Protect against cyber risks
Every business in Québec is responsible for protecting the information it collects on employees, customers, and partners. Unfortunately, no one is immune to a computer breach, whether a malicious attack or simple human error. That’s why Promutuel Insurance offers customized protection against cyber risks.
Our automatic protection: essential coverage against cyber risks
At Promutuel Insurance, your business automatically enjoys the benefit of Personal Data Protection Insurance. That means that in the event of a confidentiality breach of personal data on customers, employees, and partners, you’re covered for costs incurred and potential operating losses.
Ask about add-on protections to custom-tailor your cyber security
Have bigger cyber security concerns? Promutuel Insurance Cyber Risk Insurance offers add-on protections. Opt for extended coverage for your property, operating losses, and civil liability.
- Privacy breach costs
- Loss of business following a privacy breach
- Extended operating losses
- Loss of digital assets
- Threats and cyber extortion
Online tips and tools for all our insured members
Our cyber insurance coverage comes with free access to valuable online tips and tools, courtesy of our specialized partner in data recovery and business data protection.
What you can do to protect your business
We’ve compiled a list of best practices you can adopt to lock down IT security at your business.
Manage permissions and passwords
Strong permission and password management allows you to ensure only the right people—and no one else—can access your systems and data.
- Your employees should not share accounts. Each person should have their own.
- Permissions should be granted according to employee responsibilities. For example, a production employee shouldn’t have access to HR data.
- Whenever employees move on or change positions, make sure to revoke or adjust permissions accordingly.
Use strong passwords
Following strong password guidelines helps you avoid identity theft, which can lead to loss of control and data leaks.
- Passwords should be unique for each system or service.
- They should also be complex: as long as possible, with upper and lower case letters, numbers, and special characters.
- Passwords should not be easy to guess or contain words or dates.
- Change them regularly, especially if they protect critical data.
- Do not share passwords or write them down. If you do write them down, store them in a safe place. When in doubt, change them!
Keep software up to date
The most common attacks target software flaws, which is why developers regularly include security patches in their updates.
- Your software and operating systems should be licensed, which ensures they’re supported by their developers.
- You should promptly install security patches released by developers or other reliable sources.
Install security programs
Complete security programs (antivirus, firewall, antimalware) help limit IT vulnerabilities and prevent hackers from exploiting them.
- Antivirus software must be installed on every workstation and server. It must also be up to date and running at all times.
- Operating systems often come with a free antivirus option. We recommend installing this option at the very least.
- Your security software should perfectly match your business needs. Do your research, evaluate each solution, and opt for the most effective one.
Make a secure backup of your data
Having access to a backup of your data in case of a major problem (whether due to a malicious act or not) will get you back up and running as quickly as possible.
- Back up your (valuable) data as regularly as you can.
- Backups should be done and stored separately from the source data.
- Backups should also be properly protected to avoid information leaks.
Store data securely (DVDs, flash drives, etc.)
Information leaks are often related to data storage that isn’t secure. You need to protect the devices you use to store your information.
- Storage devices should always have effective IT security measures.
- Whenever data is being transferred, it must be fully protected.
Control physical access to your data and systems
You don’t need to worry about just virtual flaws. Physically securing the premises where your IT systems, storage devices and confidential documents are located is important, too.
- Visitors should not be able to walk around unaccompanied or without being identified and receiving permission beforehand.
- Desktop and laptop computers must be secured to prevent unauthorized use or theft.
- You should limit and carefully control physical access to your servers and critical systems.
- Paper records containing sensitive information should either be protected (for example, in locked filing cabinets) or properly destroyed (with a shredder or other method).
Educate and train your employees
Cyber threats are often related to human error or carelessness. You can greatly reduce these threats by educating and training your employees.
- Unusual requests or emails should always raise a red flag.
- Employees should never open attachments in unusual or suspicious emails unless they’re sure they can be trusted.
- Employees should never be tempted by contests that seem too good to be true.
- Employees should never use professional computers or email for personal use (shopping, dating sites, mailing lists, etc.).
- Regular guidance from IT security experts can help you maintain your best practices and ensure they are up to date.