As we grow more technologically advanced, the risk of a cyber breach increases and is not slowing down. The logistics and transportation industry has become an attractive target for cybercriminals in the last several years. Some of the largest transportation and logistics companies have fallen victim to cyberattacks, specifically ransomware attacks.
But smaller businesses are now also experiencing cyberattacks at alarming rates. Many businesses can weather a cyberattack because they have a good Cyber Insurance policy but almost as important to their survival is that they have a solid contingency plan in place.
Cybercriminals wreak havoc by stealing customer data and disrupting operations, which can, in turn, result in lost revenue. Several companies have even gone out of business due to the reputational damage caused by a data breach. According to the 2022 IBM Cost of Data Breach Report, it takes, on average, 277 days to identify and contain a data breach. With this timeframe, it's easy to see why the average total cost of a single data breach is $4.35 million. That is a staggering sum for a small business.
Any company, regardless of size, should have active discussions with its employees and management teams about responding to cyberattacks. Companies do not have control over when and how a cyberattack occurs but responding in a defensive mode is something they can control.
Here are some helpful best practices in building a defensive plan:
- Have a detailed communication channel when your system goes down completely. This includes knowing how to communicate with your employees, clients, and business partners, as well as government agencies, in the event your email or phone systems are unavailable.
- Be informed about the notification requirements of your particular state if you suffer a privacy breach.
- Maintain backups of critical information needed to operate. Have it available for office and remote employees
- Educate employees on the different types of breaches and instruct them to report any known breaches to your IT department immediately. Two of the most common breaches are due to Social Engineering and Ransomware:
- Social Engineering – Cybercriminals impersonate someone else and manipulate employees into transferring funds.
- Ransomware – Malware that a cybercriminal covertly installs on a company's computer systems that prevents the user from accessing data or threatens to publish confidential information unless a ransom is paid.
- Having the right Cyber Insurance is an important part of a business's response plan. Talk to your insurance provider about your cyber risks and review the various coverages available in the marketplace. All policies are structured differently, and terms are often changing, so be sure you are working with an insurance agent who is taking the time to explain the coverages and policy exclusions. Most providers (including Avalon) offer vulnerability and penetration testing to assess where you might have network exposures.
While having Business Continuity Plans and the right Cyber coverage are both critical parts of your Cyber Response strategy, the best defense is a good offense. You can avoid making claims on your Cyber policy or putting that continuity plan into action by having some good prevention techniques. Require regular Cyber security training of all employees to help them identify potential scams before they are launched. You must also have updated security patches and up-to-date virus protection on your computer systems, and MFA should be used on all employee devices accessing your network. We always hear about the large companies that suffer cyberattacks, but the small and medium size fish are now fair game too. However, being prepared can reduce your chances of being caught in a cyber war.
Don't hesitate to contact us if you are interested in a network scan or obtaining more information on Cyber Insurance.
The Quest Newsletter is designed to provide critical information in the transportation industry. Avalon Risk Management is not responsible for the accuracy or reliability of information contained in articles. The reader/user assumes all risk in the use of such information.