Best Practices to Mitigate Cyber Risks


IT’S NOT UNCOMMON to hear about a cyberattack in the news since, regardless of size, every business is a potential target. In the past several years, the logistics and transportation industry has become an attractive target for cybercriminals. Some of the largest transportation and logistics companies have fallen victim to cyberattacks, specifically ransomware attacks. Hackers have stolen and encrypted company data and then demanded a ransom get the data back. Ransomware victims have been forced to shut down most, if not all, of their operating systems for several days. Various attacks have prompted more fraudulent activity by having individuals pose as company employees.

Cyberattacks create a massive headache when customer data is stolen, revenue is lost, or operational disruptions are forced. Several companies have even gone out of business due to the reputational damage caused by a data breach.

Cybercriminals are using more sophisticated tools than ever, making it easier to increase the number of attacks. The goal should be to make it harder for hackers to penetrate your systems and have a recovery plan in place should an attack occur. We will review some best practices companies can use to mitigate their cyber risk.

Identify Risks

Identify the information hackers would primarily target. For example, would they want your employee information or client databases? Once you identify these risks, you can map out a particular risk to potential outcomes and affected parties for each. Identification of risks will help you determine what control measures to implement. Make sure to re-evaluate risks regularly and update control measures as necessary.

Educate Employees

Educate your employees to recognize and report suspicious activities such as phishing or the sudden appearance of new apps or programs. Test employees’ cybersecurity knowledge periodically to see if additional training is needed.

Encrypt Data & Include Offline Backups

Data encryption prevents unauthorized parties from reading the data if they gain access. Having backups of your data avoids losing important information. Using the “3-2-1” rule is a sound backup system to have in place. The rule means you should have three copies of your data, two copies stored on different storage media, and one copy kept off-site.

Install Antivirus Software

Having antivirus (AV) and anti-malware software installed on computers adds an extra layer of protection. Making sure that the software is up to date is also crucial. Hacks can easily occur by having outdated software.

Using Strong Passwords & MFA

Establish rules to ensure employees create complex passwords. This best practice might be easy to overlook. However, password cracking technology has significantly advanced, and simple passwords don’t cut it anymore. According to Microsoft, 99.9% of account-compromised attacks can be blocked by Multi-Factor Authentication (MFA). MFA is a tool that helps fight identity theft or unauthorized access to company systems. You can use MFA for remote network access and privileged or administrative access.

Assess Third-party Vendors

Third-party vendors should be onboarded with your cyber strategies in mind. A vendor risk management program helps third-party vendors and service providers stay compliant with your cybersecurity protocols and not create additional cyber exposures.

Have a Response Plan in Place

According to IBM’s Cost of a Data Breach Report 2021, it takes an average of 287 days to identify and contain a data breach. It could take much longer to contain a breach if you are not prepared to handle an attack— increasing the cost of handling the breach. Make sure you have a crisis response team.

Talk to Your Insurance Provider

Most insurance providers offer vulnerability and penetration testing to assess where you might have network exposures. They can also help review your cyber insurance policy to review any gaps in coverage.

Zuleika Medina is Marketing Content Manager at Avalon Risk Management.