A recent SPARK Institute webinar discussed the importance of being aware of the risks cyber criminals pose as well as how their nefarious work can be thwarted.
There have been many breaches in the last decade, observed Mark Strosahl, Business Information Security Officer at the Principal. But that’s not a surprise, Strosahl indicated, remarking that “overall, the industry is much more aware of threats that are coming.”
Bad actors, said Strosahl, are “sophisticated and motivated.” Record keepers are doing a great deal, he said, and what they need to do to ensure cyber security “continues to grow daily.” It’s “a rat race that may not have an end,” he warned.
Action Steps
Panelists had suggestions regarding actions that can be taken to enhance cybersecurity.
Role of Third Parties. It can be useful to get an independent opinion and obtain validation from a third party, Strosahl suggested. He added that the Department of Labor, in the cybersecurity guidance it issued earlier this year, also recommended third-party validation.
Partnering. It’s harder for small and medium-sized businesses to implement cybersecurity measures, Strosahl said, and suggested that they could consider partnering in order to do so. Furthermore, he noted, “It’s really important to have a strong partnership when conducting tests.”
Stopping Phishing. Use of multi-factor authentication is “extraordinarily important” in preventing phishing attacks, said Jonathan Halperin, Senior Engagement Lead at the Cyber Security and Infrastructure Security Agency. Lisa Plaggemier, Interim Executive Director at the National Cybetsecurity Alliance, also emphasized the importance of training employees regarding identifying phishing attacks that could be attempted in emails.
Heading off Ransomware Attacks. Halperin suggests three steps that can help prevent ransomware attacks:
- use of multi-factor authentication;
- network segmentation; and
- having a good patch management program.
Cybersecurity Insurance. Michael Bonfante, Business Development Manager at Colonial Bonds and Insurance, said that not only do cybersecurity insurance providers offer protection through coverage, they also educate vendors and clients. Such insurers “look out for the best interests of your business and clients,” he said.
Bonfante noted that there are two kinds of cybersecurity insurance coverage:
1. Basic: covers privacy breaches and usually includes notification and call center services.
2. Standalone: more comprehensive, often contains provisions applicable to first and third parties. Often provides the first party coverage for system failures, data loss, media and site development, fines, costs and cyber extortion.
Bonfante suggested that one ask a cybersecurity insurance provider whether they have cybersecurity standards in place and whether they engage the services of an outside auditor to evaluate their cybersecurity standards.
- Log in to post comments