The year 2013 was already deemed a "cyber tipping-point" by Advisen, a market research firm that argues the prevalence of data breaches and growing number of attacks on small businesses will be a game changer in 2014.
Advisen's predictions have been reinforced by the many data breach news stories we've seen over the last 12 months. Whether it was the dozens of attacks on the Obamacare website or the second largest data breach of all time stealing credit card data from millions of Target customers, the last year was full of stories about the vulnerabilities software engineers and IT companies have to deal with on a daily basis.
New Cyber Attacks Lurking in the Shadows
One of the scariest things about cyber attacks is the ones that don't happen. Did you know that hackers stockpile security weaknesses? That's right: at any given moment there are hundreds of vulnerabilities that cyber criminals are sitting on and waiting to use at the right moment to maximize the amount of data they can steal.
Brian Krebs, a leading tech security expert and author of the blog Krebs on Security, recently wrote about these “cyber weapons caches.” Over a three-year span, two security firms were able to find over 1,000 vulnerabilities in common software.
Another reason cyber criminals stockpile weaknesses is to make coordinated attacks. Data breaches are often multi-pronged attacks, with cyber criminals exploiting multiple security flaws at the same time in order to inflict maximum damage.
New Year's Resolutions: Good Habits to Prevent Data Breaches
With the growing number of attacks and new weaknesses always being discovered, what can IT professionals do to manage their cyber risk? The following are good strategies to implement for a breach-free 2014.
- Get organized. Review your old client records. Set up a system to keep track of which clients use which software so you can remind them to update their systems any time that software is patched.
- Be prepared. Learn your state data breach laws and develop a comprehensive plan to respond to a data leak (for more information read our Data Breach Response Guide).
- Keep your insurance current. Client data breaches are covered by the third-party cyber liability coverage in your Technology Errors and Omissions Insurance policy. If you don't already have this key type of insurance, you can read more about the coverage and cost of an E & O policy. If you do have E&O, make sure you renew your policy as needed and update it any time your business changes. Lapses in coverage cause you to lose coverage for data breaches that happen to former clients.
- Figure out whether you need to expand your insurance coverage. You might be wondering: which small business insurance covers my cyber risk? For most IT companies, E and O Insurance covers their cyber liability. However, if your business stores a lot of client data, you might need Cyber Risk Insurance to cover that liability. Attacks on your computers are covered by Cyber Liability policies, while attacks on client computer are covered by E and O.
To learn more about bolstering your cyber defenses, read "3 Ways to Upgrade Your Data Security for Free."