Skip to main content

As the situation in Ukraine evolves, businesses should be mindful of potential risks to their people, assets, operations, or supply chains in the region and globally. Marsh, as part of the Marsh McLennan family of companies, has created a page with information, tools, and resources related to the Russia-Ukraine conflict. Please visit the page for the latest information.

March 11, 2019

Protect your business from these 5 cybersecurity risks

Data security is becoming more critical as businesses are collecting increasing amounts of data. Every day, 2.5 quintillion bytes of data are being generated globally, a number that will likely grow steadily in the future. In fact, the data generated within the last two years amounts to approximately 90 percent of the data currently in existence.

Much of this data is consumer-driven, due to social media, e-commerce and the ever-growing Internet of Things (IoT). Businesses use data for a variety of purposes, such as:

  • Improving offers
  • Identifying customer trends
  • Developing customer relationships
  • Analyzing the competition

The rapid growth of technology has created many advantages, like the seamless sharing of data, but at the same time it has created more risk of cyber attacks. With big data comes the important responsibility to protect the information being stored.

The rapid pace of data generation and storage means that businesses need to stay on top of their data protection strategy. A majority of businesses do not have a system in place, or have only a partial system, for controlling and tracking sensitive data.

Here are five of the most likely causes of security breaches and what businesses can, and should, do to protect against them.

Risk #1. Internal Attacks
Disgruntled employees are one of the biggest threats facing your data systems. Upset employees, especially ones that have been on your IT team, can cause serious damage. The best way to address this risk is to immediately terminate all accounts and credentials of employees that are no longer with the company. Closely monitor privileged credentials to prevent exploitation. Develop a procedure to track privileged account activity and alert the proper administrators in response to suspicious activity and mitigate potential damage early in the attack cycle.

Risk #2. Mobile Devices
Bring-Your-Own-Device is a growing trend in many businesses today. Employees use their mobile phones, tablets or laptops and to access work email and company information. Currently, smartphones are highly susceptible to malware attacks, which increases data theft risk.

Ensure that your company has a BYOD policy that specifies in what ways employees can – and cannot – use their personal devices. Make sure you are able to monitor downloads to ensure private information is not being stored on devices owned by employees.

Risk #3. Cloud Applications
A cloud application is a server where data, applications and software are stored. The advantage of cloud computing is that you can access the information from any device, as long as you have an Internet connection. As cyber crime continues to increase businesses cannot risk storing critical data on unsecured servers. Most businesses cannot afford the excessive costs and penalties from a data breach; it is important that sensitive data is protected. The best defense against a cloud-based attack is to defend the data using strong data-level cloud encryption.

Risk #4. Natural and Technological Disasters
Most businesses today are dependent on technology to function efficiently. However, dependence on technology makes a business more vulnerable when a disaster strikes. Natural disasters can damage infrastructure. Technological disasters like a server failure or human error can compromise data. Furthermore, scammers will try to take advantage of a natural disaster by trying to convince victims to donate to their causes or will pose as a helper.

In order to prevent a natural disaster turning into a cybersecurity breach, keep your software up-to-date, don’t allow employees to accept or open unsolicited content from unknown sources, and be sure the organizations you donate to are legitimate.

Risk #5. Third-Party Service Providers
In today’s highly specialized business world, many companies outsource support and maintenance functions to third-party vendors. For example, many businesses outsource the maintenance and management of their point-of-sale (POS) systems to a specialized third-party service provider.

Third-party vendors typically use remote access tools to connect to the company. All to often, they don’t follow security best practices, making the business vulnerable to external hackers. Even contractors with no malicious intent can potentially damage your systems by leaving you open to attack.

Businesses need to validate that any third-party vendors or contractors use cybersecurity best practices, such as requiring credentials for each user, enforcing multi-factor authentication and tracking a comprehensive audit trail of all remote access activity.

Most businesses today are well-aware of the risk that a cybersecurity breach could occur at any time. To minimize the risk of a security breach or leak, conduct a risk assessment to identify what systems are in place to protect your valuable data. Then build out a comprehensive cybersecurity prevention plan that lays out who will be involved if an incident occurs, including IT, legal, PR and executive managers, a recovery/business continuity plan, and then test it.

For more information on cyber-related risks and cyber liability insurance, contact an MMA specialist. With over 5,000 colleagues in more than 75 office locations, MMA can help organizations with all their risk management needs.