Page 61 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 61
For instance, Intrusion-Related Restoration Costs. This occurs when an SMB has experienced an attack
that includes unauthorized access to their networks. As a result, businesses are tasked with paying steep
costs in order to restore their networks to proper operating function. Not only can this process be
expensive, but it can be time-consuming as well.
Another example are Notification-Related Expenses. When personally identifiable information is involved
in a data security breach, notification laws, which vary state-to-state, require that the affected individuals
be formally notified in order to take proper precautions to protect their information. The cost of providing
the notifications as mandated by individual statutory laws is an unbudgeted expense for SMBs and can
be quite costly.
Setting up the appropriate guardrails
There are actions SMBs can take to both minimize the risk of these types of cyberattacks, as well as to
prepare for them if they do occur.
First, check, and re-check, cyber-vulnerabilities on an on-going basis. This can be achieved internally,
though some businesses choose to employ the use of ‘friendly hackers’ to help determine their biggest
vulnerabilities.
Second, make use of multi-factor authentication (MFA) to protect against phishing, social engineering
and password brute-force attacks. This can also help prevent logins from attackers exploiting weak or
stolen credentials.
Third, train employees to contact companies directly when receiving unsolicited messages asking about
business related information, never provide personal or business information to someone they are not
certain is authorized, never enter sensitive information into a webpage before checking the security
settings and make use of existent security measures like email filters, antivirus software, and firewalls.
Additionally, each employee should be sure to keep all of their software updated.
To supplement the management of risk efforts by the organization, strong consideration should be given
to cyber insurance. Cyber insurance is a safety net offering organizations both legal and technical support
to move forward with a response plan – ensuring customers and employees remain digitally safe once
an attack occurs. SMBs are sought by many insurers - some insurers focus on writing larger risks, or
61