The Expert Podcast

You may be hearing more about cyber attacks and cyber risk, ransomware in businesses. Maybe one of your colleagues, maybe somebody in your business group, has had a cyber attack on their company. It's more common now with small and medium companies. So what do you do? So, what are the top five best practices to protect your business from a cyber attack?

Well, number one is to make sure that all of your programs, all of your software are up to date. When you get that little notice on your system that says, "Hey, your new version is out," go ahead and click it, update it. Now, I know it's a pain in the neck and I know that sounds like something you already know. It's not like you don't know to do this, but why doesn't it get done? Because it's annoying. Here's a way, a trick that you can ensure that this happens. Maybe once a month or twice a month, depending on the size of your company, have an update party in your company. You're going to do something for employee morale anyway. Maybe you have paid lunch one day a month. Maybe on a Friday afternoon, everybody in the company does the updates on their computer and you buy food and have a little bit of a social thing. You're paying them, they're on the clock, but they all go through and do all their updates while they're doing whatever social event that you're doing. Maybe it takes two or three hours. Maybe they don't have to work the regular job for a couple of hours. Give them a little bit of a break. They still have to do something. They have to update their computer, but it also develops a habit of doing it and associates the update with something fun, not with something annoying. And you know it gets done.

Number two is to have a policy in place for any employees that are clicking on links that are executable files. Put it in an email, put it in a newsletter, make it part of a weekly conversation. The biggest factor in hacking and ransomware and cyber attacks is an action of an employee, something an employee did. They clicked the wrong link, they opened a file, they took a USB drive that they found in the parking lot, and they plugged it into their computer. If you remind employees once a week not to do the things, they'll think about it when it happens. The employee that opens the wrong link or clicks a file that installs on their computer isn't doing something they know is wrong. They just forgot. They probably heard it once in the last year, but security is not set-it-and-forget-it. You can't just say it once and expect them to remember it. If you remind them once a week, "Hey, don't open up any files unless you know where it came from. Don't install any software on your computer unless it's approved by IT," if you remind people of it, sure, it still might happen, but it's going to happen less frequently because they've been reminded of it.

Which brings me to number three: verify the origin of all emails. One of the things that hackers are now doing is they are pretending to be an employee, a manager, an executive, or a vendor or a customer. They're creating an email address that's very similar to maybe the CEO of the company, that's very similar to a vendor or a customer. You have to say, "Hey, this is so-and-so in your company, open this spreadsheet up and take a look," or "This is your customer, XYZ Incorporated, here is a purchase order." Take a look and see what is the actual origin email address before they click it. If you open up your email and look at that email address to make sure it's really coming from where it's supposed to come from and look for typos and spelling errors because that is common in these messages.

So that's number three. Number four is to have some type of active monitoring on your network. No matter how great your IT department is, no matter how great your tech people are, the hackers are one step ahead because your IT department is there to help sales and marketing and payroll and HR and all the parts of your company. Defending security is just one part of what they do, and I'm sure they do very well at it, but they don't do it 24 hours a day and they're not up on all of the new threats that are out there. The hackers, they spend 24 hours a day every day just thinking of new ways to get to you. You're never going to win that battle. However, there are companies that are out there that are monitoring all these threats, all these hacks, all of these new techniques of getting into your system, and they're keeping up to date on it. They're seeing when people get hacked and they look at how it got done, and then they tell other people. It's like learning from somebody else's mistakes. So you can get active monitoring a number of ways. There are companies that just sell it by itself; you can look those up. We don't associate with any of those. You can also get it through insurance. If you get a cyber liability insurance policy for your company, most big insurance companies like Chubb or Coalition, any of the other ones, are going to include active monitoring because they don't want to pay out a claim. So they're going to make sure to try to prevent you from even having an impact on your business.

You can click the link below to get more information about insurance, cyber insurance, or even do consultation. Number five, last one, is to have a set response in place if you are hacked, if you are subject to ransomware. Have a response ready to go. Have all the key people that know what to do. Obviously, executive level, obviously HR because your payroll might be disrupted, your employees might be disrupted. You want to have your HR ready to be a soothing voice of reason. Also, on your sales department, if your customers can't get to your website, they can't place orders, what do you do? You have to have some way to contact all of them outside of your network if your email's not working to let them know, "Hey, don't worry, we're on this. In the meantime, just call in manually." Also, maybe Finance and Accounting. If you can't start to collect accounts receivable, your cash flow might be impinged and that might cause disruptions to things like payroll or things like accounts payable or paying your rent. So you want to make sure that your finance department knows what to do if that happens. Have all this done in advance. You don't want to be running around like a chicken with your head cut off the day that you get hacked because you don't have a plan. In addition to that, broken record, if you have cyber liability insurance, they will normally also help create a response plan. Matter of fact, they'll probably have response people you can just call up like Ghostbusters and say, "Hey, we got hacked, what do we do?"

Those are the five things that will keep you as a business from becoming one of the statistics. The stats say that 60% of businesses that have a major hack go out of business within 24 months because they couldn't withstand the damage from it. So have these five things in place. It'll lower your probability of becoming a victim. Cyber attacks are real, they're very common, and now they're starting to look at small and medium businesses because you have less defense than a large company, so they know it's easier for them to get in.

Thank you for watching another episode of Actual Human Advisory on Describe TV. Remember, we have live one-on-one consultation appointments available at actualhuman.com where you can book a one-on-one, undivided attention live call with a licensed investigator, a licensed insurance broker, a licensed mortgage broker, real estate broker. I'm also a certified real estate title examiner, a certified civil court mediator, along with having developed and started over 15 businesses, several of which were sold for millions of dollars. So if you do have questions in any of those categories, you can arrange a one-on-one live video consultation. Use the link below, and we'll see you on the next video.