Companies fall victim to ransomware and other cyber attacks every day and the potential cost businesses can face is enormous: lost critical data, stolen assets, and damaged reputations.
At BankProv, we believe including cybersecurity should be a vital part of your business' capital planning. In light of the escalating Russia-Ukraine conflict, every organization — large and small — should be prepared to respond to disruptive cyber incidents. We’re sharing four ways you can safeguard your business and prevent cyber-attacks.
-
- Reduce the likelihood of a damaging cyber intrusion.
- Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked.
- Ensure that software is up to date and protected by antivirus/antimalware software, prioritizing updates that address known exploited vulnerabilities identified by Cybersecurity and Infrastructure Security Agency (CISA) .
- Complete a Risk Assessment. In general, risk assessments help organizations determine their inherent security risks by:
- Identifying, estimating, and prioritizing risk to their operations;
- Determining the possible threats from malicious actors that can compromise the confidentiality, integrity, or availability of the information they’re processing, storing, or transmitting, and
- Identifying what measures or controls are in place to protect your critical assets and what measures/controls are lacking.
- Ensure that the organization is prepared to respond if an intrusion occurs.
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
- Think before you click.
- More than 90% of successful cyber-attacks start with a phishing message. A phishing scheme is when a link, webpage, or request for information looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.
- Reduce the likelihood of a damaging cyber intrusion.
By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience.
Cybersecurity and Infrastructure Security Agency (CISA) recommends all organizations—regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, they’ve compiled a catalog of free services from government partners, and industry to assist. Find more resources at cisa.gov/shields-up.