Cybersecurity: get prepared in 2020
Every night you lock your doors, and set the security alarm, but is your business really secure?
TLC Group Solutions, a firm that advices on data security, sees many clients who are under prepared for a data breach or cyberattack.
“In many of the local organisations we deal with, on both a personal and professional level, most owners and managers seem to be aware of the dangers of a cyberattack or data breach,” said Taheera Lovell, cybersecurity lead at TLC.
“However, that does not seem to have translated into the required preparation and operational changes necessary to prevent or reduce the damage from a cyberattack or data breach. These shortfalls have been highlighted in the 2019 BMA report as well as the Government's 2018-2022 National Cybersecurity Strategy.”
To help turn around that trend, TLC will be offering a series of lunchtime masterclasses on cybersecurity.
“Data breaches and cybersecurity incidents tend to occur often and affect organisations of all sizes across industries,” Ms Lovell said. “Sure, we read daily about high-profile incidents happening overseas but many local organisations are simply unaware of the steps to take should they fall victim to a data breach or cybersecurity incident, some of which are unique to our small island environment.
“For example, if an essential piece of IT equipment that an organisation relies on for daily business functions has a technical fault and there are no parts or suitable replacements available on island, the organisation may be forced to temporarily close as it could be a week before the new part or replacement equipment arrives in comparison to other jurisdictions with same or next day delivery.”
She has found that one of the areas that organisations continue to find challenging is managing outsourced and third-party risks.
“Too frequently businesses enter business relationships and partnerships without thoroughly assessing cyber-risks and reviewing their data processing agreements,” she said.
Ms Lovell said many organisations don't report when they've been a victim of an attack or breach.
“There isn't an organisation locally responsible for collating such statistics but of recent there have been one or two incidents that were quite high profile in the legal industry as well as a ransomware attack on a bookstore that caused a major interruption in their day-to-day operations,” she said.
She said ransomware is a very real problem and is increasingly being used by organised criminals as a relatively easy and efficient way of funding their other activities.
“The rise of pseudo-anonymous cryptocurrencies such as bitcoin makes it easier for cybercriminals to receive their ransomware payments without being tracked, the minimal back and forth communication necessary once ransomware is activated and the wide variety of user-friendly ransomware tools available on the Dark Web can make anyone a hacker,” Ms Lovell said.
Ms Lovell said with the adoption of the BMA's cyber-risk management code of conduct, many local businesses will need to adopt a much more proactive approach to prepare for any potential incidents.
“The code is currently in draft stage but is expected to be in operation by January 2021,” she said. “The code is comprehensive in its requirements and we would expect many of the smaller to medium Bermuda registered insurers, insurance managers, and intermediaries (agents, brokers, insurance marketplace providers) needing assistance to reach compliance.
“Remember, incidents can be technical or physical and while you can't prepare for everything, it's wise to at least prepare for the most likely threats that your organisation will face,” she said.
The TLC Group will be holding their cyber incident response course tomorrow from 12 noon to 1pm and their data breach incident response course from 1pm to 2pm, at the Cranleigh offices in the Washington Mall in Hamilton.
The cost per course is $150 (general) or $335 VIP which includes a three-course lunch and a half-hour mini compliance assessment or one-to-one consultation to ask any direct questions about data privacy or cybersecurity. If you can't make it in person, they will also be offering webinars at the same time for £99 ($125).
After that, there will be new lunchtime masterclasses every third Thursday of each month, featuring another cyber and data protection topic. For a full list see www.thetlcgroup.pro/training/#start
To register for classes go to www.ptix.bm/Event/3760/Data-Privacy-Cybersecurity-For?fbclid=IwAR2Db_B5AS6WsIa5HtbtH98gR1CuQeiEaSDKITDdEy4oPX4yvRc64J7so_E . For the webinar go to cyberincidentresponsemasterclass.eventbrite.co.uk .