Good practice last year isn’t good enough anymore.
Even cyber-insurance providers are getting more selective before accepting cover, or worse, before paying claims.
With the number of claims skyrocketing insurers are increasingly asking, “What did you do to protect yourself from the obvious and known risk from cyberhackers?”
The levels of protection you put in place 1 or 2 years ago probably aren’t adequate for the threats today. They are evolving so rapidly.
So what can you do?
Hackers aren’t waiting for you to make a decision to put protections in place.
They are spending every waking moment trying to find new ways of stealing your data. They have set themselves up as businesses to do evil. They hire the best and brightest talent, and have the latest tech – simply because it’s worth it. Its organised crime and these guys are the mafia of the modern age.
We see continuous hacks on most of our clients. These are attempts to penetrate their firewalls, or guess their passwords on Office 365. We see fake webpages through phishing attempts, and we see techniques to harvest password reset questions by asking for favourite teachers, or first cars, or favourite band on platforms like FaceBook.
That’s why your cyber-insurance and business continuity insurance providers will be starting to ask more demanding questions when you renew your cover. They are well aware of the risk and they want to know that you have taken all reasonable steps.
You need to be able to reassure them that you have:
- deep endpoint protection
- a penetration and vulnerability assessment
- data governance that is fit for purpose
- awareness programmes for all users and verification
- dark web monitoring
- multi-factor authentication and complex passwords
and so much more – the very items we have included in our KARE for Security services.
The question for you, and your insurer, is what level of protection is appropriate for your organisation so your insurer will cover you if you need to claim? That is why we have two levels of cyber-protection, and, because this isn’t static, it is why we keep investing and researching additional tools to help defend you from harm.
The Hackers are turning up their attacks on you – are you turning up your defences to match?
One quote we saw recently that rang true was:
“A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.”
What’s your next step? We’ve created a simple 9-point checklist to help you navigate the cyber-risk landscape and find the right solution for you.
Phishing emails are getting smarter every day
In the old days (ie last year!!), a dodgy email had a whiff to it – there was something that triggered your subconscious. That’s because some phishing emails were really badly written with terrible English. But others just had a sniff about them- something that made...
A cyber-criminal only needs to get lucky once. You have to stay ahead of them all day, every day
"A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.” - Combating Ransomware - A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force. The message we hear from governance boards over...
Do you know where all your organisations data is? You don’t know what you don’t know
What is 'Shadow IT'? Shadow IT refers to the various web tools informally in use within most organisations. These tools are often chosen without reference to IT or to management in general. They are often used for all the very best reasons. Your colleagues have work...
Bad news email attachments
Some emails are more than just bad news No one likes bad news! But sometimes it can’t be helped. Sometimes it sneaks up on you. One of the most common ransomware attacks is through a compromised attachment in an email. It’s easy to say “only open stuff you expect” but...
When you willingly share data, how do you stop it leaking?
Data Leak Protection (DLP) is the name of several policies in Office 365, setting up what data can, and can't be, shared and with whom. Imagine being able to automatically identify private information like passport numbers, Health IDs or bank account details and make...
Newsflash – US Nuclear secrets leaked online through Shadow IT
This sounds like a nightmare that could never happen. US soldiers have been putting sensitive information online in non-secure third party websites. It defies belief, yet we’re reading that it happened. The story popped up on ‘Gizmodo’ . It is alleged that US Soldiers...
“LOCK ‘EM UP AND THROW AWAY THE KEYS”
Password Vaults and You With more and more websites necessary for our everyday activities, it’s getting harder and harder to manage passwords. By now, you will know not to write passwords on post-it notes and paste them on your screen. It's not uncommon for...
Google Releases Security Updates
Chrome security fixes Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This update includes 14 security fixes. Out of the 14 fixes, 1 is considered to be critical in nature. If you are supported by KARE Core Fundamentals or Premium KARE...
Why you need to know all the cloud services that your organisation uses – part 2 – (US DoD Nuclear Secrets!)
People are the weakest link This sounds like a nightmare too impossible to happen. US soldiers putting sensitive information online in non-secure third party websites. It defies belief, yet we’re reading that it happened. The story popped up on ‘Gizmodo’ It is alleged...
Why you need to know all the cloud services that your organisation uses
If you don't where it is, you can't protect it. Do you know where ALL your organisation's data is - not physically, but on which web and cloud services? Here's the problem. If you don't where it is, then you can't protect it. The secondary problem is finding out,...