5 Ways Brokers Can Protect Their Business From Cyber Attack
Marc-André Beaudet, Group CISO & Simon Nadot, Senior Loss Prevention Engineer, Filhet-Allard, Brokerslink Partner.
Over the past few years, we’ve witnessed several high-profile attacks targeting companies within our industry and beyond. No business, large or small is immune to the threat of cyber-attack, but what FIVE basic steps can you take to improve your chances of avoiding or at least surviving a cyber-attack?
- Security Awareness
When it comes to cyber security, unfortunately human error can be the weakest link in the chain, allowing cyber attackers to bypass sophisticated systems via unwitting employees.
Companies should implement regular training programmes for employees to help them to improve their ability to identify, alert and respond to potential security breaches. These training programmes should be put in place as soon as possible and reviewed regularly to ensure they are fit for purpose and that employees are up to date on new and evolving cyber risks. This training should comprise awareness modules for all employees and collaborator on common cyber security issues including (but not limited to) correct password management, phishing via links and attachments and social engineering attempts. Again, these modules should be reviewed regularly to adapt and respond to new and emerging threats.
- Securing System Access
It is essential to activate strong authentication, at least for administrator access but ideally for all user accounts, this should involve either 2-factor authentication (2FA) or multi-factor authentication (MFA), the compromise of a single access element of the information system will result in a very limited impact.
The management of high privilege accounts is of paramount importance, these must be extremely well protected and used only for specific operational needs. Businesses should also provide an additional layer of security for mobile assets such as webmail, even more important for employees working from home.
- Ensure System Recoverability
The ability to quickly restore business activities and recover data after an account is of top importance.
During a highly advanced attack, hackers can enter deep into the information system, and will often have time to compromise online or cloud-hosted back up files. Therefore having the ability to back up systems offline is the only way to be sure of a businesses’ ability to recover their systems following this kind of advanced attack. These backups are an integral part of the information system. They must therefore be monitored and tested regularly in order to guarantee their effectiveness when needed.
- Segregating your Assets
Segregation of assets is key to slowing down a cyber-attack. This can be done in several ways; by network, in which assets are put in different levels of the network, by system, not mixing different services on the same server, by application, for example using different accounts for user and administrator actions, and also partitioning systems in terms of usage, i.e. don’t mix business and personal usage. A perfect implementation of segregation is the key to maintaining security.
Along with the segregation of assets, managing obsolescence if essential. Vulnerabilities in the system must be repaired immediately after their discovery and all flaws identified and treated as a priority.
- Detect Early . React Quickly
Finally, it is inevitable that at one time a security incident will occur, so it is critical to develop the capability to detect them early and react quickly.
To do this, it is necessary to implement technical tools, such as antivirus software, endpoint detection and response (EDR) and security information and event management (SIEM) software as well as invest in internal or external operational security experts in order to be alert to what is happening on the information system. Setting up and monitoring/alert applications are also good investments to help businesses quickly detect an attack, these must be well configured, and intervention procedures must be written to help the business to respond quickly and efficiently.
All of these capabilities will allow you to build better resilience against most attacks.
All of this work can be carried out through good risk management tools, making it possible to continuously adapt the response to evolving threats. Having achieved a level of best practice, it is possible to share the risk with an insurer who can take over the random residual risk.
If you’d like more help and advice on cyber resilience, please contact Filhet-Allard.