Cybersecurity preparedness is a new concept for many businesses, but its critical impact can be described easily with two stories you might recognize from the news.
Southwestern Ontario Hospitals Data Breach
In October 2023, hospitals across southwestern Ontario were hit with a cyber attack on their shared service provider (which has since ceased providing technology for hospitals). This breach disabled most of their systems until they recovered in February 2024. Over these months, hospital staff had to transfer some patients’ treatments to other hospitals, cancel or reschedule appointments, and hire new staff to account for the newfound inefficiencies in the system.
The breach is estimated to have cost the hospitals at least $7.5 million, and that’s not even mentioning the private information that hackers obtained from the hospitals’ systems that was posted on the dark web, including SIN numbers, patient records, and other critical information.
G&J Cyber Attack in Cincinnati
One month after Canadian hospitals were hacked, not too far away, G&J Pepsi-Cola Drink Bottlers Inc. in Cincinnati, OH, leveraged their 8-person IT team to successfully recover from a cyber attack in less than 24 hours.
Their team was so prepared, diligent and cyber-disciplined, that not only did G&J not miss a single order, but 95% percent of their company had no idea they were even under attack.
Steps to Prepare for Cyber Attacks
These two starkly contrasting stories illustrate a crucial point: preparing for cyber attacks can potentially help your business avoid multi-million-dollar damages. Phishing, malware and ransomware remain three major risk factors for businesses of any scale. But by adhering to proper cyber security governance practices, certain threats can be diminished. So, what can you do to prepare?
Update your devices, systems and software regularly.
Updates not only improve the functionality of these processes, but also often update security features and capabilities to thwart emerging threats or vulnerabilities. Not updating these technologies can leave hackers an open door to attack a weak point, and gain control.
Use Multi-Factor Authentication (MFA).
While not infallible, MFA can stop between 30 to 50 percent of cyber attacks in their tracks, according to Robert Grimes of cyber security company KnowBe4.
Strong passwords and company-wide cyber education.
There are dozens of companies that provide excellent cyber security training for staff members in companies of any size. But even simple steps, like not re-using passwords or updating credentials every 90 days can make a big difference in reducing threats.
Implement a cyber incident management plan.
Simply having a solid procedure in place beforehand can make a big difference when cyber attacks happen. Training staff so that they immediately know their role and what to do when a breach happens can help contain the threat or minimize further damages to your company.
Speak to your insurance broker about cyber insurance.
In our collaboration with Arctic Wolf, Ives is now able to offer a cyber program that not only offers broad cyber liability policies, but also offers regular vulnerability scanning tools, incident response planning, and resources like webinars for further education on these topics. The cherry on top is our cyber insurance team from across Navacord, who work alongside cyber security leaders such as Arctic Wolf to make sure that their clients have protections in the case of a cyber breach. Reach out to us, and a member of our cyber insurance team will help get you started.
