What Tech Companies Can Do to Protect Themselves from Cybercrime
From educating employees about phishing to buying insurance, companies can protect their business.
March 10, 2021
By Sean X Cummings
Sean X Cummings
According to a survey by IBM Security, the average cost of a cyberattack in 2020 was $3.86 million. This statistic alone should make it abundantly clear to businesses big and small that cyberthreats need to be taken seriously.
Any business that uses the internet to run or manage any aspect of its operations is very much exposed to cyberattacks, especially tech companies whose work is intrinsically tied to the online world. For companies that store confidential customer or partner information in the cloud or on internal networks, keeping this data safe should be of the utmost importance.
The good news is that awareness regarding the importance of cybersecurity is on the rise. According to a report by Gartner, the worldwide information security market is forecast to reach $170.4 billion in 2022.
Businesses, especially tech companies, are becoming increasingly aware of cybercrime threats and are boosting spending to protect themselves from the many types of cyberattacks that could potentially be crippling if they were to go undetected and uncontained.
Common Types of Cyberattacks
Much like technology itself, cyberattacks are becoming increasingly sophisticated. Their purpose is most often financial gain for the attackers, but can also be a matter of prestige and fame within the cybercriminal or hacking community. Whatever the reason, recovering from a cyberattack is a long and exhaustive process that usually ends up being incredibly expensive.
Malware is malicious software designed to infiltrate computers and networks to compromise and potentially steal data. Malware is probably the most common type of cyberattack and comes in many, constantly changing forms, which is what makes it so unpredictable, dangerous and often hard to identify.
Social engineering is based on deceiving people into letting the attackers gain access to their online accounts or their computer. These attacks aim to trick people into clicking on a suspicious link or attachment, allowing the attackers to infiltrate. Phishing is the most common type of social engineering, aimed at manipulating people into giving out confidential information.
Distributed denial of service (DDoS) is a popular hack that criminals use to extort money. In a DDoS attack, cybercriminals flood the victim’s network with traffic their servers cannot handle, causing the network to crash and become unavailable to customers and employees, resulting in downtime and financial and reputational damage. The hackers then ask for payment in exchange for restoring the network to its previous state.
While these are some of the most common types of cyberattacks that businesses are exposed to, cybercriminals are always working on new ways to attack and infiltrate computer systems, which is why the process your company implements toward protecting itself from these types of threats needs to be one that evolves constantly to keep up with the ever-evolving face of cyberthreats.
How to Protect Your Tech Company
The best course of action would be to hire an in-house security expert or team of experts to install and maintain plans and protocols focused on protecting your business from cybercriminals. But if you’re just starting out and you don’t have the budget to hire dedicated security experts, there are still best practices that you and your employees can implement to keep your company safe from cyberattacks and ways to respond when they do occur. Here are some steps …
… you can take to mitigate the risks of a cyberattack:
Purchase suitable antivirus and firewall software. This market is very well served, so you shouldn’t have any problems picking quality software for your company. Make sure all your employees install it and keep it always updated.
Adjust your email spam filters. Some phishing attempts can be prevented by setting up your spam filters properly. All email systems have them, just make sure to set the filters high to get maximum protection.
Raise employee awareness about cybersecurity. Education is probably the most essential step in your cybersecurity strategy because no security setup can protect you if somebody allows the perpetrator into your system. Human error is the cause of 95% of cybersecurity breaches. Your employees should learn how to spot potential threats and what to do in those instances. Instruct them to create solid passwords for their business accounts using unique character combinations that are difficult to figure out.
Implement multifactor authentication. This provides an additional layer of security to your employees’ accounts. You can pick the factor you prefer; the most common ones are one-time passcodes or some type of biometrics.
Create a risk management plan. This should be a comprehensive and detailed plan that assesses your company’s risks, their probability and potential impact on your business. It should also include a response plan to minimize damage if you end up falling victim to a cyberattack. Even if you can’t afford in-house experts, consider hiring outsourced security experts to help you design this policy, analyze your systems and point out potential weaknesses.
Obtain a cyber liability insurance policy. Insurance allows you to transfer some financial risks to a third party — the insurer. Perfect protection from cybercrime doesn’t exist, which is why buying cyber insurance is something every tech company should seriously consider. A robust policy should cover the cost of notifying affected parties, data recovery, computer forensics, loss of income and potential ransom costs, among other issues. If you work with clients, vendors, or partners who could be affected by a breach, they could potentially sue you if one occurs. A third-party cyber insurance policy would cover your legal costs and settlements in such cases as well. The price of your policy will depend on a number of variables, including how strong your cybersecurity risk management plan is, your claims history, your specific industry and the level of risk you are exposed to as a business.
The threat of cyberattacks is a concern that every tech company needs to deal with to protect themselves, as well as their customers and partners. Through a combination of education, awareness and planning, any company can succeed in not only combating these threats but also recover from them if they do occur.
The keys to properly protecting your business from cyberthreats are the following: educating your employees about these threats, creating a plan for eliminating these threats and dealing with them effectively when they do occur, and transferring some of the financial risk to a third party via insurance so you know the entire financial weight of dealing with the cyberattack won’t fall on your company and its executives.
Sean X Cummings is CMO at Embroker, a digital insurance company. During his two decades in business, he led global marketing for Ask.com, oversaw digital strategy for consumer leader Amazon Advertising, established an acquisition engine for the financial arm of American Express and helped Nike and other brands succeed. You may follow him on LinkedIn or @Embroker on Twitter.
You May Also Like