background imagebackground image

Video and article: 5 cyber readiness practices to boost your cyber security

  • Cyber Insurance
video preview image
The Knowledge
,
30th May 2024

Implementing these Travelers cyber readiness practices can help achieve a high five for cyber readiness in protecting your sensitive data, trust, and operations.

The Knowledge
,
30th May 2024

Chris McMurray, managing director for cyber at Travelers Europe, shares five steps businesses can take to strengthen cyber readiness

Cyber threats place organisations of all sizes in the crosshairs of advanced and evolving attacks. PwC’s 2024 Global Digital Trust Insights survey found that the proportion of businesses that have experienced a data breach of more than $1 million has climbed from 27% to 36% in the past year. But such increases are avoidable. More than 30% of the companies surveyed don’t consistently follow standard cyber security practices, so there is ample room for them to strengthen their cyber defence.[1]

At Travelers, we recommend organisations adopt a series of cyber readiness practices to achieve a “high five” in protecting sensitive data, trust and operations.

Start with an assessment:

  • Know your environment. Build and maintain an inventory of all computing equipment (including networking devices) and the software running on them. You can’t protect what you don’t know about.
  • Determine how your company identifies, assesses, and mitigates data security and privacy risks.
  • Conduct audits or reviews of the company’s data privacy and security measures.
  • Interview internal IT professionals (chief data officer, information security officer, privacy officer, data stakeholders, etc.), or those of any third-party vendor that provides IT services, to determine the extent of your system’s data security and privacy protection.
  • Identify deficiencies and/or risks and the next steps to promptly correct any issues.

Next, they should adopt these five cyber readiness practices to boost their cybersecurity.

  1. Implement multifactor authentication (MFA): MFA provides critical protection, particularly in combination with additional security. It should always be in place for all users to help prevent cybercriminals from accessing a business’s system.
  2. Keep systems updated: An unpatched vulnerability is one of the easiest and most common methods used to compromise a computer system or network. Enable automatic updates where possible, replace unsupported systems, and test and deploy available patches quickly.
  3. Use endpoint detection and response (EDR): An EDR solution protects against malicious attacks, providing a much stronger shield than a traditional antivirus solution. It can identify suspicious activity within the network before the rest of the network is exposed.
  4. Have an incident response plan: A clearly defined, focused, and coordinated approach to responding to cyber incidents can limit damage and hasten a return to normal. It also shows partners, suppliers and clients that you take cybersecurity seriously.
  5. Back up your data: Make copies of important data and system configurations and protect them. Data can include protected health information, payment information, personally identifiable information, intellectual property or other proprietary information. A best practice is to create one primary backup and two copies of the data, save these backups to two different types of media, then keep at least one backup file off-site and offline.

These steps, together with cyber insurance that offers pre and post cyber breach services, can help a business better anticipate, withstand, and recover from a cyber event.

Visit travelers.co.uk/cyber or contact us to learn more about CyberRisk coverage and our services for you and your clients.

Source                                                                    

[1] https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html

The information provided in this article is for general information purposes only. It does not constitute legal or professional advice nor a recommendation to any individual or business of any product or service.