Top Cybersecurity FAQs: Startups and Emerging Businesses
Q: Does my business need cybersecurity insurance? Due to the high level of cyber risk in today’s business environment and exclusions for cyber events in other types of insurance policies, most businesses need cyber liability insurance coverage. However, the terms and exclusions contained within cyber insurance policies vary widely, so businesses should select and review cyber policies carefully. Obtaining legal assistance in assessing policy terms is recommended to ensure the policy adequately addresses risks unique to the business. Furthermore, startups and emerging businesses should pay attention to exclusions, such as coverage exclusions for failure to obtain minimum security standards, to ensure that they do not fail to adopt necessary cybersecurity measures and thereby undermine the coverage they have purchased. Q: How do I put a cybersecurity policy in place? A cybersecurity policy should be specific to your business and may vary depending on your industry and the information your business collects. It is important to first assess your overall compliance and conduct a security audit of your IT assets and practices, as well as develop a thorough understanding of the data your business collects and stores. A cybersecurity policy should inform company employees and contractors of their requirements in protecting the IT assets of the company and identifying the primary threats to those assets. A policy will outline acceptable use of the company’s IT assets, including protocols related to password management, secure file transfers, software updates, malware scans, use of social media and privacy settings, and other security guidelines designed to protect your business from cyberattacks. Q: What are the best methods for protecting my business against ransomware attacks? Ransomware attacks are often delivered through phishing emails that appear as if they were sent from legitimate sources. Such phishing schemes are growing more sophisticated, and it is more important than ever to routinely train your employees and independent contractors on how to spot these and other cybersecurity threats. Businesses should implement mandatory trainings throughout the year (or on an annual basis at minimum) and follow such trainings with phishing simulations to test real-world response. Businesses can protect against the impact of interruption from a ransomware attack by regularly performing backups of their systems and important files. Backups should be stored separately so they cannot be accessed on the main system network. Q: What are some best practices to share with our team? There are several best practices that can be used as preventative measures when it comes to cybersecurity and attacks. The tactics below could make a huge difference. Install internal and external firewalls to protect your network systems, invest in antivirus and malware software, and regularly backup all data. Educate your employees on security protocols and how to recognize phishing emails and suspicious or unknown links. Require strong passwords for network access and mandate that employees change their passwords on a regular basis. Use multi-factor authentication for accessing sensitive networks or systems. Q: What is an incident response plan and tabletop exercise? An incident response plan is a game plan created to guide your organization in detecting, responding to, and recovering from cyber incidents. An incident response plan is necessary to help businesses quickly identify the individuals who need to be involved in incident evaluation and response, the issues they need to consider, and the steps that they need to take. The goal, of course, is to avoid lost time and critical missteps while making an organization’s recovery as smooth as possible. A tabletop exercise is an attempt to test the incident response plan and readiness by walking through a cyber event hypothetical. An organization’s team will consider...
Read More