Good practice last year isn’t good enough anymore.
Even cyber-insurance providers are getting more selective before accepting cover, or worse, before paying claims.
With the number of claims skyrocketing insurers are increasingly asking, “What did you do to protect yourself from the obvious and known risk from cyberhackers?”
The levels of protection you put in place 1 or 2 years ago probably aren’t adequate for the threats today. They are evolving so rapidly.
So what can you do?
Hackers aren’t waiting for you to make a decision to put protections in place.
They are spending every waking moment trying to find new ways of stealing your data. They have set themselves up as businesses to do evil. They hire the best and brightest talent, and have the latest tech – simply because it’s worth it. Its organised crime and these guys are the mafia of the modern age.
We see continuous hacks on most of our clients. These are attempts to penetrate their firewalls, or guess their passwords on Office 365. We see fake webpages through phishing attempts, and we see techniques to harvest password reset questions by asking for favourite teachers, or first cars, or favourite band on platforms like FaceBook.
That’s why your cyber-insurance and business continuity insurance providers will be starting to ask more demanding questions when you renew your cover. They are well aware of the risk and they want to know that you have taken all reasonable steps.
You need to be able to reassure them that you have:
- deep endpoint protection
- a penetration and vulnerability assessment
- data governance that is fit for purpose
- awareness programmes for all users and verification
- dark web monitoring
- multi-factor authentication and complex passwords
and so much more – the very items we have included in our KARE for Security services.
The question for you, and your insurer, is what level of protection is appropriate for your organisation so your insurer will cover you if you need to claim? That is why we have two levels of cyber-protection, and, because this isn’t static, it is why we keep investing and researching additional tools to help defend you from harm.
The Hackers are turning up their attacks on you – are you turning up your defences to match?
One quote we saw recently that rang true was:
“A cybercriminal only has to be lucky once, while a defender has to be lucky every minute of every day.”
What’s your next step? We’ve created a simple 9-point checklist to help you navigate the cyber-risk landscape and find the right solution for you.
Are you maximising your technology investment?
Are you maximising your technology investment? When you last made a significant IT investment, you had a clear understanding of why you made it and the return you were seeking to achieve. You might even have had to justify it to a board and make various assurances...
IT is more than silicon – have you ever stress tested the human side of your I.T?
I.T. is more than silicon - have you ever stress tested the human side of your I.T? Every chain relies on every link, and the stronger each link, then the stronger the chain - hence the saying about the weakest link. Your IT chain has people - we need to think...
Are the appropriate IT Governance controls in place to protect your business value?
Are the appropriate IT Governance controls in place to protect your organisation? In most organisations, IT has grown organically, meeting business needs as they arise. Those demands have come through thick and fast from almost all areas of the organisation's...
Are you meeting your obligations to shareholders/stakeholders?
Are you meeting your obligations to shareholders/stakeholders? Until relatively recently an organisation's board typically only got involved with IT when the management wanted to proceed with a major capital investment - a system refresh, new software or a similar...
What to look out for in Windows 11
Whether we like it or not, Windows 11 has been putting in an appearance on many of our machines. For some of us, it is exciting to get a shiny new version of Windows. The potential is compelling. For others of us, we just want to get through our work and we don't...
10 IT Questions every Law Firm should be asking about their IT
Is IT Critical To Your Law Firm? From managing matters to productivity, from Deeds and archines to Precedents and Documents, Collaboration and Filing... Law Firms RELY on IT. Here are the key questions every FIRM should be able to answer about their IT...
Is the partnership doing enough to get the cyber-security cost/risk balance right?
Cyber-security protection can feel like an unending cost.You'll already be aware that the bad news is - no matter how much you do, there is always more that can be done, and no promises that any of the steps you take will make your practice 100% safe. We keep...
Is your IT strategy meeting the business needs of your partnership
There’s a saying that goes “A goal without a plan is a wish." With that in mind, do you have an IT Strategy? Is it aligned with your practice's business plan? The reason this is important is that it allows you to make better decisions and be more proactive with your...
Does your firm have the right relationship with your IT provider?
Regardless of whether your IT provider is your in-house IT team or a trusted business provider, do you have the right relationship with them? The right IT provider will ask "WHY" long before they ask "WHAT" and will be focused on proactively adding value to your...
Does your firm have an appropriate Data Privacy Policy?
Data Privacy is now a hot topic in NZ. As a law firm, you will be more aware of the legislation than us, but we have been astonished that not every firm seems to understand the ramifications for their own work product. You will know what is driving our concern:...