users and businesses that this data is protected.
Due to the recent government enforced lockdowns around the world, offices had to be moved to people’s homes. This created a problem since each office had their own security protocols in place. People’s personal computers do not usually come with an acceptable amount of protection for sensitive company information. In some cases, workers are not even correctly educated in regards of security across the digital space.
In the context of the pandemic, lockdowns and employees at home gave wrongdoers a golden opportunity to infiltrate businesses and steal people’s data. This is the reason why during 2020 and the ongoing year, the investment made in security across the board in business has dramatically grown, but it’s not enough. According to Accenture’s cost of cybercrime report: “almost 80 percent of organizations are introducing digitally fueled innovation faster than their ability to secure it against cyberattacks.”
“In the context of the pandemic, lockdowns and employees at home gave wrongdoers a golden opportunity to infiltrate businesses and steal people’s data. This is the reason why during 2020 and the ongoing year, the investment made in security across the board in business has dramatically grown, but it’s not enough”
A New Hope for Those Who Handle Data
Businesses already had a hard time protecting data in their offices and in a “home office” situation, risks skyrocket.
According to the 2020 Data Breach Report by Verizon, most cyber-attacks are produced because of misconfiguration errors. These errors occur when an employee with significant access to company data uploads data to the cloud, with little or no security controls. These controls often are put in place after an attack has already occurred. In that case, be the measures as they may, it is too late. What Verizon is politely saying is that people who do not know anything about cybersecurity are unintentionally letting attackers into their computers, network, or other devices.
It is both a bad and a good thing to be in 2021, since it is true that cyber risks have increased but the tools to confront attacks and the measures to secure information are also at an all-time high in sophistication and complexity.
Where to Start
A good place to start, is assessing your cybersecurity risks. Even though it sounds like a “risk management basic” it should not come as a surprise that most threats are not obvious. To say it in a few words, it is not just about having an antivirus software and be done with it. It is about conducting a thorough investigation and knowing your security assets, your risk, and your employee’s level of knowledge when it comes to best practices and what you can improve on. Here is a short list of the most important security measures you should put in place: · Have a licensed Antivirus Software and an Antimalware software. Be sure that they are up to date with a valid license (no free trials).
- Have different levels of access for sensitive data. Not all your employees should be able to access everything nor do they need to.
- Have two factor authentications in place, this has proven to be a highly difficult security measure to crack.
- Educate your people. Attackers rely on social engineering so be sure to countermeasure its effectiveness by talking to your employees and letting them know that information can be used as a weapon and that breaches are a serious issue.
- Have a Cybersecurity plan: a cybersecurity plan can help you reduce damages to the minimum in case a breach occurs and gives you all the tools to prevent it from even happening. To learn more about cybersecurity plans, do not forget to keep track of our series on cybersecurity where we will cover this matter.