incident and provide details on it.
It is your chance to be proactive
and to provide a testimony to your
audience rather than them hearing
a more embellished version via
hearsay or gossip.
If you are attacked by ransom-
ware, you have two options. Pay
and pray OR do not pay and begin
the process of recovery. As a
security company, we do not
advocate paying the hackers for
the ransomware attack as all too
often the money or crypto will be
paid and the decrypt keys will not
be provided. This will most
certainly be a one-way transaction
which we encourage companies
avoid.
Clean up and recovery can be
costly. Consider the number of
computer systems you have. The
applications that need to be
installed on the computers. The
data that needs to be imported and
18
Golf Business Canada
“Insurance companies
are fully aware of the
number one weakness
in the cyber security
chain are humans.
They know that
phishing attacks do
not invoke themselves.
They know that people
are at times careless
and will make critical
mistakes that lead to a
cyber-attack.”
set up again. The downtime it will
cost. The reputational damage you
will incur. What about the
company’s website? Does it need
to be rebuilt? There are many
things that need to be considered.
INSURANCE COVERAGE
Cyber security insurance has been
around for quite a while and
continues to evolve. It is getting
quite expensive, however when
one considers the cost of a security
breach or incident, it can relieve the
majority of the financial discomfort.
With the right policy and coverage,
you may be able to recoup some of
the costs required to get back up
and running, however consid-
eration needs to be given to the
data that cannot be replaced due to
damage, or it being encrypted or
stolen.
Interestingly, insurance comp-
anies are very aware of the risks
they take while insuring businesses.
For that reason, they are now
requiring companies to fill out long
checklists on security measures
wanting to know what the
companies they are insuring have
in place or more importantly do
not have in place that would help
them to reduce the risk of attack.
Based on the feedback from the
questionnaire the premium you
pay will fluctuate.
Insurance companies are fully
aware of the number one weakness
in the cyber security chain are
humans. They know that phishing
attacks do not invoke themselves.
They know that people are at times
careless and will make critical
mistakes that lead to a cyber-attack.
This includes everyone from the
owner to the back office and in
between.
It is for this reason insurance
companies want to know if there
are any training or phishing
simulation programs currently
implemented within the company
they are insuring. They know that
the most effective way to reduce or
limit the probability of an attack is
by providing training for the staff
members and then follow it up by
real world phishing simulations
that test the awareness of the staff
member. These tools are the least
expensive and most effective way
to reduce attacks, and they are top
of the insurance companies’
checklist of highly recommended
prevention measures.
PRACTICAL SOLUTIONS THAT
WORK
Cyber Security Training
(Information Security Training)
InfoSec Awareness is training that
focuses on computer and network
security and safety. It can cover
many topics that include,
identifying and preventing
phishing attacks. It covers
ransomware, detection and
prevention as well as recovery
measures. It will cover identity
theft, social engineering, working
safely remotely, physical security,
spyware, malware and the like.
Staff members should be aware
that their actions when using the
computer could lead to a data