Skip to main content
BusinessCyber Liability

Cyber Insurance & Data Security: 10 Ways to Reduce the Risk of a Cyber Attack

By January 27, 2019April 16th, 2019No Comments

To keep up to pace with technology advances, cyber security threats and trends are changing at rapid speed.

As such, it’s critical for companies like yours to reassess your data protection practices and make achievable cyber security resolutions to protect yourself from costly breaches.

Here’s the top 10 things your company can do this year to stay current with your cyber security practices, and reduce the risk of a cyber attack or data breach.

1) Provide cyber security training to your team.

Your employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software.

As such, it’s critical for your company to thoroughly train your employees on common cyber threats and how to respond. Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and over-sharing personal information on social media.

Your employees should also know your cyber security policies and know how to report suspicious activity.

2) Install strong anti-virus software and keep it updated.

Outside of training your employees on the dangers of poor cyber security practices, strong anti-virus software is one of the best ways to protect your data. Your company should conduct thorough research to choose software that’s best for their needs. Once installed, anti-virus programs should be kept up-to-date.

3) Instill safe web browsing practices.

Deceptive and malicious websites can easily infect your network, which can lead to more serious cyber attacks. To protect your company, your employees should be trained on proper web usage and instructed to only interact with secured websites.

For further protection, your company should consider blocking known threats and potentially malicious webpages outright.

4) Create strong password policies.

Ongoing password management can help prevent unauthorized attackers from compromising your company’s password-protected information. Effective password management protects the integrity, availability and confidentiality of your company’s passwords. Above all, you’ll want to create a password policy that specifies all of the company’s requirements related to password management. This policy should require your employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.

5) Use multi-factor authentication.

While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, multi-factor authentication is key.

Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (phone number, unique code, etc.) when attempting to access corporate applications, networks and servers.

6) Get vulnerability assessments.

The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system.

Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.

7) Patch systems regularly keep them updated.

A common way cyber criminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.

8) Back-up your data.

In the event your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.

9) Understand phishing threats and how to respond.

In broad terms, phishing is a method cyber criminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information. Phishing is becoming more sophisticated by the day, and it’s important to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your company safe. As such, it’s critical to train employees on common phishing scams and other cyber security concerns. Provide real-world examples during training to help them better understand what to look for.

Check out our article: Cyber Risk: Beware of Spear Phishing Scams in Ohio

10) Create a cyber incident response plan.

Most companies have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack. That’s where cyber incident response plans can help. While cyber security programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow companies to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.

In addition to these top 10 ways to stay current with cyber security threats and trends, it’s also highly recommended that you review your cyber insurance policy on an annual basis to ensure you have the coverage in place if a cyber attack were to occur at you company.

Check out our article: Top Benefits of Cyber Insurance in Ohio

I’m Pat O’Neill, a risk advisor at O’Neill Insurance in Wadsworth, Ohio, and I’d be happy to help you identify the cyber risks you face, and secure for you a cyber insurance quote. Call me at (330) 334-1561, or email me at


This article was adapted from Zywave. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.