20 WESTERN PALLET
“Those things don't work anymore,” McDonald said, “and they litigate a very low percentage of security breaches today. It's important to invest in tools and resources to make sure that your organization is defended.” He remarked that while the cost of some security tools is dropping, it is important to understand the threats involved and the tools aimed at mitigating them.
McDonald also encouraged business leaders to prioritize cybersecurity organization-wide. “It can be done in a lot of ways,” he said,” but make sure your employees, from the day they are onboarded, that they understand that security is an important aspect of your organization.
Another important area is limiting employee access to data—only what is needed for their job and not other areas of the business that they shouldn’t have access to. Regarding the creation of a corporate cybersecurity policy and framework, he recommended the NIST cybersecurity framework.
The NIST Cybersecurity Framework is a set of guidelines designed to help organizations improve their cybersecurity practices and manage cybersecurity risks in a structured and effective manner. Developed by the National Institute of Standards and Technology (NIST), a U.S. government agency, this framework is voluntary and primarily intended for critical infrastructure organizations, though it is broadly applicable to all sectors, including government, corporate, and non-profit organizations. The original version was ratified in 2018 and version 2.0 was released in 2024.
Insurance Protection
Walker of Acrisure emphasized that small business are not immune. While 3% of small and medium businesses experienced cyber attacks in 2023, employees of small and medium businesses experienced 50% more social engineering attacks than those of large companies.
Cyber insurance policies can cover a range of risks that businesses face, as well as protection from damages caused to third parties from a cyber breach. “What the cyber insurance policy in very simple terms will pay for damages that you caused from a third party,” Walker explained. “The cyber insurance policy pays costs for the damages that you caused and to defend you should there be a lawsuit.”
“Basically, anything out there that your at risk of, can be covered,” he said. Acrisure performs a risk assessment and then designs a policy that is customized to address the risks faced by a particular client. “It’s not a one size fits all,” he added.
Cybercriminals tend to focus on the financial operations of business. According to McDonald, the leading area of activity has to do with compromised emails. Emails can be intercepted and altered to provide wire transfer information that goes directly to criminals. Employee training, policy adherence, enforcing access control, and vendor/3rd party risk assessments are all important considerations.
Looking for insights on how to improve your cybersecurity? For more resources, visit: https://allconnected.com/webinar-resources/
WPM
Cybersecurity
Cont'd from Page 17