Page 61 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 61

For instance, Intrusion-Related Restoration Costs. This occurs when an SMB has experienced an attack
            that includes unauthorized access to their networks. As a result, businesses are tasked with paying steep
            costs  in  order  to  restore  their  networks  to  proper  operating  function.  Not  only  can  this  process  be
            expensive, but it can be time-consuming as well.


            Another example are Notification-Related Expenses. When personally identifiable information is involved
            in a data security breach, notification laws, which vary state-to-state, require that the affected individuals
            be formally notified in order to take proper precautions to protect their information. The cost of providing
            the notifications as mandated by individual statutory laws is an unbudgeted expense for SMBs and can
            be quite costly.

            Setting up the appropriate guardrails

            There are actions SMBs can take to both minimize the risk of these types of cyberattacks, as well as to
            prepare for them if they do occur.

            First, check, and re-check, cyber-vulnerabilities on an on-going basis. This can be achieved internally,
            though some businesses choose to employ the use of ‘friendly hackers’ to help determine their biggest
            vulnerabilities.

            Second, make use of multi-factor authentication (MFA) to protect against phishing, social engineering
            and password brute-force attacks. This can also help prevent logins from attackers exploiting weak or
            stolen credentials.

            Third, train employees to contact companies directly when receiving unsolicited messages asking about
            business related information, never provide personal or business information to someone they are not
            certain  is  authorized,  never  enter  sensitive  information  into  a  webpage  before  checking  the  security
            settings and make use of existent security measures like email filters, antivirus software, and firewalls.
            Additionally, each employee should be sure to keep all of their software updated.

            To supplement the management of risk efforts by the organization, strong consideration should be given
            to cyber insurance. Cyber insurance is a safety net offering organizations both legal and technical support
            to move forward with a response plan – ensuring customers and employees remain digitally safe once
            an attack occurs. SMBs are sought by many insurers - some insurers focus on writing larger risks, or





                                                                                                              61
   56   57   58   59   60   61   62   63   64   65   66