NewsCyberattacks Are Coming: How to Prepare and Protect Your Business

 

By Jeremy Kauten, CIO and Senior VP of IT, VGM Group, Inc.
www.vgmgroup.com
Connect with Jeremy on LinkedIn

Russia continues its invasion of Ukraine, which began on Feb. 24, 2022. Tensions between Russian and the U.S., as well as other countries around the world, continue to rise. There’s plenty of speculation about what might happen next, but one thing experts are confident of: There will be an increase in cyberattacks coming out of Russia.

Cyberattacks on U.S. entities originating in Russia are nothing new. In fact, some of the largest attacks from the past two years have been linked to Russian hackers, notably the SolarWinds hack in 2020. By slipping malicious code into a software update from SolarWinds, hackers were able to infiltrate an estimated 100+ companies and about a dozen government agencies. One of those agencies? The Cybersecurity and Infrastructure Security Agency (CISA)—the office at the Department of Homeland Security which is tasked with protecting federal computer networks from cyberattacks.

While cyberattacks targeting large entities may be more widely publicized, every organization is at risk regardless of size.

Make no mistake—while cyberattacks targeting large entities may be more widely publicized, every organization is at risk regardless of size. This is especially true of organizations that hold valuable data, such as payment card information (PCI) and protected health information (PHI).

Businesses, including home and durable medical equipment providers, need to prepare. I spoke with several of our experts at VGM Group, Inc. Here are their tips and best practices to help you prepare and protect your business—and the people you serve.      

Level 1: Update, patch, back up, and educate.
From Jay Bracken, CISSP, Information Security Officer, VGM Group, Inc.
www.vgmgroup.com
Connect with Jay on LinkedIn

The first step is to take advantage of the tools that are readily available to you. Many risks can be avoided simply by keeping system software up to date. These updates often include security patches, which fix known loopholes hackers exploit to gain unauthorized entry into the system. I know it’s tempting to click that “update later” button on your device, but these updates are your first line of defense against attackers. It’s not perfect, but if you can make your system just a little bit harder to infiltrate, hackers may just move on to an easier target.

If you can make your system just a little bit harder to infiltrate, hackers may just move on to an easier target.

Still, you’ll want to have a backup plan—literally. Make sure you’re backing up important data and have a contingency plan in place. Better still is to make multiple backups, and keep one set of them separated from the rest of your network. And don’t forget—test restoring from backups! If the time comes when you need them, you want to be sure everything works according to plan. While no one wants to be hit with a ransomware attack, having stable backups to recover from can give you a fighting chance against the attackers, potentially saving you days of costly downtime, and thousands of dollars in ransom.

The easiest way to protect yourself, however, is to educate your employees about how to protect your systems. Researchers at Stanford University and the security firm Tessian found that about 88% of all data breaches can be attributed to human error. Best of all, basic training can be found for very little cost to your organization and is easy to implement.

Level 2: Make sure you’re covered.
From Linda Braden, Senior VP of Claims, Technology, and Projects, VGM Insurance Services
www.vgminsurance.com
Connect with Linda on LinkedIn

Cyberattacks on organizations were on the rise even before Russia’s invasion of Ukraine. According to the 2022 Cyber Threat Report by Sonic Wall, an internet cybersecurity company, governments across the globe saw a 1,885% increase in ransomware attacks in 2021. The healthcare industry alone faced a 755% increase.

It’s now critical that organizations talk to their insurance agent or broker about adding Cyber Liability insurance to their coverage. This protects your business against liabilities caused by the internet or your company’s IT practices. And it can help cover losses caused by data breaches, cyberattacks, and cyber fraud.

Cyber Liability insurance is becoming more expensive, but it’s a small price to pay compared to the cost of a data breach.

It’s true, with the surge in cyberattacks over the last few years, Cyber Liability insurance is becoming more expensive, but it’s a small price to pay compared to the cost of a data breach.

Working with the right insurance partner provides more than coverage in case of a breach, though. The right partner will help you prevent or at least mitigate the risk associated with a cyberattack. This comes in the form of assessments, resources, and education to help you identify your risk and help you prepare.

Be sure to discuss your concerns with your insurance agent or broker so they can walk you through the best way to protect your business.

Level 3: Prepare for inevitable supply chain disruptions.
From Jonathan West, Procurement Director, VGM Fulfillment
www.vgmfulfillment.com
Connect with Jonathan on LinkedIn 

You’ve undoubtedly already heard about the ongoing supply chain issues. These issues were already expected to stick around throughout 2022, and Russia’s invasion of Ukraine has further exacerbated the situation.

Expect costs for shipping to fluctuate—and likely increase—in 2022. 

The stories you’ve already heard throughout the pandemic are still true. Expect delays due to shortages of raw materials. Expect costs for shipping to fluctuate—and likely increase—in 2022. But there’s another less-discussed issue when it comes to the supply chain: cybersecurity. As cyberattacks out of Russia increase, the impact on the supply chain has the potential to get even worse.

Consider this: An iPhone is assembled in China, but it’s made with parts coming from 43 other nations. If any of those suppliers fall victim to ransomware or other cyberattack, increased delays (and likely costs) are inevitable. It can take days or weeks to restore their systems from a backup—not to mention their loss of reputation may put pressure on other businesses to cut ties.

So, what can you do? To get ahead of the supply chain crisis requires companies to continuously monitor every tier of the chain in real time. That’s not feasible for most businesses, so it will be more critical than ever to find the right partner.

Look for an expert that has strong relationships with, if possible, a blend of regional and global suppliers. While it’s good to have a diverse supplier list, prioritize finding a forward-thinking, strategic partner—someone who is already two steps ahead (or at least trying to be). This is the best way to stave off the worst of the supply chain issues to come. Stick together. Keep working with your supplier partners. We’ll get through it.

Level 4: Lead through uncertainty the way you lead through change.
From Sara Laures, Chief People Office, VGM Group, Inc.  
www.vgmgroup.com
Connect with Sara on LinkedIn 

With everything happening in Ukraine and its impact around the globe, it’s easy to lose sight of what matters most to your business: your people. This conflict, much like the pandemic that came before, creates uncertainty and anxiety about the future—which can be problematic for your people and, hence, problematic for your business.

Here are five ways you can help ensure employee well-being:

1. Be compassionate. Acknowledge that the challenges and experiences employees may have are real, and make it known that you’re there to offer support.

2. Create a psychologically safe environment. Encourage employees to talk about the issues and challenges they’re experiencing. It can go a long way toward helping them feel supported.

3. Help managers help their employees. Work with your managers to find ways they can offer more flexibility to their teams. And remind them to check in on their team members’ well-being.

4. Know the signs. Train your employees how to look for changes in behavior or mood that may be a sign that one of their coworkers is distressed.

5. Provide resources to help. Programs and services to support an employee’s overall well-being are critical. Employee assistance programs (EAP) and virtual health platforms are a great resource for those employees in need. But be sure to remind employees about your offerings. According to Gartner, 96% of organizations report offering mental/emotional well-being benefits, while only 42% of employees thought their employer offered them.

Employee well-being is more important than ever.

Employee well-being is more important than ever. People faced a unique set of challenges and disruption during COVID. Now, an escalating conflict with worldwide impact brings another set of challenges. Understanding and compassion will go a long way toward improving employee well-being, while also creating a culture people want to be a part of.

Lean on Your Partners

We’ve now gone from one world-changing disruption directly into another. The impacts of Russia’s invasion of Ukraine are already beginning to be felt in every industry in every corner of the globe. And in times like these, we need to rely on one another. There is much to do to prepare and protect your business. VGM and its team of experts are here to assist in any way we can. Reach out to us today and let us know how we can help.