Improving your business cybersecurity: Q&A with Paul Paray

Paul Paray is an attorney who provides privacy and data breach counsel. In a recent Small Business Edge podcast, Brian Moran spoke with Paul about ways for companies to protect their data with encryption and training. They also discussed cyber insurance, cyber planning, and cyber security defense. Below are highlights from the podcast. To listen to the entire conversation, click the link above in the podcast player.

Brian Moran: Should companies invest in cyber insurance?

Paul Paray: There’s a movement in the insurance industry to delineate between cyber insurance and non-cyber insurance. For example, most small business owners are acclimated to buy certain policies because they have a need and a requirement. The process is somewhat standard without much negotiation. Cyber insurance is perceived as more of a non-standard line, so there's more customization to the coverages. That's why you have a lot of different players. In the past few years, there's been an uptick in the small business market, and pricing has come down. Today, if you're a small business owner and you purchase cyber insurance, you get a lot of benefits.

Brian: All companies can be vulnerable to cyberattacks. Does cyber insurance cover my losses in the event of an attack?

Paul Paray: Most small business owners are not going to get sued if they have an incident, but they will need counsel, usually a forensics firm, to help them. They can turn to their insurance broker to get access to counsel, which is important in the early stages of an incident.

Brian: What areas are businesses most vulnerable right now to a cyber security event?

Paul: Phishing attacks are one of the most vulnerable areas for businesses today. I’ve seen a lot more training to help businesses spot a potential phishing attack.

Brian: What are some smart ways to protect my data?  

Paul: Let’s start with free. If you have Apple laptops, turn on the firewall. It’s a feature that makes sure your computer is encrypted. Second, make sure you have the right patching which are security updates.

Third, the FCC has something called “Cyber Planner.” They ask a series of questions and then create a cybersecurity defense plan for your business. It’s a free resource that you can find at www.fcc.gov/cyberplanner.

Brian: Thanks Paul for all your suggestions and insights on today’s Small Business Edge podcast. To listen to the entire conversation, click the link above in the podcast player.