There may be no such thing as a free lunch, but as a firm offering Denver and Phoenix IT consulting and cybersecurity services, we do have a few free tips that will protect your R&R: revenue and reputation. Because both are under threat, with costs growing every day.
$990K – $25M: The Average Ransomware Demand in 2020
Not long ago, the average ransomware demand might cost you $1K, while unlucky firms had to pay out $10K. The incidents didn’t get much airtime on the news. What a difference a few years made. You can’t go a week without hearing about a major security breach on the nightly news —and the price tag is way more than $10K.
As cybersecurity expert James Carroll shared during our Pandemic Plundering webinar, ransomware demands skyrocketed in 2020. Averages now range between $900K and $25M.
Criminals act as their own PR department
One reason for the uptick in coverage is related to a change in criminal tactics. Today’s digital burglars:
- Break into your systems
- Steal your data
- Encrypt your files
- Demand a payment
- Announce the breach to the world and release your confidential data
Some promise privacy if you pay — others publicize their efforts regardless of what you do. Then it’s picked up by the local news and suddenly you’re a headline.
The unwanted attention is problematic for financial services and RIAs
Cyber villains can decimate any business they want, but the danger is acute for anyone in the financial services sector. Cybersecurity is a secondary issue when you’re looking for a plumber. You’re primarily concerned with finding a competent professional who won’t turn your kitchen into a splash zone while fixing the pipes.
Financial services don’t have that luxury. You work with sensitive information, like bank accounts and Social Security numbers. If you suffer a breach, it will dominate online search results when potential clients carry out their due diligence. These prospects will balk at working with a firm that can’t keep its data private.
Are You Secure and Compliant?
Discover if You Meet the 7 Standards of Security and Compliance for RIAs:
Cyber Insurance, Not General Liability, Provides Protection After a Breach
You have an insurance policy for your business. It may not cover anything related to cyber breaches. Financial assistance after an incident is only available through specific cyber insurance policies.
Tip: Your peers have coverage — you need it, too.
Here’s another interesting nugget from the webinar: cyber insurance is one of the reasons behind the increase in ransomware demands. Hackers know more businesses are obtaining cyber insurance, so they’ve increased their ransomware demands. As the costs go up, it becomes unaffordable to sit on the sidelines. You need a policy.
Tip: Get an IT support company to conduct a third-party evaluation before applying for insurance.
Unfortunately, the higher payouts are causing problems for insurers so they’ve added requirements businesses must meet to qualify for insurance. Get a security assessment before applying for a policy. That way, you’ll discover gaps that could cause an insurer to deny coverage before you apply.
Tip: Know what you’re buying, regularly review your policy.
Our customers frequently ask us to review coverages before they buy and we often have very specific feedback about what is or is not covered, or what reality would look like in an attack that causes them to pause and really creates good dialogue between them and the insurance company. We can do that for you, too.
Once you have cyber insurance, regularly review the policy. You don’t want to miss a payout after an incident because a requirement wasn’t met.
Accidents Are a Click Away
85% of attacks evaluated for the 2021 Verizon Data Breach report involved a human element. We don’t know specifically what havoc those accidental clicks unleashed, but we can guess based on past breaches. Successful criminals regularly get unsuspecting employees to:
- Wire money to overseas accounts
- Share usernames and passwords
- Provide sensitive information — like bank account or Social Security numbers
- Grant access to the network
- Download viruses through malicious attachments
Tip: Make good cybersecurity a habit.
If businesses focus on cybersecurity, it usually happens during October, which is Cybersecurity Awareness Month. Something is better than nothing, but there are 11 other months during the year when you should be practicing good cybersecurity habits — like going through cybersecurity awareness training.
Automating Security Removes Human Risk
Your employees are on the front line in the relentless battle against hackers. But they aren’t thinking about how to fight cybercriminals. They’re focused on their jobs, family and life in general. It’s a risk you can mitigate with innovative tools that automate security.
Phoenix IT Consulting Tip: Automatically stop confidential information from leaving your organization.
One of our favorite automated protections for clients prevents sensitive information from leaving their organizations. In a customizable template, you specify what data points you want to scan for in mailboxes, SharePoint, or files. For instance, you want it to identify whenever a string of numbers in an email follows the format for a credit card or someone’s Social Security number. Whenever the tool detects a match, it disables the “Send” button. Information that stays in your organization stays out of the hands of scammers.
Tip: Balance security and productivity.
Along with making it impossible to accidentally share confidential information with a hacker, automated tools don’t interfere with your workday. Effective cybersecurity is a balancing act. You add the protections you need to prevent an attack and meet compliance. You leave out restrictions that would unnecessarily limit your team’s ability to work.
Tip: Carefully evaluate outsourced cybersecurity companies in Arizona.
Before you outsource IT, do your homework. Look for a provider with cybersecurity-specific credentials and experience working with other businesses in your industry. This will further help you balance security and productivity because the provider will understand your team’s daily tasks.
Denver and Phoenix IT Consulting Firms Will Right-Size Your Spend and Preserve Your R&R
At itSynergy, we want to protect both senses of your R&R. We’ll help you meet your cyber insurance requirements and create a plan for using automated tools to create a cyber-safe work environment for your employees. With your revenue and reputation protected, you’ll finally get a chance for that other R&R — rest and relaxation.
You’re One Meeting Away from Protecting Your R&R