What’s your cyber security IQ?

How much do you know about protecting your business from cyber criminals? See if you can answer these questions: 

1. What is the best way to protect your business against a cyber attack?
   A. Use strong passwords and multi-factor authentication
   B. Keep all software updated and patched
   C. Train yourself and your staff to recognize a phishing email
   D. All of the above 
    
2. What is the most common way for a ransomware attack to be launched?
   A. Through a VPN or software vulnerability
   B. Credential theft (stolen login information)
   C. Via a phishing email 
    
3. If you get a ransomware demand, should you pay it?
   A. Yes
   B. No
   C. It depends 
    
4. True or false: Cyber criminals target big companies. Smaller companies like mine aren’t worth bothering with.
   A. True
   B. False 

Let’s see how you did. 

What is the best way to protect your business against a cyber attack?

The answer to this question is D, all of the above. Let’s talk about each of these.  

A strong password has a mix of numbers, letters and symbols, and doesn’t use ‘real’ words. (For goodness sake, don’t use ‘password!’) Use a different password for each website or account and change them frequently. Multi-factor authentication makes you enter a code from your phone to confirm that it’s you trying to log on. Annoying, yes, but not as annoying as having your data compromised.  

Be sure to install software updates and patches as soon as they are available. If a software program you use is no longer supported by the developer, find a new program as soon as possible. Exploiting software vulnerabilities is a popular way for hackers to gain access to your system, and keeping your software up to date is the best way to thwart them.  

Train yourself and your staff to recognize phishing emails. Look for spelling and grammatical mistakes, and double-check that the sender’s address is correct – it can be off by just one letter. And look carefully – AI is making it easier than ever for hackers to create emails that look legitimate. If you get an email asking for immediate payment, or to change the account you typically send payment to, verify by phone before sending any money. 

What is the most common way for a ransomware attack to be launched?

The correct answer is C, via a phishing email, although all of these methods are used. According to the Hiscox Cyber Readiness Report™ 2023, phishing was used as a point of entry 53% of the time, unpatched servers or VPNs 38% and credential theft 29%. (Some attacks were made via multiple points of entry.) 

Clicking on a link in a malicious email is the most common way for hackers to gain access to your system, lock up your files and demand a ransom to unlock the data. If you click on a link by mistake and nothing happens, don’t assume you’re out of the woods. Some bad actors will release malicious code on your system that will stay dormant for a while, and then activate when you least expect it.  

It's also common for a hacker to gain access to your system through an unpatched server or VPN, or by stealing credentials. 

Related: A cyber security expert answers your ransomware questions

If you get a ransomware demand, should you pay it?

The answer to this question is C, it depends. More specifically, the answer is that you typically should not pay, but there may be situations where you should. The key is to know the difference, and you will probably need help to figure that out.  

Let’s look at some statistics around ransom demands, from the Hiscox Cyber Readiness Report 2023. The average U.S. small business that received a ransomware demand paid over $16,000 in ransom over a 12-month period. Yet just half of those who paid recovered all their data – the other half had to rebuild their systems. And more than a quarter (27%) who paid up were attacked again, and the same percentage were asked for more money after the original ransom was paid.  

If you receive a ransom demand, your best course of action is to consult with a cyber security expert, who can help you determine who is likely to be behind the attack and what you should do. If you have Hiscox cyber security insurance for your business, the services of breach response experts are included with your policy.

True or false: Cyber criminals target big companies. Smaller companies like mine aren’t worth bothering with.

The answer to this question is B, false. Data breaches at big companies make the headlines, but small companies get attacked too.  

Cyber criminals are opportunistic, and they will attack any company at which they think they will be successful. Since small companies often have fewer safeguards in place to thwart an attack, making them easier targets.

Related: Is your business prepared for a cyber attack?

A 3-step plan for cyber security

There are three important steps you can take to prevent a cyber criminal from bringing down your business.  

1. Prevent an attack from happening in the first place. Train your employees to detect phishing emails. Ensure that whoever has responsibility for upgrading and patching software is making this a top priority. And emphasize that everyone in the company is responsible for data security, which means protecting their passwords and changing them frequently.  
    
2. Detect an attack early. As soon as you think a malicious link on an email has been clicked, or if there is some other indication that there may be a breach, isolate the computer involved. Take it off the network and run a virus scan. 
    
3. Mitigate the damage. Make sure you have your data backed up either on a remote drive or in the cloud, so you can replace it without having to pay a ransom. Invest in cyber liability insurance, to protect your business from the costs of having to comply with notification regulations, restoring your data, and even paying a ransom if that is necessary.  

How much does cyber security insurance cost?

It depends on the type, size and location of your business, but it’s probably less than you think. To find out how much you would pay for this valuable protection, get a fast, free quote. We’ll help you decide what you need, and we’ll tell you exactly what it will cost. Your company could be covered today.