Now is the time to evaluate your organization’s cybersecurity. Cybersecurity encompasses everything related to protecting against criminals who attempt to steal or damage sensitive data. Due to the combination of the significant increase in remote working and the developing sophistication of cyber criminals, the risk of a data breach or a successful cyber-attack is on the rise. Three steps you can take to limit your risk include implementing a formal cybersecurity plan, providing cybersecurity training for personnel, and obtaining cybersecurity insurance.

Implement a Formal Cybersecurity Plan

Planning ahead to take steps to prevent a cybersecurity breach is easier and less stressful than dealing with the aftermath of a breach. All organizations should create formal cybersecurity plans. A cybersecurity plan formalizes and communicates the organization’s security policies to personnel and conveys the importance of adherence to those policies. Simply having a plan is not sufficient. Organizations should designate an individual to provide oversight of the policies within the plan and provide personnel with a contact person in the event of a cybersecurity breach. 

Cybersecurity plans should include the following policies:

• Password complexity and change requirements

• Cybersecurity training requirements for all team members

• Computer hardware safeguarding procedures

• Security standards for personal phones used for work purposes

Implement a Cybersecurity Training Program for Personnel – Employees, Volunteers, and Board Members 

A lack of awareness by personnel can provide an easy opening for cybersecurity breaches. When personnel are not aware of cybersecurity threats, the organization becomes susceptible to risks from outside attacks such as phishing and ransomware attacks through organizational email accounts. Due to the ease with which outside parties can carry out phishing and ransomware attacks, they are one of the most common ways organizations’ systems are breached. By providing personnel with cybersecurity training, organizations can significantly reduce this risk and others. Online training options for employees are available and affordable.

Obtain Cybersecurity Insurance

Although creating a plan and training your personnel will limit your risks, breaches can still occur. Purchasing cybersecurity insurance will minimize the impact of a breach. Cybersecurity insurance is designed to mitigate losses related to security breaches, including losses from business interruptions and network damage. 

Cybersecurity insurance companies may provide a questionnaire that the organization completes to document existing cybersecurity controls. A knowledgeable member of your company’s information technology or cybersecurity team should assist in completing this questionnaire. In the event of a breach, claims may be denied if the insurance company later finds out that information provided to them was incorrect.

Depending on the policy, some cybersecurity insurances will also assist an organization with incident response in the event of a breach. Obtaining cybersecurity insurance as an additional layer against cybersecurity threats is an excellent step to protect your organization. 

Additional Resources

Taking the three steps described above will go a long way in improving cybersecurity for your organization. If you have any questions on how to get started or would like to work with a cybersecurity advisor, our team is here to help. Call 434.296.2156 or email us to set up an appointment today. 

© Copyright 2020 Thomson Reuters. 

Disclaimer of Liability
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability and fitness for a particular purpose.