Stay Ahead of the Cyber Criminals

It’s time to change your cyber security policies

By Adam Puharic – President, Puharic and Associates

E-mail: Adam@puharicassociates.com

According to the 1988 film “The Hunt for Red October, a Crazy Ivan is a manuver practiced by Soviet Submarines to turn and stop suddenly as a way of determining if they are being followed.  There is no simpler metaphor to use when describing the need to innovate and develop new tactics in avoiding cyber hackers, spoofers and related criminals.

You have done all the right things so far: You have a reputable IT services provider monitoring your systems 24 hours a day.  You’ve purchased higher limits for your cyber liability insurance policy.  You change your password every other day.  What else can you do?

Many business owners and leaders have become exhausted discussing the topic of cyber security. But complacency breeds vulnerability, and the cyber criminals have not stopped innovating. Your business has transformed beneath your feet, changing the operations from a service or product delivery company, into a technology company that facilitates goods and services.

Take these five actions NOW:

1. Adopt a Password Manager and Implement MFA (Multi-Factor Authentication).

The time is well past due for you purchase a commercial password manager software.  We need strategies where we can change passwords, randomize our activities, and create a “Crazy Ivan” where cyber hackers fail to anticipate our behaviors.

And yes, immediately employ Multi-Factor Authentication on every application, on your email, on your Google profile, without exception.  Do this today.

2. You must break the silo approach to insurance and IT services. Now!  They must go hand-in-hand to protect your most valuable asset – your business.

If you currently carry cyber liability insurance, you might be familiar with the various insurance carrier questionnaires that are used to understand your company risk and develop pricing.  You may even be forward-thinking enough to share the questionnaire with your current IT services partner.  But now is the time to bring those teams together.  Schedule a three-way meeting.  Review the questionnaires of not only your current carrier, but the questions asked by every carrier your insurance professional has access to.  Demand your insurance provider expand their market reach and professional education on the topic.  Review the key critical questions with your IT services provider and develop a timeline to “get to yes,” that is, a plan to be 100% compliant with the latest insurance carrier mandates.

The simple truth that is sometimes overlooked is that the cyber insurance questionnaire is developed in response to the claims the carrier has witnessed or become wary of.  The insurance carrier is tipping their hat and showing their cards about the core areas of cyber vulnerability.  Your insurance agent has this knowledge but might not be aware of the power this knowledge can provide if put in the hands of the IT vendor you hired to protect your technology and data.  Better yet, consider partnering with an insurance professional who has developed an integrated solution that pairs insurance with an IT services provider in a collaborative, sharing and communicating environment.

3. Train your employees and create a “human firewall”, for your business.

The time has come to implement regular, company-wide awareness training designed to empower employees at every level of the company to fight and win in this new cyber war.  Employee training should focus on:

• How to create passwords that can’t be hacked.
• How to identify fraudulent, spoofed (fake) email.
• How to best protect against ransomware.

4. You must implement new technologies NOW.

Cyber liability insurance carriers are demanding that clients move towards some common and emerging technology strategies:

• A 3-2-1 backup solution (3 different backups on 2 different kinds of media, with at least 1 offline).
• Least privileged access to files (especially PII and PHI).
• Data encryption on mobile devices and backups.
• Zero-trust security. Zero Trust is a shift of network defenses toward a more comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. “Never trust, always verify.”
• Endpoint detection and response (EDR).

5. You must recognize that ignorance is no longer an option.

Finally, and most importantly, you, the business leader, need to embrace cyber security as a mission-critical center of knowledge. You must engage in a program of regular training among team members to identify and respond appropriately to cyber threats. You must provide strategic thinking and break patterns of operations to create a “hardened target” that cyber criminals will pass by for easier and more vulnerable victims. You must build system redundancy and game-plan for hacking incidents and company response.

Then change, innovate, evolve and use a “Crazy Ivan” strategy to confuse and frustrate would-be cyber criminals.

Puharic and Associates, Inc. is a professional risk management and insurance firm in Manasquan NJ.  Puharic focuses on concierge-style risk management to provide 360-degree protection for business owners by combining all insurance coverages under one roof. By creating a 3-dimensional risk profile of the business owners’ risks, from cyber to employee benefits to personal risks, Puharic and Associates helps business owners grow by creating a step-by-step plan for their protection that evolves with them. For more information, please visit www.puharicassociates.com