What's your business cyber strategy?
Unlike physical threats that prompt immediate action, cyber threats are often difficult to identify and understand. That’s why a strong cyber strategy is essential to protect your business.
Before a Cyber Attack
You can increase your chances of avoiding cyber risks by setting up the proper controls. The following are things you can do to protect yourself and your business before a cyber incident occurs:
- Only connect to the internet over secure, password-protected networks.
- Do not click on links or pop-ups, open attachments or respond to emails from strangers.
- Always enter a URL by hand instead of following links if you are unsure of the sender.
- Do not respond to online requests for personally identifiable information (PII). Most organizations—such as banks, universities and businesses—will never ask for your personal information over the internet.
- Trust your instincts. If you think an offer is too good to be true, it probably is.
- Password-protect all devices that connect to the internet and all user accounts.
- Do not use the same password twice—choose a password that means something to you and you only. Change your passwords on a regular basis (every 90 days or so).
- If you see something suspicious, report it to the proper authorities.
During a Cyber Attack
Here are some of the steps you should take during a cyber attack:
- Check to make sure the software on all of your systems is up to date.
- Run a scan to make sure your system is not infected or acting suspiciously.
- If you find a problem, disconnect your device from the internet and perform a full system restore.
- If you have access to an IT department, contact someone in it immediately. The sooner someone can investigate and clean your computer, the less damage to your computer and other computers on the network.
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- Contact a reputable IT firm, like
After a Cyber Attack
- File a report with the local police so there is an official record of the incident.
- Report online crime or fraud to the Internet Crime Compliant Center (IC3) or the federal government’s internet fraud resource website. Report identity theft to the Federal Trade Commission.
- If your PII was compromised, consider other information that may be at risk. Depending what information was stolen, you may need to contact other agencies. You should also contact your state’s DMV for transportation if your driver’s license or car registration has been stolen.
With cyber insurance, you can help mitigate the damage caused by a cyber attack.
Here’s what a typical cyber policy covers:
- Expenses to notify affected individuals of the data breach
- Legal and forensic costs to determine the extent of the data breach and how to best respond
- Services for affected individuals such as credit monitoring, a help line and identity restoration case management
- Access to data security resources for your business
- Crisis resolution for your business
