Rochelle Miller
Rochelle Miller is the business development leader responsible for strategic partnerships within small business at Arthur J. Gallagher.
Not all cyberattacks operate in the same way. Cybersecurity Awareness Month, which is celebrated each October, is the perfect opportunity for associations to bring cyber safety to the forefront and kick off a yearlong training program.
With technology ingrained in numerous aspects of our daily lives, it’s no coincidence that the number of cybercrimes and data breaches grows with each passing year. Though often considered a primary threat for large corporations, the number of smaller organizations and individuals victimized is staggering—often leading to significant financial losses and repercussions that cause critical damage. So, how do you protect your association and its members? The best defense is widespread and continuous education.
According to Cybercrime magazine, estimated cybercrime damages totaled $6 trillion in 2021. The impact of this massive figure may be easier to comprehend when broken down into shorter time measurements: $16.4 billion a day, $684.9 million an hour, $11 million per minute, or $190,000 per second. If cybercrime were a country, its economy would be third, only following the U.S. and China. And that number is expected to top $10.5 trillion in 2025— making it the fastest-growing form of crime worldwide.
Cybercriminals are slick and adaptable, which makes it difficult to anticipate when or how a cyberattack may occur. However, by proactively training your staff and members, you can help ensure mitigation efforts are executed swiftly and effectively to minimize the impact of a cyber threat.
Not all cyberattacks operate in the same way. Cybersecurity Awareness Month, celebrated each October, is the perfect opportunity to bring cyber safety to the forefront and kick off a year-long training program.
Some of the most common forms of cybercrime are:
Denial of service (DoS) and distributed denial of service (DDoS). Overwhelming a service with traffic, sometimes impacting availability by temporarily or indefinitely disrupting services.
Phishing. Deceptive messaging designed to draw out users’ sensitive information, such as banking or business login credentials, or used to embed malicious code to enable remote access.
Ransomware. A tool used to lock or encrypt victims’ files until a ransom is paid.
Malware. A trojan, virus, worm, or other malicious software or code harmful to your computer or network.
Data breach. Unauthorized access and disclosure of information due to a cyberattack.
Social engineering. Attempts to trick someone into revealing personal information via social media channels.
To keep your association safe, determine its exposure risk [PDF] and develop a cyber-risk management program, which consists of these three steps:
Risk assessment. A holistic evaluation of your business to identify areas that could be vulnerable to cybercrime or data breach, along with the immediate rollout of vetted policies and procedures to strengthen weak spots.
Risk mitigation. Implementation of proactive measures to reduce internal and external mistakes and attack exposures. Additionally, the development and regular evaluation of an incident response plan (IRP) not only expedites recovery time and reduces costs associated with a cyberattack but also ensures best practices are followed during such a crisis.
Risk monitoring. The continuous evaluation of potential cyber threats and your ability to protect your business against them, which frequently includes compliance and operational audits to test your organization’s response.
Though it’s imperative to help keep cyber safety top of mind year-round, Cybersecurity Awareness Month is the perfect annual reminder to reevaluate, refresh, and redistribute your cyber risk management program to all team members. One way to do this is to test your association’s cyber risk exposure through a cyber-liability scorecard [PDF]. In addition to that, here are some tips for keeping cyberattack prevention fresh and effective: