Page 8 - NovDec21 Reporter - web optimized
P. 8
Insurance UPDATE Message from the CHAIR
some insights from lbmao past chair,
cyber attacks: how to protect against
them and what to do if you are attacked greg drouillard
Contributed by: ere are some precautionary steps to prevent are essential. With nearly 90% of all breaches greg drouillard reg Drouillard, owner of Target Building Supply in • Is there an appetite for a deferred compensation
system that employees could utilize?
HUB INTERNATIONAL Hhackers from attacking your organization caused by human error and a marked increase Target Building GWindsor, is a past chair of the LBMAO. Greg has • Profit Sharing system?
and a list of steps in case of an attack. Cyber
in working from home and COVID-19-related
been engaged at different levels within the industry
LIMITED attacks are a major security issue, as hackers have phishing attacks, human firewalls are important as Supply, Windsor, ON and has participated in many boards including • How about every member of staff getting a
exploited security weaknesses everywhere, from well. Employees must be trained (and retrained) to STAFDA in the U.S. as well as chair of the TORBSA birthday cake on their birthday for a bit of
small businesses all the way through Fortune 500 recognize and report phishing and malware emails board of directors. recognition?
corporations, with every industry at risk. through an enterprise-wide reporting system. Greg has always tried to be a forward-thinking • Do we consider attracting part time employees?
COVID-19 has made conditions worse. During the Keeping the organization safe dictates that cyber individual and, looking at his own business, he • Do we actively promote from within the
pandemic, more workers are accessing computer security is every employee’s responsibility. has pondered some insightful questions on the organization as a first choice if they qualify?
systems remotely (using personal devices) and • DETECT. Be aware of the threat. Employing employer–employee relationship. • Do we hire to fit the culture?
individuals have been shown to be prone to endpoint detection and response software along • Should we add a company incentive by paying for
phishing attacks involving COVID-19 themed email. with email filtering tools will help detect an Greg’s insights: any related classes, association attendance, trade
Meanwhile, hackers have greater incentives to breach intrusion. Periodically assessing vulnerabilities Employee and Employer engagement as you know show attendance, etc. as a further benefit?
networks than ever: Total damages due to cyber with network virus scans or penetration tests is is changing…a lot! These are strange transition times • Do we pay for gym memberships to emphasize
crime are expected to reach $6 trillion worldwide in especially critical for organizations with multiple with the Gen X and Millennials coming on strong - health and fitness? Quitting smoking class?
2021. locations and complex IT infrastructures. from an age point of view at least. There • Social Media is a big and growing area of business.
Although it’s almost impossible "Do we consider is a BIG difference in the generation Do we compensate and encourage learning this
"While all breaches to prevent all data breaches, Post-Breach Response and Recovery training programs coming up and it is concerning. They broad subject? If a staff member can prove that
may not be organizations that guard against • Document facts and actions. Every cyber attack want more pay, more time off, more their idea can make or save the company money,
intrusions while also establishing or data breach is unique, making it important to continually for benefits paid for by their employers, etc. should there be an incentive so they can be
preventable, a post-attack protocols are best document key decisions and actions taken. As you staff? Do the A few thoughts in point form to rewarded somehow? Perhaps 10 percent of the
well-prepared positioned to identify and respond begin to triage the situation and uncover what vendors we ponder what I have been thinking even savings?
to an attack. While all breaches may
from Target’s perspective.
happened, keeping track of dates, times and details
organization not be preventable, a well-prepared will help preserve evidence and move quickly into • Do we consider training programs As Greg has thoughtfully put into words some
organization is better able to contain recovery. represent consider continually for staff? of the questions regarding employer-employee
is better able and minimize the impact of the breach. • Contact and validate. Engaging IT is the first step this important?" • Do the vendors we represent relationships, it is of interest to all of our businesses
to contain and Here are the checklists for to validating whether you have sustained a cyber consider this important? to establish a professional yet personal approach to
preparation and response: attack. Understanding who was affected, whether • I like the idea of staff non-work get togethers? Do working with our employees.
minimize the sensitive data was compromised and the impact they? These are changing times and being able to adapt
impact of the Preparing for a Cyber Attack will help inform plans to contain and mitigate the • RSP: Does the company regard this as a quickly and respectfully to the needs of your staff
• PLAN. Develop and maintain an incident. recruitment tool, a retention tool? Is it something regarding issues such as daycare, benefits etc. is
breach." incident response plan. Planning • Notify and leverage. An insurance broker will help perceived as valuable to the staff? becoming more important now more than ever!
needs to happen before an attack guide a successful recovery and claims process. • Are there incentives available for staff? Is this a
occurs. Key ingredients of a cyber incident response Notifying the cyber insurance carrier via their model for variable compensation? Is this what the
plan include a list of stakeholders and a plan for breach response hotline is key to leveraging new generation wants? Expects?
notifying them, along with instructions on how approved third-party breach response vendors • Should we consider a referral incentive? If a
to investigate and escalate the issue. The actions that will aid you and help you avoid policy coverage member of staff recommends someone who is
outlined in a good incident response plan are also issues down the road. The process usually involves hired as a result, are they recognized somehow?
often supported by a cyber data breach policy, retaining a privacy attorney, who will ensure • Should we create junior entry positions?
which provides the organization’s driving set of compliance with federal and state regulations and
principles. engage response vendors and notify those affected
• PROTECT. Defend the infrastructure and train the by a breach.
workforce. Technical cyber controls like multifactor
authentication, regular data backups, and firewalls Insurance Update continues on page 22...
8 LBMAO Reporter - September-October 2021 www.lbmao.on.ca 4 LBMAO Reporter - September-October 2021 www.lbmao.on.ca
