Cybersecurity insurance is becoming scarce, but there’s a lot you can do to secure your business

If your business is looking for cybersecurity insurance, you may want to read the fine print when it’s time to renew your policy.

As with so many things today, the trend is toward paying a lot more and receiving a lot less.

Cybersecurity insurance premiums have risen dramatically in recent years. At the same time, major underwriters are beginning to place limits on coverage. A major driver behind these trends is a surge in insurance payouts, particularly for ransomware attacks.

To understand software development, you have to understand how the language of software is used by a computer. While it is very easy to gloss over the following distinctions as all being part of "coding," the reality is the distinctions among a compiled program, a script, and a Java app manifest themselves constantly in any organization building or modifying of applications.

Many people who work from home are targeted by hackers and scammers for the following reasons:

• They are part of the gig economy, often working as freelancers constantly seeking the next job or project. They can be very susceptible to promising-sounding opportunities that turn out to be too good to be true.

Cybersecurity threats are everywhere, and can be especially worrisome for small businesses. Small businesses are often targets of cyber attacks because they have information that is attractive to cybercriminals, without the cybersecurity large businesses and corporations have to keep them safe. When running a business, large or small, you must take all measures to protect sensitive information, your employees, and the technology you use.

Hackers are attackers outside of an organization who exploit security weaknesses in computer systems or networks to gain unauthorized access to information, cause mischief, or make changes to files, settings, or systems. Hackers have become increasingly sophisticated over the years, and many are experts on a variety of computer systems and software.

With the increase in cyberattacks and data security lapses, many organizations have changed their overall approach to data security and are taking a risk-based approach to data security.

Christopher Plummer is a Senior Cybersecurity Engineer at Dartmouth-Hitchcock. He is a Certified Information Systems Security Professional (CISSP) and a member of Cyber Health Working Group (CHWG), FBI InfraGard, Crimedex, and the New England Healthcare Information Security Forum (NEHISF).

Plummer has worked across a wide spectrum of organizations and industries, now specializing in healthcare information security. Before moving to Dartmouth-Hitchcock, he worked as a Senior Cybersecurity Analyst for Catholic Medical Center. He also spent nearly 10 years working as an Information Systems and Security Manager for the U.S. Navy. Skye Learning is thrilled to feature Plummer’s expert commentary in the online course Cybersecurity for Healthcare Professionals.

While organizations spend a lot of time and resources working to protect their digital assets, the physical security of the workplace is just as critical and just as subject to attack as is a network.

Physical security involves securing the site, building, office space, servers, computers, and other assets from being compromised at the actual location, rather than electronically over networks. It includes site design and layout, intrusion detection, fire protection, surveillance, physical access control, and emergency response.

It's important to remember that physical security consists of protecting against man-made threats, like intrusion or internal sabotage, as well as natural disasters, severe weather, and accidents that can cause floods, fire, and other problems.

Audit functions are not only good for troubleshooting a system but also for analyzing logs that can help uncover malicious activity in the form of insider breaches or outsider intrusions. In an investigation, audit logs help verify whether the security policy was adhered to and how an employee may have been involved in a security violation. All root and administrator activities should also be logged, and the size of all logs kept to a manageable size. Actions that should be logged include user-level events, application-level events, and system-level events.

The common approach to meeting the challenges of managing data is to map the process of creating and using data to a lifecycle. This is sometimes referred to as data lifecycle management (DLM) or information lifecycle management (ILM).

The purpose of such an approach is to allow an organization to identify the distinct phases data goes through, and then within each step or phase, to identify different security controls that should be in place.

This week, Skye Learning is thrilled to spotlight Dr. S. Atyia Martin, an expert for the AEM®/CEM® Prep Course (U.S. version). Martin is a Certified Emergency Manager (CEM®) with nearly 20 years of experience in emergency management, public health, intelligence, resilience, and homeland security. She was worked for the government, the private sector, and the nonprofit sector. Currently, she is CEO & Founder of All Aces, Inc., a consulting company that advances racial equity and builds organizational resilience. Martin is a distinguished senior fellow for the Global Resilience Institute.