How to Protect Your Organization From a Cyberattack

By: Jacquie Shapiro, Director, Reinsurance & Programs at Tokio Marine HCC – Cyber & Professional Lines Group

Ransomware, which is a malware used to encrypt data and demand money in return for the decryption key, is one of the leading cyber crimes. Though there are numerous potential causes to a cyber breach, phishing scams and negligence continue to remain prevalent for health care organizations, with ransomware costs significantly increasing, which we anticipate will continue throughout 2021.

Health care organizations hold sensitive information including names, addresses, dates of birth, social security numbers, and insurance information that is significant in value. A medical record on the dark web sells for triple the cost of any other record. Incentivized to earn more, criminals are highly motivated to target health care organizations. 

How to protect your organization from a cyberattack

As we cannot predict the course of events, thorough and proactive preparation is imperative. While cyber insurance is one of the primary means of mitigating costs, there are also new tools, processes and technologies that organizations should employ to protect themselves and prevent potential losses including:

• Implementing next-generation cloud enabled endpoint protection, such as the one provided by CrowdStrike, is highly effective in protecting systems against network ransomware variants.
• Requiring two Factor Authentication (2FA), such as the one offered by Duo, on all remote access to your network adds a protective barrier to entry.
• Disabling unnecessary remote desktop gateways.
• Making sure you have segregated offsite/backups, such as the one offered by Datto. The likelihood of having to pay a ransom is dramatically reduced if there is an intact backup solution to recover the data.
• Applying Spam filtering and email configuration to block phishing attacks.
• Providing employee phishing training and simulations to help keep staff aware of potential risks and to keep them informed on the current state of cyber security risks.

These solutions are at the core of staving off ransomware events and network infiltration. With every passing day, the lines between professional best practices and cyber risk management become more and more blurred. We believe that actualizing a few simple tactics and tools can be effective, measurable and achievable.

Resources like CyberNET^® can help a practice understand the cyber risks you face with access to best practices, compliance and incident response guidelines, sample policies, and vendor agreement templates.

CyberNET is available to all MMIC, UMIA and Arkansas Mutual policyholders and can be accessed after signing into your account at ConstellationMutual.com. Go to Risk Resources > Tools & Resources > Cyber Prevention Resources.

Constellation is a trademark of Constellation, Inc.

Share this blog article:

---