As cyberattacks become more frequent and severe, it is increasingly essential for organizations to practice good cyber hygiene to minimize their risk exposure. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely. Here are some helpful tips for you.

Daily routines, good behaviors and occasional checkups can make all the difference in ensuring an organization’s cyber health is in optimal condition. The following are essential parts of cyber hygiene:

• Passwords—The use of strong and complex passwords—containing at least 12 characters and a mix of upper- and lower-case letters plus symbols and numbers—that are changed regularly is an essential cyber hygiene practice. Users should avoid sharing passwords or repeatedly using them across different accounts.
• Multifactor authentication—Important accounts, including email, social media, and banking apps, should require multifactor authentication to limit the opportunity for cybercriminals to steal data.
• Data backups—Essential files should be backed up separately, such as on an external hard drive or in the cloud. Remember, having your data stored in the cloud does not mean it is secure. You still need a regular backup of that data!
• Firewalls—A network firewall prevents unauthorized users from accessing company websites, email servers, and other sources of information accessed through the Internet.
• Security software—High-quality antivirus software can perform automatic device scans to detect and remove malicious software and protect against various online threats and security breaches.
• Software Updates –Always immediately apply all updates and patches for relevant software.
• Employee education—Employees are one of an organization’s most significant cybersecurity vulnerabilities. Workforce cybersecurity education is essential to teaching employees to identify phishing attacks, social engineering, and other cyberthreats.
• Social Engineering
1. Verify all payment changes by phone. Use a trusted phone number already on file—not one provided on the invoice or email. This step is a condition or warranty of your policy coverage.

2. Secure your email accounts. Use Multi-Factor Authentication (MFA) and remind employees to approve MFA requests only when they initiate them.
3. Communicate with your partners and clients. Let them know that you will always confirm banking changes by phone and encourage them to adopt similar protocols.
4. Test small transactions first. Send a small test payment to confirm new or updated banking details before transferring larger amounts.

For more information on how Cyber Privacy and Crime Insurance can provide additional protection, contact Heather at 587-597-5478 or heather@thorinsurance.ca