Despite the growing awareness about cyber threats, many myths about cyber security still persist. Ready to separate fact from fiction? Here are some of the most common cybersecurity myths.

Myth #1 — Too much security diminishes productivity.

Some business owners worry that increased cyber security protocols will make it difficult for employees to access what they need to do their job. However, in reality, not having adequate cyber security protocols may have long-term and catastrophic consequences for your business. Many preventive measures require little hassle on the part of employees.

Myth #2 — Cyberattacks are only executed by external perpetrators.

Wrong! Insider threats are on the rise and should be a cause for concern for all businesses. Insider threats can include employees, vendors, contractors and business partners and be either a simple case of negligence or can be malicious in nature. A recent survey revealed that insider threats are responsible for more than half of all data breaches. All companies need to have plans in place to help prevent these types of attacks.

Myth #3 — Cybercriminals only attack large businesses.

Small and medium-sized businesses may wrongly assume that their data isn’t attractive to hackers. But these operations are among the most susceptible to cyberattacks. An Accenture survey revealed that hackers went after small businesses nearly half of the time. Unfortunately, only about 14% of these businesses were prepared to act defensively in such a situation.

The lesson: No matter the size no business is immune from hacking attempts and malicious attacks. Hackers don’t discriminate when it comes to their victims. So, don’t let the size of your business determine how valuable your data is or how secure your assets are.

Myth #4 — Cybersecurity and cyber insurance is too expensive

Even though the headlines paint grim stories, some companies still wonder if cybersecurity programs are worth the cost. Data security is frequently overlooked and many organizations respond reactively when they have no other option.

Just how expensive is such a mistake? Consider the fact that the average cost of a data breach in 2021 is $4.24 million, the highest in the last 17 years. This statistic doesn’t even take into account reputational losses and customer losses from a breach. One thing is for certain: The cost of a good cybersecurity plan and coverage is far less than dealing with the consequences of an attack.

There’s a lot of room for improvement when it comes to educating employees about cybersecurity. Case in point: the cybersecurity awareness training firm KnowBe4′s State of Privacy and Security Awareness Report. This report details the state of employee awareness and practices — and it’s not good news for most organizations.

The report is based on feedback from 1,000 employees in small, midsize and large companies in the United States. The purpose is to determine how much cybersecurity training workers have received and how that information translates into cyber security awareness. The report brings some alarming findings to the surface. For instance, employees surveyed could not identify some common and potentially devastating types of cyber risks and how those risks could adversely affect their employers.

According to the report, nearly one-quarter of employees believe that clicking on suspicious links or attachments presented little or no cyber risk. In reality, it’s one of the most common and effective strategies for cybercriminals. Similarly, less than a third of respondents said that allowing family members and friends to use work devices outside of work hours is risky or presents serious risks. In reality, this practice breaks the human firewall chain and has led to breaches.

What’s perhaps the most unsettling is that many employees who work in vulnerable sectors are not savvy when it comes to these matters. The survey found that only 14% of government employees and 22% of healthcare employees can confidently describe to senior management the negative effects of cybersecurity risks. This compares with 47% and 50% in technology and finance, respectively.

At the same time, the bad actors seem to be tuned into this reality. Due to the pandemic, cybercriminals have been taking advantage of industries that have been hit the hardest, such as healthcare, municipalities, and educational facilities. These hackers also see the pandemic as an opportunity to take advantage of employees that are now working remotely on their personal devices.

According to the report, employees in government and healthcare had the least amount of knowledge of social engineering attacks. Per the report, only 15% of government employees “very well” understood the five types of social engineering threats. Think phishing, spear phishing, business email compromise, vishing, and smishing. Workers in health care and education reported only slightly more awareness of these risks, at 16% and 17%, respectively.

This report and others like it underscore the need for regular employee training on cyber security risks and best practices; company-wide cyber policies outlining expectations for employees; the right preventive tools and the right type and amount of cyber insurance coverage.

Facing an E&O claim is a lot like an IRS audit. It’s time-consuming, stressful and something you really want to avoid. In today’s litigious business environment, it’s important to review some of the most effective ways to reduce your E&O risk as well as provide a strong defense in the event a claim is made against you:

Obtain E&O insurance coverage. For many types of business professionals, having errors and omissions (also called professional liability) insurance is critical. In today’s world, you can be the subject of a financially devastating legal claim at any time.

Keep information about each client in a separate file. Include and summarize all interactions with each client via phone, e-mail, text and in person.

Summarize every client conversation and meeting, including phone calls. Include the day and time of the interaction, the name of the client and what was discussed. Don’t skip logging a call because you think it is trivial. Every interaction could be important in the event of an E&O claim or in court proceedings.

Make sure you’re documenting the advice you provide. When a client asks you for advice, include information in their file about what they asked you, what guidance you provided them and what action was taken as a result. If a client elected to not take the advice that you recommended to them, make sure that’s documented as well. Many E&O claims stem from instances in which a client doesn’t take a recommended course of action or says they were given incorrect information.

Keep up with your record keeping. Contemporaneously prepared documentation is best. Documentation should be as thorough as possible given time and resource constraints. Notes are considered especially credible evidence of conversations in the event of a legal claim. You can put information together months or years later, but it won’t be as accurate or credible.

Use your words carefully. Respond to your client as if your conversation is being recorded. Be precise and thorough in every text, e-mail, letter, in-person visit or phone call. Think twice about calling yourself an ‘expert’.

Use follow up letters/e-mails. If the conversation is an extremely important one, you may want to provide a summary of what was discussed in a follow-up letter or e-mail to your client. Documentation, when consistently created, will not guarantee that a claim will be settled in your favor. It will, however, give you the best defense possible.

Did you know that slips and falls are two of the most common causes of injury during the winter months? Rain, ice and snow all can dramatically increase the likelihood that you or one of your employees will end up injured. One of the best ways to avoid a serious injury? Walk like a penguin. It’s easy. Simply spread your feet out a bit to increase your center of gravity and take small steps. Next time you are out on an icy sidewalk, try it. Here are some other suggestions to help prevent wintertime slips and falls:

Monitor conditions from the parking lot to the office area. Spot check your parking area and both your outdoor and indoor pathways regularly to ensure they are safe. It’s easy to track in rain or snow, so keep an eye out for the interior entry area. Clean up any spills, wet floors or standing water immediately.

Wear the proper shoes. Make sure your shoes have proper traction. Dress shoes and other types of footwear that have little or no traction aren’t good choices when there’s rain, ice or snow. Invest in quality winter footwear that you can wear in times of inclement weather.

Assume the surface is slippery. If you aren’t sure whether a surface is icy, it’s better just to assume that it is.

Take your time. Don’t rush on rainy, icy or snowy pathways. Use any handrails that are available to you, and don’t use your cell phone while walking.

Keep your hands out of your pockets. This is an important tip. Walking with your hands in your pockets decreases your center of gravity and balance and increases your chances of suffering an even greater injury in the event of a fall. If your hands are out of your pockets, you’ll be better able to break your fall with them. Use handrails wherever available.

Take care when shoveling snow. It’s a strenuous activity that can lead to injury. When shoveling, keep your back straight, lift with your legs and do not turn or twist your body while shoveling.

Hire a quality vendor. Hiring an outside vendor to handle wintertime maintenance and ensure the safety of your workers can be a great option for your business.

Report unsafe conditions. Encourage employees to report any unsafe conditions inside or outside your facility immediately.

Respond to problems quickly. Anytime there’s an accident indoors or out, it’s critical to review your safety plan and procedures, and if needed, revise them.

At Accurate Protection, we know that businesses face a wide range of risks. Let us help you better manage them!

Is your business OSHA compliant? All businesses are required to follow rules and regulations designed to maintain a safe and healthy workplace for employees. It’s not only the right thing to do, it’s the law. And even if you haven’t had any on-site injuries or accidents, your business still could be subject to fines and/or penalties if you don’t follow the OSHA regulations that apply to your business and industry.106964639_M

The Occupational Safety and Health Administration Act details specific responsibilities employers have regarding ensuring a safe and healthy workspace for their workers:

  • Providing a workplace free from recognized hazards and complying with standards, rules and regulations issued under the OSHA Act that apply to their enterprise.
  • Examining workplace conditions to make sure they conform to applicable OSHA standards.
  • Making sure employees have and use safe tools and equipment and that the equipment is properly maintained. Employees should be trained to use equipment/tools safely.
  • Using color codes, posters, labels and/or signs to warn employees of potential hazards and remind them of best safety practices.
  • Establishing or updating operating procedures and communicating them so that employees follow safety and health requirements.
  • Providing safety training in a language and vocabulary workers can understand. Reminding employees of what they’ve learned in training and providing periodic educational opportunities reinforcing safety.

Federal law provides employees the right to contact their local OSHA office and make a complaint or lodge a concern regarding their place of employment. Because of the importance of worker safety, OSHA takes workplace violations seriously, and Inspections that reveal non-compliance can result in fines/penalties for the business.

OSHA encourages all employers to adopt a workplace safety and health program, regardless of the type of business or industry. These types of risk management programs can substantially reduce the number and severity of workplace injuries, maintain worker safety and demonstrate a company’s commitment to safety. Most successful safety and health programs are based on a common set of key elements. These include a leadership commitment to safety, worker participation, a written safety plan/program and an effective approach to finding and fixing hazards. Simply put, smart planning can protect your business and keep it compliant with OSHA rules/regulations.

Prevention and preparation are the keys to avoiding costly and dangerous accidents or workplace problems. At Accurate Protection, we deliver the strategies, tools and resources that you need to assist with OSHA standards and requirements. We can help you understand OSHA regulations that apply to you and your business/industry, prepare for an OSHA inspection, maintain good records and stay up-to-date on ever-changing rules and regulations. Learn more about all of the ways we can help your business manage its unique risks and thrive.