Shielding Your Business: 7 Strategic Steps to Ward Off Cyber Attacks
Download MP3good morning as a business owner I'll bet that cyber security cyber defense even cyber Insurance are probably not top of Mind subjects for you on a day-to-day basis you're probably more worried about sales and employee retention and Business Development those are all very valid tasks during the course of your day and week but as you see more things in the news and more possible risk you may have some interest in wanting to know what to do about cyber security how do you create an environment in your business that protects you and your employees and your company against these kind of risks but also at the same time doesn't slow down or bog down your company with extra tasks you have to do or extra expenses and that's what we're going to talk about today ways you can use cyber security almost as a um a profit Center ways to actually make your business make more money even while protecting it against these type of attacks and how damaging the these could be it's it's extremely underrated how much this can affect the business and we'll look at some stats about how businesses can fail very quickly after a cyber event so we'll list out seven ways you can introduce uh techniques in your company to protect against a Cyber attack or cyber security event help your it Department with cyber defense and enable employees at all levels of your business to make their job easier while at the same time increasing the defense and security against these events and we'll go through each one in detail now this presentation is being prepared for a trade Association of accountants in North Carolina uh so there may be some things that have to do with Professional Services but it applies to any business whether you're a Paving Company whether you're a staffing agency whether you're a car dealership any type of business all these same things apply so you may hear references to accountants and that's what this is being prepared for but it does apply to all businesses so to make it real for your company let's talk about A Tale of Two perils so two different hypothetical things that could happen in your company and how they're different and one you can relate to one maybe you can't so imagine it's a Monday morning and this is a building imagine you're an accounting firm and this is your office and you pull in to your parking lot at 7:55 a.m. you want to get there a few minutes early you open up at 8: everything looks great you're getting out of your car you're kind of walk into your building and everything looks fine but imagine instead of pulling up like this you pull up and you see there's Flames pouring out of the window or it's fire ravaging your office well that's going to be an issue right and hopefully God forbid nobody gets hurt you know everybody makes it out okay or nobody's in the building but a couple hours later later your building is reduced to a smoldering pile of Ashes or the the inside is gutted and there's nothing left inside well the first question is after making sure everybody's okay and nobody got hurt well how soon can we be back in business right CU that's what you are there for you're there to sell stuff and support employees and have them uh be able to get income for their families and serve your customers so building has burned down how fast can you be back in Action how fast can you be back in business well if you're resourceful and this is the scenario you can go to Walmart and buy some folding tables go to the office supply store maybe buy some um new PCS uh get some phones there's probably some empty office space somewhere in your in your area where you could even temporarily get some space that you could cram everybody into in theory if you really rushed around you could be in business with a day or two right you could be back operating in a day or two your customers probably won't notice too much of a difference maybe they had a tough time getting a hold of you for a day um your employees maybe you know once they realize everything's going to be okay they're grateful that they still have a job U they're happy to at least be in in an office somewhere working and you're on with your business while you do the more permanent recovery of getting either your old office uh back or maybe renting some new space you could be back in business pretty quick so there's hypothetical Peril number one right you probably will have some losses maybe you have an insurance deductible U maybe you have some things lost that aren't covered you might also have business Interruption Insurance where you have coverage for any losses of Revenue that happened for those couple days where people couldn't reach you maybe you have coverage for that now what about another scenario let's go back to this picture and imagine you're pulling in and everything looks good and the building looks good but when you walk inside door you see this on your computers your files are encrypted the building's fine everything structurally sound but all your computers when everybody logs in says your files are encrypted your data has been deleted here's an email address if you email this link within 12 hours with this ID you have to pay a ransom to get access to your files now imagine everything that's in your computer system and I'm not just talking about onsite on servers even stuff in the cloud through um maybe you use um Amazon for your cloud data Maybe you use U Salesforce maybe you use some other third party if they've locked up all of your logins you may not have access to everything if you're an accountant you may have customer files if you are a an architect you may have design files if you're a sales company all your sales information is on there Plus accounts receivable that's your lifeblood that's where you get your money you may not have access to that your customers are trying to buy stuff through your websites your websites might all be shut down right so how do you deal with that and how do you um how fast could you be back in business if ever if you can't have access to your data your information you may have a tough time getting back in business now between the two you probably have coverage and procedures and plans for the fire event you may not have as robust plans for the Cyber attack event so what we're going to talk about are things you can put in place both to to prevent it just like you have fire extinguishers and and um and sprinkler systems and maybe even best practices to make sure your building doesn't catch on fire there's things you can do to prevent the Cyber attack from happening how common is this well a high percentage of businesses 80 something percent have some type of Cyber attack happened to them every week you may not know about it but they're pinging businesses all over the place what happens if it does turn into an actual attack and you lose money what could happen to your business well according to Inc magazine 60% of businesses fold close go out of business within 6 months of a Cyber attack let that sink in if you have a cyber event against your business that is significant you could be out of business within 6 months more than half of companies do that's not the same with that fire event You're Building catches on fire it burns down you probably are not going to be out of business in 6 months you're probably going to find a way around around that most of it's because you have insurance coverage but also partially because of the damage that it does um how prevalent is this well here is an example of a typical cyber event cost now what we did was we use a a um claims history calculator from one of the big insurers this happens to be from chub Insurance you're probably familiar with them they're major commercial lines Insurance Company it's one of the companies we write business for and we typed in Professional Services accountants annual revenue of $880,000 that's not a huge accounting firm that's a relatively small midsize accounting firm and if you had a cyber event here's what the cost would be the total would be over half a million doar $541,000 for a cyber incident the other factor that goes into calculating this is how many records you have how many customer files or how many um pieces of information you have and this automatically calculate based on in Industry average 1700 the reason that's important will come up a little later in maybe some notifications and third party losses but it does break down what these losses would be you have to do an investigation you have to do some forensics um you have to do some um compliance recovery fines and penalties Most states have laws that if your customers information is released to third parties through some cyber event you have to notify these parties you have to pay for different types of credit monitoring or damages and pay fines to the government agencies and it doesn't matter if you're not in that state for example in the state of California even if you don't have a business in California if your customers or employees are there some of this kicks in you may have to pay a ransomware fine look or ransomware p uh payment to the hackers that's the smallest thing on the list how much you pay to the hackers is usually the least amount of damage that you have as a business owner in fact you have to be very careful about paying this and that's why it's good to have a third party whether it's an incident response team and we'll talk about that later or your insur handle this because if that hacker is part of some criminal organization or international organization that maybe have ties to terrorism or narcotics trafficking if you pay them sometimes you can get into trouble because you're funding illegal activities right so that's something we'll get into how to handle the incident where does this happen well it happens throughout all different Industries but what causes it the actions that cause cyber incidents see this pinkish red up here that's physical I'm sorry that's social what that means is somebody in your organization was tricked into allowing access to a hacker and you may not think that could ever happen but everybody heard about the big MGM Las Vegas hack that happened a couple months ago in the fall of 2023 what happened was was the hackers got in and locked down all the computers and all the the the uh guest um access information for the hotels MGM and some of the other hotels all the gaming was shut down and that was done because somebody called up the casino talked to a um upper level management and convinced them to give access you may not think you'd ever fall for it but these hackers use very sophisticated social engineering they get information about these people people ahead of time and we'll talk about how they do that how you can prevent it and and that's how they get in the blue part is malware same thing that has to do with allowing bad programming to be installed on your server so look at those two added together this one and this one 26% 25% that's 50% of the time it has to do with human error either a person allows access verbally or gives them a login or they allow malicious code to be put on your computer and we'll talk about how to prevent that as well the actors that cause this most of them are external right so you can see this orangey box here is external that means this is not usually an inside job most of the time it's not an inside job sometimes inside job is only 15% the blue is partner meaning that could be a customer it could be a a vendor could be a client that's really outside too so if you lump all this together most of the time it's done externally but enabled by an internal actor so you can see how that plays together what type of businesses are affected by this well a lot of times it's Professional Services technology retail Hospitality going farther down the list however we're seeing a lot more hacks in businesses that are traditionally not known to be technical paving companies contractors storage facilities and even car dealerships because the hackers are finding out that the less technical a business is the lower threshold for um prevention will be in place and there's still a lot of valuable data there many times they use access through your company to get into another company that's maybe your vendor maybe a customer and you could have liability if a hacker gets into your company and uses that access to get into another company the other company could sue you for allowing that that uh flow through and we'll talk about prevention of that and also to how to eliminate that liability so what do you do about it well the good news is cyber attacks and cyber liability and cyber losses is largely preventable you can actually keep this from happening unlike other types of losses like the fire uh liability lawsuits uh employment type claims even Eno type claims those are largely um unpreventable you can lower the risk you know Employment Practices you have good rules and terms and conditions and that'll keep that down fire you you have best practices many times though those losses are completely random and they just happen accidentally cyber is almost always always preventable when you go back through and replay the tape of how that cyber event happened you almost always see where it was preventable why is that most cyber attacks take more than a month to materialize how does that happen the hackers get in to your system and they sit there and they monitor they collect information for several weeks sometimes several months before they take action why do they do that well because if they can watch your emails read your messaging get information about your customers they can use that then to infiltrate more parts of your network and exfiltrate data if they just go in like a bull in a china shop and try to grab everything right away they're not going to be able to do as much damage so these attacks on average take 75 days they can be interrupted at any time during that period so if you find it out before they make their move you can actually uh deter it and deflect it all of the best practices to do that are not it based so you have a great it Department you have a it uh person that handles all this they're really good at their job however the types of attacks we're talking about are usually not all it based even though it sounds like cyber should be it many times there's a disconnect plus you know you want your it person to be focused on Business Development sales getting more customers making the procedures more easy for your employees to do their daily routines making it easier for your customers to order stuff uh making uh the the workflows more efficient that's really what the IT people should be doing and of course making it run smoothly you don't want them to be the Navy Seals out there defending your perimeter because the other part of these attacks is they change from week to week the hackers come up with new stuff every single week no it person in the world is going to be able to know all the latest attacks and prevent them right that would be a full-time job just researching it every single day the other good news is like we talked about at the beginning the best practices and procedures to prevent this all improve operations like a lot of things that happen with you know risk management sometimes it's a pain in the neck to have to you know put guard gates up or maybe have you know more friction in the system to prevent against liability most of these procedures improve operations it'll make it your life easier and that for your employees and the other reason you want to do all this is because beyond that money remember that $541,000 there's many more things that are losses beyond the money and sometimes these actually are worse than the money money these are the reasons why 60% of these companies go out of business after an attack it's not always the money it's these other things first of all you have morale if your company is shut down for a few days or a few weeks your employees are starting to get antsy they're going to worry do I have a job can I count on my leaders my managers my owners to protect this company and protect me from these types of attacks if if this happened who knows is my job at risk is my income at risk so the morale is going to be a big deal you're also going to lose that attention of that that um team building morale building right for that week none of that's going to happen you're going to have to start over when you get back in business you're also going to lose client confidence if your customers can't get a hold of you they can't buy stuff if they see that you're scrambling around trying to put out fires no pun intended they're not going to have a lot of confidence in doing business with you as you know know converting customers closing deals is hard enough as it is when everything is going right if you're trying to scramble to get your business off its back and back on its feet you are not going to be able to serve customers well if at all they might not be able to order if your computer system is down that client confidence is going to give your competitors opportunities to poach your customers they're going to say hey yeah XYZ company look what happened to them they can't even take care of their own computers how are they going to take care of you come on over here and that could also happen with employees good employees could get poached as well once your competitors here about it you're also going to have some risk of vendor contracts if your vendors aren't able to sell to you for a week or two weeks because you're out of business they may look at it like you know we need this income for our own Survival if we can't count on them as a customer maybe our term terms and conditions aren't going to be as good you know we gave them some really good terms we gave them a priority status with delivery of product and maybe we have to rethink that if they're going to be at this risk maybe we have to worry about the hacker getting in through them into our computer so maybe we should lock them out right in addition you may have third party claims if the hackers get in through your system and get into a vendor's computer system or get your customers data you may have live ability those third parties can maybe come after you for damages and make you pay for any losses they have and there may be liability in some states That's the Law which brings up the last one is regulatory scrutiny when this happens and you have um personal information or customer information that's revealed to third parties or even sensitive corporate information there's a lot of regulatory agencies at the state level and at the Federal level that may be coming in to say hey what's going on and you might have some fines you might have some increased scrutiny over the years because of this one event you want to avoid all that so here are the seven things you can do to prevent it we'll talk about it more in detail before you get scared that these are going to be a big deal these are hardly any work at all we're going to look at each one and show how easy it is to do and how it can improve the rest of your business not just prevent the fraud or prevent the hack how it can improve business um day-to-day even without preventing the hack the key to this is is though is hardly any work at all these are very easy most of the time you have to do it just one time or it's automated or it's something that will improve the day-to-day operations of your staff and the purpose of each of these as you can see from the little cheesy um stock photo is that it and ends the domino effect when all these events start happening that could damage your business or cause harm or cause losses it puts a block in it so none of that happens all these dominoes to the right are all protected because all the chaos here doesn't get any farther than it could use the same metaphor at the beginning it's a firewall right it protects the sensitive valuable parts of your company from the damage that's happening outside all right so we'll Dive Right In here's the first method of preventing a Cyber attack to damaging your company it's having a device inventory so on the left in this blue box you see a picture of a computer you have those in your company laptops desktops you have servers you have things like routers and Wi-Fi devices all those you probably know about any one of those is a way that a hacker can get into your company however within your organization you probably have hundreds if not thousand thousands of other devices that are connected to your network that can be used as a port of entry for a hackers you have security cameras or surveillance cameras you have phones most phone systems actually go through your server little side note when you delete a voicemail from your um system if you have extension 105 and you're Joe Smith and you hear a voicemail and you press two to delete it it doesn't actually get deleted it's still a sound file on your computer somewhere that could be recovered later so be aware of that anytime you're wondering about if this information is private you also have Smart TVs those are all connected to your network you may have security gates and guard entry Gates those are all I IP uh devices thermostats a lot of times are connected to your network for automatic uh climate control even the little portable tablet devices you may use for your customers for warehousing for inventory are all IP devices they're all wasting it in in fact this this picture of the the security camera this is a way that we had a client that was a car dealership had a hack come into their company the hackers infiltrated the security camera which wasn't password protected had no security on it and they were able to use that um access to get into a larger scale um Network in the company they monitor that for a few days and they found out that there was a connection through that to the main server they got into the main server started monitoring emails they got the names of some Executives they they watched email Communications for a couple weeks of how the executives talk to each other and then they slid into one of these email chains from one executive to another and pretended they were executive number one and they said to the other one hey by the way this client um needs access to our computers because they're going to be uh uploading a bunch of orders and they have a new wire transfer account for their payments so he was able to this hacker was able to get the other executive to believe it was executive a and allowed them to uh enable access for the hacker because they had monitored the email Communications for so long to know how these people talk to each other so what you start with is a device inventory this can be automated most servers and most Wi-Fi networks or computer networks have a way to list out any devices that are connected to it and if you your it person can do this give you that list of all the devices and once you have it now you can see which ones have um controls how they access other networks and look your surveillance camera system probably doesn't need to access your banking it probably doesn't need to access your customer data you can separate that out so that it doesn't connect to other things in the same way your guard gate doesn't need to access your customer files right so do this device inventory it's an easy thing you can do it one time it's automated plus it will keep even accidental damage from conflicting with other things we saw an event where see this tablet in the lower leand corner there was a tablet used for inventorying Warehouse movement so when a truck came in with inventory there was a loading doc person who would type it into the tablet scan it and would go into inventory well what happened was because it was connected to another Network every time that happened it slowed down the other network cuz there was a lot of activity in the warehouse and it slowed down customers being able to order from the sales side so just by disconnecting those two it made the sales side run faster they saw a 4% increase in sales cuz people didn't have to wait to place their order so these things can can assist with other parts of the business and it's a one-time thing what's number two number two is similar a credential census right you have employees vendors customers that all have different types of access to your network and to your files you want to know who is allowed to get in make a census of all the people that are able to get into anything even if it's you know just a you know a janitor that can access the doors to get in at night you want to know everybody has access and do the four W's who what where why so who is it what can they access where can they access and why do they need that access and you can ask some questions like and this is Sams it's a Miss it's a typo should be sales manager does the sales manager need website developer access do they just need customer access does the CEO need dot dot dot do they need access to everything because credential Authority does not equal job Authority just because somebody has a higher authority with their job doesn't mean that they need to have higher authority with credentials right just because you're the CEO doesn't necessarily mean you should be able to change the website if you don't need to don't give access to the CEO it's not to keep the CEO from having the authority it's to keep a hacker from using the CEO's access to damage something else so the limited amount of information better now if a CEO needs to get into that on a temporary basis then you can enable it and then shut it off right uh another example does the bookkeeper need access to customer files maybe maybe not depending on what they're doing for bookkeeping but if they don't need it don't enable it because it has nothing to do with their Authority you're not insulting them it just keeps your business from having you know further damages also look at third party apis you may be you may have enabled some third-party vendors or customers to have access to things using apis so that it makes the connection easier make sure that the credentials on those apis are known and also for clients clients can enter data into their sales system they can put in their name they can put an address they can put in whatever but some some systems also have a a notes box where they can type in notes for their order be very careful that that notes box can't be used to enter computer code sometimes if you can enter certain types of code it will enable them to get access to your system why is this one easy because you can include this with employee records so employees are constantly updating their records their direct deposit their name and address um maybe their tax information maybe their 401k or whatever um other types of daily or weekly activity they have maybe their time clock their hours you can include a field for what accesses they have and anytime one of them is changed it goes into their field so if you have an employee that maybe gets separated or is on leave or is away for a while or maybe traveling overseas you can look at their access to say maybe while they're traveling to Europe we disable their access in case they go to a Wi-Fi um Cafe and somebody steals their information right so you can use the knowledge of doing this to protect your network only if you have the knowledge in the first place all right the third way to prevent for a hack to happen is what's called active monitoring remember what we talked about these hackers will lurk on your system for weeks or months before they do an attack remember the one we talked about where they came in through the security camera they monitor the emails between the executives that's what they do they will watch the messaging the emails that go back and forth between multiple people to see what the true intelligence of that business is and they'll use that information that Intel to craft messages either to customers on the outside vendors on the outside maybe your bank maybe other Executives maybe employees maybe they know that this CEO um some something small you know has a dog and maybe their it person has the same kind of dog and they talk about it by email hey how's Rover right hey is is uh your dog spot okay I know he had you know upset stomach whatever well now on a Friday Friday afternoon when everybody's gone or about to leave the hacker can do a fake message to the IT person hey how's Rover doing by the way can you do me a favor can you give me a new login because I lost my login to the server and they'll email them the login and now the hacker can get in something as simple as that it's that combination of malware and social engineering they gather the information and Records to use at a later date you can detect this if you actively monitor your system you will see that this is going on it's passive but it's visible they're not taking any action but they're there and they can be observed if you know where to look there are a couple ways to do this monitoring your it person sure certainly can do it but the best method is using a third party because a third party is going to know all the new methods that are out there that come up every week every week the hackers come up with new ways of doing this and unless you're out there constantly getting updates on this you're not going to know how do the third parties know well most of them are insurance companies and they know what claims they're getting so when they get a claim for a Cyber attack they see how it was done they do forensics and deconstruct the method and then they can you know tell all their systems this is what to look for many insurance policies for cyber liability insurance as part of the policy will put active monitoring on your system and look out for it you don't have to do anything you don't have to lift a finger it'll automatically do it the other thing you want to look for is large volumes of Records going out it's called customer information exfiltration they will be extracting and downloading all your files and all your computers to their local server why do they do that because when they lock up the server remember that first screen we saw where you walked into the office and it said your computers are locked down they're not really locked down they're deleted so even if you say well I have my crack it team my expert it person restore the computer or get past this there's nothing to restore they've deleted everything even the backups they've deleted they've put it on their system so when you pay them they just reinstall it right so you can also detect that information going out at any given time there's some information going out you know One customer file somebody emails something but you can detect if there's these big streams of information going out a lot of times they do it on weekends or overnight when no one's watching but if you have active monitoring that will happen that will help prevent the lockdown of all your devices and losing the customer data in the first place so no matter how you do it whether it's done in-house third party Insurance related um or other method you want to have active monitoring it's passive why it's easy because you don't have to do anything you install it once and it happens automatically number four thing you can do to prevent a Cyber attack is to support your it department now when you see this headline that says it Department support it's not getting support from the IT department it's supporting them support for them not from them as an executive maybe you're on the board maybe you're an executive manager vice president CEO you want to enable and support the IT department not putting another Demand on them they're job is tough they're probably not sitting around twiddling their thumbs during the day they probably have a full-time job so if you go to them and say hey we need to do more cyber security they're going to groan first of all they're going to think they're doing enough as is second of all they don't want more work because not because they're lazy their day is full an external support of them will have a wider knowledge of emerging threats just like we talked about the IT department no matter how great they are no matter how expert they are they're not going to know the new Hack That was invented last week by the hackers by supporting them you can enable and support them to continue focusing on Business Development sales CRM and not get bogged down with just defending against the hordes that are trying to get through through your defenses you wanted to focus on sales marketing more business not on tedious risk management so get them that support it's also cheaper if you get outside third party support because the organization company or source of for that can be distributed over hundreds of companies the outside monitoring outside support is not just working on your company but they can do probably 100 companies with the same amount of work if you task that same job to your it person that would almost be a full-time job for them this way you can support it it enables more production and it helps the IT person take a load off their back even if you pay for it directly through an outside company it'll be cheaper most of the time you can get it for free from an insurance compy company who wants to prevent claims what's number five well number five is one of the most important ones it is social engineering memos look this is something you're going to distribute to your employees you don't want to be like the office space guy with the TPS report right where things people roll their eyes and say look one more thing I have to do this can be an asynchronous reminder what does that mean it's not something that have to fill in right the the infamous TPS report they have to fill in and turn in this is just an outgoing outbound reminder to employees to be aware of weird phone calls if somebody calls you and says change my password think about it if somebody asks for what their login is think about it um be careful when you're using an outside Network or VPN be careful when you are using your personal device to log into your company email right be skeptical of of weird phone calls that ask for certain things verify email headers to make sure it's coming from the right person there's a dozen things that employees can do that will eliminate 90% of hacks remember here's how the actions happen 50% of it is from social engineering or malware and that comes from an action an employee took if this 51% of the time the employee knew not to take that action that would all be eliminated right and even some of the physical would be eliminated because the employee prevented it in the first place so how do you implement this all you need to do is take something you already have maybe a Weekly Newsletter or weekly employee message or maybe even just print it and put it in their in their payroll envelope could be one sentence every week you have one thing hey make sure use two Factor authentication make sure you don't fall for any um phone calls also you're deputizing them to be part of the solution everybody loves the whole idea of cyber security hacking investigations people love that subject and they like to be part of it people also love to do suggestions I'm sure you get all kind of suggestions from your staff hey you should do this hey we should try this idea out everybody has suggestions a lot of times there are things you may have thought of you can't do because of other practical reasons that the employee may not have thought of many times the the suggestion might be doable but just not high on the list here's a way that employees can be solicited for suggestions if you see something say something and if you do it every week you're not overwhelming them and you're also not requiring them to take action you're just reminding them of something by doing on a regular basis it'll stay front of mind maybe if you have 10 Things You remind them of every few months they're going to get that same thing again and it might be the difference between somebody at MGM when they answer the phone from somebody saying hey give me the login them saying no versus saying yes so you can put memos to your employees mix it in with other regular messages right so they don't feel overwhelmed with a new thing it's part of uh regular Communications number six is updates and patches look on the left we've all seen these messages software update update software update your new version right everybody sees that nobody hardly ever does it you click the later button you click the decline button you click the cancel button because when you went to that piece of software you were you used it for some task you're doing right then and see this green bar at the bottom this is what you don't want to see you don't want to click update now and then have to wait for that green bar for 5 minutes because that's going to slow you down doing your job but the soft the software update does need to get done most employees don't click decline or later because they just don't want to do it they just don't want to do it right now so how to make it easy you have a paid update social event maybe once a month maybe once a week you probably already have some social event maybe have a Friday paid lunch for the employees maybe you have um bring your dog to work day right you have something that you do already that's kind of a social event because these software updates aren't going to require a lot of time and attention from the employee they can click a button and then just leave it go for 15 20 minutes so by making this a fun paid event it's going to cost you a little bit of money because you're going to have to pay for time that's not really productive but if you do it once a week once a month all of your patches will be updated a vast majority of cyber attacks happen because of unpatched unupdated software the software companies they learn about these hacks they learn about the vulnerabilities on a regular basis and that's what they put in the updates all of these updates are usually to prevent vulnerability to eliminate risk for the software so if you don't update it you're not protected against the most current version of hackers methods you're not going to be able to count on all employees every single time clicking the update button so if you make it a singular event where everybody does it you have some food bring your dog to work you know every 15 20 minutes you have to go back to your computer and click yes what's the big deal right and it's also a way that you can get a second benefit from it from employee morale paid for really not having to do a lot of work don't try to mix it in with other work tasks because it's going of defeat the purpose make it a fun thing they got to go click yes a few times and people will feel good about the fact that you're caring about getting this done but not in a way that overburdens the employee last reason number seven is having a response team or at least a response idea um you don't just want it to be it think about that first event that happened at the beginning of this webinar you walk into your building and all your computers are locked down right if you are a CEO or manager and you don't have a plan you're going to look like you're running around with your chicken with your head cut off your customers are going to see it your employees are going to see it everybody's going to see it you don't want to be in that place you want to have a plan like you knew this was happening okay here's what you do you do this you do that you do this right it will definitely be involved with that but you also want to include sales get a hold of the customers let them know hey we're going to be offline here for uh a couple hours you can just call in you can we're going to be offline here for a little while you can email in right give them some comfort give them some confidence don't let them think the worst on their own you also want to get bookkeeping involved accounts receivable banking making sure your bank accounts are locked down you want to contact legal either in-house counsel or your Law Firm to find out hey if we have this problem what do we do for regulatory requirements do we have to notify anybody do our lenders have any risk right your vendors who are shipping stuff maybe you want to hold off on shipments for 48 hours because your Warehouse is shut down have a a response team just like you have fire drills and you have like here's what you do if this happens same thing HR you want to have your HR department creating confidence with your personnel giving them instructions you also want to include third parties in this maybe your landlord maybe uh you might have a Business Association you're a member of that has resources because here's the thing there's no 911 for cyber attacks if your building's on fire you call 911 if there's an earthquake you call 911 if a car crashes into your building you call 911 if somebody you know burglarizes your store you call 911 there is no 911 response theme for for a Cyber attack except if you have hired one of these third parties or you have an insurance policy if you have a cyber insurance policy that company will likely have a dedicated response team for a Cyber attack even if they have that you still want to have an internal procedure what to do cuz if you don't you're just going to look unorganized and it'll give the hackers more time to do more damage if you have a response for it you can a lot of times nip it in the bud before it gets big this is crucial that response will also likely be the difference between if you're one of the businesses that goes out that closes in in uh you know in two years or stays open 60% of the time because they didn't have a plan of what to do in that scenario imagine you know another metaphor is airline pilots at the engine goes out you have a checklist okay do this try to restart best you know best practices if they didn't know what to do and they started trying to figure it out while the airplane is diving to the ground you're probably going to crash and you want to be in the same place of preparation as a company okay what else can you do well um first is you want to keep up with the daily um State of Affairs for Cyber attack events look this is all relatively new cyber attacks really haven't been hitting businesses for much more than you know five six years sure there were some before that but the big ones didn't happen until more recently and as an example look here is just in the last this this week November 6th November 3rd November 10th November 9th within one week four important articles meet your new cyber security auditor your insurer it talks about how your insurance company is probably the best source of cyber defense not your your it Department 2003 cyber year in review it tells you what all the all the hacks were uh there's only one way to solve the cyber security skills Gap your it person as good as they are probably is not up to date on cyber security because there's no way you can be because cyber security is more about defense than it is um it stuff and how to prepare against an unprecedented cyber incident that may not be insurable this is just four articles if you read these you will probably have the awareness you need to as a board member as a CEO that will help U defeat some of these um also compare a cyber Rider versus standalone cyber Insurance most liability policies whether it's a Bop a business owner's policy or a CPP commercial package policy or Eno insurance has some type of Rider that is covering cyber events however those Riders are way different than a standalone cyber policy most of them have a limit of 30 40,000 maybe 50,000 and they exclude tons of things they're not designed to really protect against cyber insurance claims it's designed to throw you a bone if you have a big case remember the average claim is $541,000 if you have a $50,000 Rider on your regular policy that's not going to help you much so look at the two it may not be worth spending the money for a standalone cyber insurance policy but just don't overlook it if you hear the word cyber attached to your policy you might think I already have this but look at what it covers compared to a standalone policy this third party monitoring we talked about um even if you don't have cyber Insurance there's some thirdparty monitoring companies out there that are very good at doing active monitoring active surveillance of your system uh penetration test is important the third party monitoring company or even other cyber security companies can do test of your system to see if there's vulnerabilities they can ping your security cameras to see if um they can get in through that they can do social engineering trials by calling up and seeing if they they get people to give out passwords um you should also have a funds transfer test transaction policy what does that mean if you're a company anybody anybody anybody in your company who has the authority to transfer funds out not by check but electronically a or wire transfer they should have a policy in place that every single time that money is transferred that's more than a certain amount maybe $1,000 if it's more than $1,000 here's what you do first send a dollar wire transfer a then call that recipient using the contact information you know is good their Google website phone number the the phone number from the business card don't get it from an email because a lot of times the hackers will send a fake email telling your accounting department to transfer $882,000 to this new bank account and they'll even have a fake phone number if you call the phone number don't answer the phone with the name of that vendor so use a good phone number even if you know that it's the right one if it's more than $1,000 do a test transfer of a dollar call up the recipient did you get the dollar yes okay good buy and then wire transfer the other 81,9 every single time that'll keep you from losing money is it an extra 5 minutes absolutely but if you put that policy in place it'll keep you from having that thing ever happen to you just like you have two signers on checks you may want to have two logins for Global sensitive information anytime somebody goes into your main server maybe you want to have two logins at the same time anytime time somebody logs into your uh banking system maybe you want to have two logins two people not two Factor authentication but two logins because who what could do more damage somebody writing a bogus check for 50,000 or somebody destroying your server so you might want to have two logins for that when you're talking to third parties vendors customers that you're doing a contract with start to ask if they have cyber insurance that covers third parties most cyber liability insurance policies that are Standalone not Riders have coverage for third parties so if somebody does damage to you because they came in through another third party you get covered and vice versa if you have good insurance coverage if somebody comes in through your network gets into your vendor destroys their system they have coverage on your policy so ask vendors in that sales process when they're trying to sell you something hey do you have cyber insurance will it cover us if we sign up with you and do business with you if a hacker gets into your computer and then infiltrates us do you have insurance for that and it's pretty cheap so if you ask during the sales process if they don't have it maybe they could add it if they want your business so last but not least how do we know all this look we don't like to brag about what we do a lot of times when you go to a webinar they'll tell you in advance we're this licensed we have this credential we've done it for so long we save it for the end and the reason why is because the only reason this information is important is because of the the the content of this the reason we know all these things is because we are a licensed private investigator we're a certified cyber security agent we're a licensed Commercial Insurance producer we're a certified expert witness for forensics um we're a member of many trade organizations one of the most prominent ones is the acfe certified fraud examiners we're a licensed shity bond agent we're certified civil mediator here's all the the credentials and contracts and all the licenses why is this important it's important because this is how we see these things this is how we're able to be aware of all these different types of risk cuz we see them after the fact licensed private investigator we see it when a company comes to us and says we've been hacked help us figure it out licensed Commercial Insurance producer we see it when a company says Hey we've been hacked what's our coverage and we see the whole event take place a certified expert witness for forensics we see it when a plaintiff or defendant in court needs testimony to support their claim against another person mediation same thing if you have a lawsuit against another party sometimes these lawsuits are because of Damages that were done through a Cyber attack we see both sides of it we even hold some patents you see this USPTO we hold some patents and some um security and automation type processes so we don't say this as a brag although we do like to brag we say it because this is a a a vision or a demonstration of how we know these things and why we see them it becomes from a very unique combination of knowledge and different industries that come together to see it from all sides we see these hacks destroy businesses um even if you recover from it it could be months and during that period of time you're not growing your business you're trying to hold on to employees and customers and it can be terrible so anything you can do to prevent it um sure you can buy insurance and we recommend you do that as an insurance agent would but all the other things you do are vastly important to keep it from happening in the first place for contact information here's some of our websites that we operate direct phone line to our investigative agency my email address we'll open up uh the webinar now for questions if anybody has any questions um put them in the chat function and we'll answer those uh oneon-one if you're seeing this as a recorded uh version of it uh feel free to email with any questions visit the website for much more information on all of these things especially risk coverage.com that's our cyber Insurance uh agency uh we write coverage for um allsize businesses in cyber and we can get your free quote and even do a free evaluation of your network to see what vulnerabilities might exist doesn't cost you a dime no obligation we're glad to help with this because we know how much it can affect a business if you have other questions feel free to reach out anytime we do want to help you we do want to answer questions uh and give you the knowledge you need to prevent this from happening to your business uh that could be catastrophic for you and your employees and your customers
