I cannot forget the story about the jar of candy. There is a huge reward if you take a piece and eat it. The problem is, one of the pieces is poison. So….how many pieces of candy would have to be in the jar before you would be willing to take a chance? The act of choosing how many candies need to be present defines how much risk one is willing to accept.
RiskTool’s pre-populated assessments cover a wide range of topics. Assessments are designed to be “assigned” and represent a point in time regarding how a particular risk is measured or vulnerability to risk is measured. The system is also designed to allow customers or their consultants to create their own assessments and measurement statistics. We encourage you to conduct your own assessments but are on hand to assist when needed.
There’s a common misconception that small businesses are rarely a target for hackers because of their smaller size and lack of valuable data. Any information stored on your systems might be interesting to criminals.
This is a form of malware (malicious software) that attempts to encrypt (scramble) your data and then extort a ransom to release an unlock code. Most ransomware is delivered via malicious emails.
Here are some steps to protect your company:
• User awareness – Users should be very cautious of unsolicited emails, particularly those that ask for a prompt response. Some organizations can quarantine emails.
• Malware protection – Install and maintain anti-virus and malware protection software.
• Software updates – Keep your applications up to date. Patching is one of the single most effective ways to protect your computer
• Data backups – Well-managed data backups can allow you to recover from an unencrypted version of a file. Regularly test your backups.
Phishing is a term used to describe an attempt to obtain sensitive information while posing as a trustworthy contact. An example might be an email appearing to be from your bank or financial institution, credit union, online service, etc.. Spear phishing is a highly targeted attempt to gain information from a specific individual. Phishing emails are designed to be convincing, frequently with perfect wording and genuine logos. A form of spear phishing, called whaling, is where a fake email from a CEO pressures a CFO into making an urgent payment.
Here are some ways to protect your organization:
Cybersecurity in the office may seem to be overly cautious, but understanding cybersecurity needs extend well beyond the office. The use of smartphones and tablets is widespread. Portable storage devices are everywhere as they are a useful tool for the backup and transportation of data. These features also help data thieves.
Here are some steps to prevent data leaks:
Gaining illegal access to IT systems offer criminals a lucrative financial incentive. Gaining access to bank account information or credit card databases have an obvious financial reward. However, intellectual property is also a source of significant value and the target for many government-sponsored actors. The use of social engineering allows criminals to gain insight and trick people into revealing user credentials.
If you have employees (full-time, part-time, or as contractors), the possibility exists they could leak data by mistake or on purpose. The damage from a document leak cannot be overstated.
Try to mitigate the size of any data leak by:
In addition, Insurance Carriers can use RiskTool as a platform to build a community of policy-holders. This community can then collaboratively and actively share resources and information to lower risk, or the vulnerability to risk, resulting in a higher probability of lower loss ratios.