Technical controls are what most people think of when the word “cybersecurity” comes to mind: encryption, multi-factor authentication, anti-virus software and other slick tools to protect information. While sound cybersecurity extends well beyond these kinds of safeguards, having strong technology inplay to protect data is important.
What most small insurance businesses fail to realize is that these “technical” cornerstones of cybersecurity often require little or no technical expertise to implement. Most require a very nominal financial investment and a few minutes to install software.
If you’ve ever downloaded Spotify, Microsoft Office or any Adobe product, you have the skills needed to implement the basics. Below are some of our top suggestions for a prudent approach to cybersecurity:
- Anti-virus software. Anti-virus software helps detect malicious software that may have been accidentally installed on your computer. BitDefender and Norton are two leading anti-virus brands and are generally cost-effective for small businesses.
- Encryption. Most operating systems, like Windows, MacOS, Android and iOS, have a way of preventing those without a password from seeing files. If you lose a laptop or mobile device, this is critical. A quick online search for “how to encrypt my device type” should point you in the right direction.
- Multi-factor authentication. If you have an option on any of your business accounts (e.g., email, collaboration tools, etc.) to require a second form of authentication, do it. You can have confirmation texts, emails or other secondary means of proving your identity for login.
- Virtual Private Network. VPNs make it easy to encrypt all connections to the Internet so traffic is secure. NordVPN and ExpressVPN both offer simple-to-use and solid options.
- Backups. Failure to backup data leaves you susceptible to losing information and to ransomware attacks. Carbonite, CrashPlan or IDrive are some great, cost-effective options to ensure computers have a safe, cloud-based backup.
There are, of course, endless ways of using technology to protect data. But these are a few of the fundamentals that a regulator would (and should) expect that you have implemented.