NEED SUPPORT? CALL (855) 422-8283

Virtual Armour
What is Cybersecurity Insurance (& Does Your Business Need It?)

What is Cybersecurity Insurance (& Does Your Business Need It?)

An unfortunate reality of the modern, connected business world is that it is no longer a question of if your organization will experience a cybersecurity incident, but when. In 2020, there was one new ransomware victim every ten seconds, while the average cost of a data breach the same year was $3.86 million.

Those eye-watering numbers have many organizations of all sizes and in all verticals, justifiably concerned. Improving your cybersecurity posture and ensuring you have an effective incident response plan in place can significantly reduce the amount of downtime your organization experiences should an incident occur, as well as minimize or even eliminate damages. However, to help offset the costs associated with cybersecurity incident recovery, more organizations than ever before are turning to cybersecurity insurance.

man calculating cost or cybersecurity risks and breaches

What is Cybersecurity Insurance?

Cybersecurity insurance (also called cyber liability insurance) is designed to cover the costs associated with cybercrime should your technological systems or customer data be targeted as part of a cybersecurity incident. While your exact coverage will vary depending on your insurance provider and other factors, cyber liability insurance typically covers legal costs and damages such as:

Cyber Liability Insurance vs Cybercrime Insurance: What is the Difference?

Some insurance providers also offer cybercrime insurance in addition to cyber liability insurance. This additional insurance is designed to help compensate your organization for funds lost during a cybersecurity incident such as a hack or social engineering attack, including notification costs, data restoration costs, and associated legal expenses.

What Typically Isn’t Covered

Like all forms of insurance, there are a few things cyber liability insurance typically doesn’t cover. While what is and is not covered will vary depending on your insurance provider and policy, typical exclusions include:

  • Potential future lost profits
  • Loss of value due to intellectual property theft
  • Betterment, which is the cost to improve your internal technology systems, including software or security upgrades, after an attack has occurred

Common Types of Cyber Liability Claims

When it comes to insurance claims, most cyberattacks fall into one of three categories: hacking, social engineering, and malware (including ransomware).


Hacking (gaining unauthorized access to a computer system, usually by exploiting existing security vulnerabilities) is the most common type of attack that leads to an insurance claim. This is because if an attacker compromises your system or network, your company could be liable for a wide variety of costs related to the attack, including:

  • Third-party lawsuits
  • The costs associated with notifying affected parties and other stakeholders
  • Public relations and reputation management costs
  • Regulatory fines

Social Engineering

Social engineering attacks (including phishing scams) depend on an attacker tricking someone inside your company into helping them. Attackers trick unknowing individuals with access to your system into essentially opening the door for them, usually by impersonating a trusted individual (such as their boss or another superior or someone from accounting or the bank) and asking them to click a link, hand over their login credentials, or grant access to restricted areas of the network. The employee then unwittingly either lets the attacker into the network or downloads malware, which grants access or otherwise allows the attacker to wreak havoc.


Malware, short for malicious software, comes in a variety of forms and is an incredibly common type of cyberattack. Malware can be difficult to defend against because every program is different and uses different strategies to infiltrate your network. Ransomware is a very common form of malware designed to hijack your system and lock you and your employees out of the network. The attacker then demands a ransom in exchange for releasing or unlocking the system. However, not all attackers follow through on their end and may simply take the ransom money and leave the network locked.

photo of hooded man hacking with his computer

First-Party vs Third-Party Insurance

What type of cyber liability insurance your organization decides to purchase should be based on a variety of factors, including your needs as an organization and what entities you need to protect. Unfortunately, when it comes to cyberattacks, the business originally targeted is not the only party that may be impacted. As such, there are two different types of cyber liability insurance: first-party and third-party.

First-party insurance protects your company or organization and will cover the costs outlined in your policy associated with an attack. Any organization that handles electronic data should purchase a first-party policy to cover the various expenses that organizations face in the wake of a cybersecurity incident.

Third-party insurance is designed to protect organizations that offer professional services to other businesses that could be impacted in the event of an attack. This type of coverage is often compared to professional liability insurance in the sense that the third-party insurance can help safeguard your business in the event you are sued by another organization for errors you may have made that resulted in damages or losses to the company suing you.

For example, let’s say your organization is a law firm. Your law firm’s data security is compromised, and as a result, several of your clients have accused you of failing to prevent the data breach. In this instance, the third-party cyber-liability insurance would cover your legal fees, government penalties and fines, and any settlements or judgments related to these claims.

What is the Average Cost of Cybersecurity Insurance?

How much your cyber liability insurance plan costs will depend on a variety of factors, including the type of business you run and the level of cyber risk you are exposed to. However, a recent study by AdvisorSmith Solution Inc found that the average cost of a cyber liability policy in 2019 was $1500 per year for $1 million in coverage, as well as a $10,000 deductible.

How much your policy costs will also depend on:

  1. Your size and industry: The more employees you have, the greater your chances of falling for a successful phishing or other social engineering attack, which will drive up your insurance premiums. However, a larger factor is your industry. Different industries are classified as low, medium, or high risk, depending on the type and amount of data your organization stores.
  1. How much data you store, and how sensitive it is: Low-risk organizations, such as small local businesses with limited customer bases, will pay less for their coverage than higher-risk organizations such as retail stores that collect and store customer credit card numbers both instore and online through their website or eCommerce store. Organizations that store large amounts of highly sensitive personal data (such as social security numbers or dates of birth), such as hospitals or other healthcare facilities, will pay higher premiums.
  1. Your annual revenue: In the eyes of most insurance companies, the more money your business makes, the more likely a cybercriminal will target your organization. As such, organizations with higher revenue streams are more likely to pay higher premiums for cyber liability insurance.
  1. How robust your cybersecurity posture is: Most insurance companies reward organizations that take cybersecurity seriously and dedicate significant resources and people hours to safeguarding their digital assets. To help keep your insurance costs low, all organizations (particularly high-risk ones) should invest in robust cybersecurity measures, have sufficient security measures in place, and ensure their employees receive appropriate cybersecurity training.
  1. The terms of your policy: Your coverage limits and deductible also play a significant role in determining your insurance premiums. The more coverage you want, the higher your monthly insurance premiums will be. Your deductible refers to the amount of loss your business is responsible for in the event of an incident that is covered by your policy. Organizations that opt for a higher deductible (absorbing more of the initial costs themselves) typically pay lower premiums but are on the hook for more of the damages in the event of an incident. On the other hand, organizations that opt for a lower deductible will pay higher monthly premiums but will have more of their losses covered in the event of an incident. Organizations with robust security measures in place may opt for lower premiums and a higher deductible, while high-risk organizations that store lots of sensitive data may opt for higher premiums in exchange for a lower deductible.

Does My Business Need Cybersecurity Insurance?

If your organization handles electronic data, you should have at least a basic cyber liability insurance plan in place. Like all forms of insurance, cyber liability insurance is there to cover worst-case, what-if scenarios.

Handing over funds for cyber liability insurance every month may seem like an unnecessary expense, but a large-scale cybersecurity incident can be enough to bankrupt a small or even medium-sized organization and destroy your reputation. Having access to emergency funds to defray costs such as hiring an expert team to help you fend off an attack in progress and limit damages, replacing damaged equipment, paying fines, covering your legal costs, and managing your reputation after an incident could be the difference between your organization weathering the storm relatively unscathed or folding under the pressure.

Take a Proactive Approach

Investing in a robust yet flexible cybersecurity posture will do more than just help keep your premiums low; it can also help your organization fend off attacks in real-time and limit or even eliminate permanent damage to your infrastructure.

Investments such as employee cybersecurity training (both as ongoing training and part of your employee onboarding process) can also help safeguard your organization by giving your team the tools they need to spot suspicious activities (such as phishing scams) and sound the alarm before any damage can be done.

Selecting the Best Insurance Provider for Your Organization

With cybercrime on the rise, more insurance companies than ever are offering cyber liability insurance. As with any insurance policy, it often pays to shop around. Start by finding out if your existing insurance provider offers cyber liability insurance. If they do, you might be able to negotiate a break on your premiums or a better deductible in light of your existing relationship.

However, it also helps to shop around and see what other providers and policies are available. Since the cost of your insurance plan is typically determined in part by your industry or vertical, it can help to reach out to other organizations like yours for recommendations and advice. You may also want to consider consulting with your MSSP (Managed Security Services Provider) to see if they have any recommendations. MSSPs have extensive cybersecurity experience and work with a variety of organizations, so they may be able to help you determine what sort of policy is best for your organization’s unique needs.

For more information about the importance of cyber liability insurance, and cybersecurity in general, please contact our team today.

Our Predictions for the 2021 Cybersecurity Environment

Our Predictions for the 2021 Cybersecurity Environment

2020 was a rough year for all of us, particularly from a cybercrime perspective. As businesses and schools rapidly pivoted to remote work and remote learning, many cybercriminals changed their tactics and adjusted their focus to take advantage of the situation as well as user uncertainty and fear.

As working and learning from home remain the norm for many individuals and businesses around the world, cybercriminals are poised to continue aggressively targeting users specifically using a blend of online and offline tactics

Fortunately, there are many steps your organization can take to better safeguard your digital assets against cyberattacks. As cybercriminals adjust their tactics, businesses of all sizes need to remain agile and stay up-to-date on the latest cybersecurity threats.

2021 Top Cybersecurity News

The Ongoing Fallout from the SolarWinds Attack

The SolarWinds attack, which infiltrated both the US Treasury and the Department of Homeland Security as well as a number of private organizations, rocked the cybersecurity world. Uncovered last December, this wide-reaching, devastating attack is believed to be the work of the Russian Intelligence Agency’s Foreign Intelligence Service and may have been launched as early as March 2020.

This supply-chain attack used malware to infect the networks of most, if not all, of SolarWinds’ customers via a software update. However, because the Russian attackers have had access to a wide number of networks for as long as several months, security experts are still working to determine exactly how widespread the attack was and what sensitive data and systems have been compromised. 

Even once experts know the full extent of the attack, the remediation process will be long and grueling. Entire enclaves of computers, servers, and network hardware across both federal and corporate networks will need to be isolated and replaced even as security teams continue to hunt for evidence of malware, determine what information has been compromised, and create and implement strategies to mitigate loss and damage. 

Number of Cyberattacks Expected to Rise

In addition to dramatically changing how we go about our daily lives, COVID-19 has also provided a convenient cover for cybercriminals as they shift their attack vectors away from large, well-guarded corporate networks to small, potentially vulnerable home networks. One study suggested that, in 2021, a ransomware attack on a business is likely to occur every 11 seconds, up from every 40 seconds in 2016. 

INTERPOL’s assessment of the impact of COVID-19 on cybercrime has shown similar trends, with targets shifting away from major corporations, governments, and critical infrastructure in favor of small businesses and individuals. 

2021 Cyber Attack Trends

User-Targeted Attacks Expected to Rise

As workers swap their cubicles for their kitchens, cybercriminals have changed tactics accordingly. The work from home model has brought with it a rise in successful attacks, at least in part because users are more likely to use personal devices (which are often less secure) for work-related activities.

As users log in from home, they create personal islands of security: a model where each user is effectively following different (often lax) security protocols. When workers are onsite, all of their traffic is routed through your business’s network, which is likely closely monitored by a professional security team. However, without a dedicated security team watching every employee’s home network and personal device, your organization is exposed to increased risk.

Cybercriminals are taking advantage of this increased attack area to create personalized attack chains. While traditional tactics often involved a “spray and pray” approach (where cybercriminals used generalized social engineering attacks, such as the classic Nigerian prince scam, to target a large number of users in the hopes that a few would bite), recent trends have seen a rise in hyper-personalized attacks that target specific uses with privileged access to sensitive infrastructure, data, and systems. 

While this approach is more time-consuming (since attackers need to identify and profile specific individuals to create the targeted attack), this approach is more likely to yield shorter attack-cycles, making it increasingly difficult for organizations to identify and stop attacks in progress.

Another user-focused trend to watch out for is cybercriminals increasingly targeting individuals via their phones.

A Blend of Online & Offline Tactics

The work from home era has forced cybercriminals to adapt their tactics, but unfortunately, many have done so successfully. One tried-and-true cybersecurity attack, the phone scam, has seen a resurgence.  

COVID-19 Scams Continue

According to the FCC, many cybercriminals are taking advantage of the fear and uncertainty around COVID-19 to trick unsuspecting victims into revealing sensitive personal information using social engineering. These include phone calls, emails, or text messages offering “COVID-19 kits”, “Coronavirus packages”, or Medicare benefits related to the virus. Scammers use these promises of assistance to try and convince potential victims to hand over sensitive information such as bank account details, social security numbers, or medicare numbers. 

A similar but related scam involves scammers offering “relief payments” from government agencies. These calls, text messages, and emails typically follow a general format: The caller says you have been approved to receive money, either via a relief payment or a cash grant or even via a low-interest small business loan and then asking for personal information (to “verify your identity”), banking information (so they can charge you a small “processing fee”) or both. Some scammers also ask for payment via cryptocurrencies (such as bitcoin) or gift cards. 

If you are located in the United States and are targeted by scammers, please report your encounter to the FCC.

Fake Tech Support Scams on the Rise

Another twist on the phone scam is the fake tech support scam. This follows a similar format to the scams discussed above but involves cybercriminals asking users to grant access to their computers so they can “conveniently” fix a tech support problem you weren’t even aware you have. 

Criminals then use this access to install malware, add backdoors for future access, or log keystrokes (to capture usernames, passwords, banking details, and other sensitive data). 

SMBs Likely to Invest More in Cybersecurity

As cyber threats continue to rise in 2021, small and medium-sized businesses are, particularly at risk. This is because, unlike large, enterprise-level organizations, many smaller organizations still believe that they are less likely to be targeted.

According to research conducted by Analysys Mason and reviewed in Forbes 2021 cybersecurity predictions, SMBs cybersecurity spending (including services, hardware, and software) is projected to grow by 10% between 2019 and 2024, creating an $80 billion market.

Safeguarding Your Organization in 2021

The best thing you can do to safeguard your organization’s digital assets is be proactive. Make sure you are up to date on all the latest cybersecurity threats and have a well-rounded and up-to-date cybersecurity incident response program in place

You should also assess your current cybersecurity posture regularly to ensure it is continuing to meet your needs, and you may want to consider conducting pen (penetration) tests to stress-test your current defenses. You should also make sure that all new employees receive cybersecurity training as part of their onboarding process and that all workers undergo refresher training regularly. You may also want to consider conducting tabletop exercises to give your team a chance to test their cybersecurity response skills in a no-risk environment. 

Virtual Armour is Here to Help

Safeguarding your organization from cybersecurity threats can be a lot to handle, particularly if you aren’t already a cybersecurity expert. That’s why Virtual Armour is here to help. Our team of experts can review your current practices with you, help you identify weaknesses, and create a plan to strengthen your defenses. We are also able to monitor your infrastructure, firewall, and endpoints 24/7/365 for potential threats and help you mitigate or even avoid damage should an incident occur. 

We have extensive experience working with service providers as well as organizations in a variety of industries and verticals, including healthcare, finance, retail, and energy

For more information about our service offerings or to find out what you can do to safeguard your digital assets best in 2021, please contact us today.

Creating an Agile Workplace: How to Prepare for the Unexpected

Creating an Agile Workplace: How to Prepare for the Unexpected

COVID-19 has fundamentally changed the way many companies conduct business, and not all organizations have handled the jarring transition to remote work smoothly. Daily operations and working conditions can be disrupted in an instant, so your organization needs to be able to adapt quickly and effectively to any situation.
Though no situations are exactly alike, there are a few tools and guidelines you can follow to help ensure the next time a sudden pivot in your workforce is needed it’s as smooth as possible.
By being agile, your organization is set up for success in any situation.

What Makes a Workplace Agile?

Agility in the workplace typically focuses on quickly adapting to the changing needs of customers, workers, and the overall marketplace. The current global health crisis has brought with it a renewed urgency for flexible, agile, and adaptable workplaces as many traditional office-setting workplaces transform into distributed workplaces. Though some organizations may be able to return to the office soon, the fact is that work as we know it has been disrupted, and those disruptions will be felt for quite a while.

What Steps Can I Take to Increase My Organization’s Agility?

While seasoned remote workers already have the skills to ensure their work gets done no matter where they are, an organization that has to suddenly pivot to remote work faces a unique set of challenges. Even if your individual workers are set up for success, can stay productive, and are able to easily meet their deadlines, you need to ensure that your entire workforce is able to continue to work together effectively.

Communication is Key

Frequent, open, and transparent communication is always important, but when your workers are no longer working out of a centralized location, effective communication becomes even more vital for maintaining productivity. Those spontaneous brainstorming sessions over lunch, impromptu meetings, and watercooler chatter may not always appear to be productive, but they play a huge role in developing and maintaining group cohesion and encouraging the flow of ideas.
To help retain some of that impromptu team building and idea generation, you might want to encourage managers to regularly host scheduled coffee meetings or happy hours with their teams. If your organization doesn’t use an instant messaging product like Slack or Microsoft Teams already, now is a great time to adopt that technology. Instant messaging apps can be leveraged for both more serious business discussions and the lighthearted workplace chatter that used to happen over coffee or lunch or around the water cooler.

Adapt Your Communication Style to Suit Your Workers

To help empower your newly configured workforce, you will need to be able to communicate with different categories of workers effectively. This may include your regular remote workers, your newly remote workers, workers who are currently unable to work, and any essential workers you may have that must be physically present in your workplace to complete their tasks.
How you communicate with each group may differ, but you might want to consider using internal messaging apps (like those mentioned above) in conjunction with email campaigns to reinforce key messages and text messages for urgent matters. Try out several different communication styles and see which ones are most effective for which groups and reassess your approach to communication as necessary to promote collaboration and ensure critical messages are being received.

Be Proactive

Any good manager knows that it’s best to tackle potential problems before they become actual problems. By communicating effectively with your workers you can learn about potential problems or sticking points before they become major issues. While it may seem costly to act proactively, investing a bit of time, people power, and funds to address potential issues as soon as they come to light can save your organization more in the long run.
How you choose to keep an ear to the ground is up to you and your organization, but regular check-ins between workers and their managers, between managers and their department heads, and between department heads and the executive team can help prevent information silos from forming and ensure that potential issues are escalated appropriately so they can be addressed.

Focus on Retaining Workers

There is a lot of uncertainty in the world right now, so holding onto experienced workers (and their vital skillsets) is more important than ever. When a critical worker leaves, it can cause a frenzy of uncertainty as workers try to bridge the gap until a replacement worker can be found, causing unnecessary stress and anxiety. Even once a replacement is found, it can take months for them to fully settle in and come up to speed, disrupting your everyday workflow.
Have mechanisms in place so that departing workers can train their replacements before they go on maternity leave, retire, or switch to another organization. You may want to record training sessions so they can be reviewed as necessary or used to train other workers down the line. By setting up the replacement worker for success, you not only minimize disruption but also reduce worker stress and anxiety during transitions.

The Importance of a Good Attitude

However, skills aren’t everything. If you are able to expand your team and choose to do so, make sure you weigh intangible skills (effective communication, positive attitude, proactivity, etc.) as well as looking at the tangible skills required to do the job.
Having workers that are flexible, proactive, and positive can help you weather tough times and reduce friction in the workplace. Skills can be taught, but the right attitude is a lot harder to cultivate if workers don’t have the right mindset to begin with.

Empower Your Workers

How do you feel when you delegate tasks to your team? Are you relieved knowing that they have the right skills and attitude for the job, or anxious that you won’t be there to oversee everything and double-check their work?
Someone who works for an organization that empowers their workers is more likely to feel the former: confident that their team has the skills to handle things on their own.
Empowering people is about more than just giving them unfamiliar tasks; it is about encouraging your workers to challenge themselves and letting them know that you believe they can achieve their goals by periodically taking people out of their comfort zones.
You can encourage your workers to take appropriate risks by:

  • Delegating a variety of tasks, such as having a junior member run a meeting or letting your second in command take the lead on the next big project
  • Rotating roles so that employees can cross-train, building their skillset, and deepening their understanding of their co-workers’ roles
  • Giving your workers the autonomy they need to perform tasks on their own. Training wheels are fine, but they eventually need to come off
  • Encouraging your workers to behave like team leaders
  • Creating room for independent decision making
  • Allowing workers to experiment and try new things without the fear of failure

Don’t Forget the Human Factor

Businesses are run on more than technology and processes; the human element plays a critical role in any business or organization. By encouraging teamwork, escalating conversations when necessary, and creating organic opportunities for knowledge transfer, you can teach your workers to collaborate more effectively and give them a chance to develop a deeper respect for their co-workers and their contributions to the organization. This not only promotes social cohesion, but encourages cross training so that employees can remain flexible and, in a pinch, take on new tasks when emergencies and other unexpected changes occur.

Promote Collaboration & Autonomy

A strict hierarchy can be restrictive, delaying ad hoc projects and creating frustration, particularly for workers at the bottom. Establishing horizontal communication channels as well as vertical ones, can increase collaboration and reduce delays.
Another way to make your workforce more agile is to allow teams to work on their own without requiring management to constantly steer the ship. Create a team and invite one of its members to temporarily adopt the role of team leader. Give the team tangible objectives and a reasonable timeline for a project and see what they create. By creating self-managing teams, you can drive collaboration and enhance learning, making your organization more agile overall.

Feel Free to Experiment

A driving principle for many highly agile organizations is that experimentation drives innovation, which leads to change. It’s important to not only be able to respond to change (or adversity) effectively but approach it proactively and be a driving force for change.
Being able to adapt to change can help keep your business afloat, but having the ability to propel change can help ensure you stay ahead of the competition.
However, it is one thing to pay lip service to some vague idea of change and another thing entirely to put your money where your mouth is. Don’t just focus on the executive suite or department managers and ask everyone else to follow their lead, but instead encourage every employee, from the summer intern up to the CEO to get involved.
Many organizations encourage this by giving employees time on the clock to dedicate to their alternative musings. This not only encourages experimentation but gives workers the chance to fail (and fail fast) before moving onto their next idea.
You can encourage experimentation at all levels of your organization by:

  • Having regularly scheduled brainstorming sessions
  • Encouraging team members to discuss their interests beyond work
  • Actively encouraging workers to work on ideas that resonate with them
  • Offering personal support and help if and when required
  • Eliminating or reducing constraints when possible

Being agile is not only important for weathering the COVID-19 storm, but also for weathering future storms and remaining at the forefront of your industry. By taking the time and energy needed to help promote agility at all levels of your organization, you can help future-proof your company and create a great place for workers to work, learn, and grow.

The Costs & Infrastructure Tied to a Remote Workforce

The Costs & Infrastructure Tied to a Remote Workforce

COVID-19 & the Sudden Shift to Remote Work

As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.

The Infrastructure & Costs Required to Effectively Support a Remote Workforce

Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).


If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.

Secure Connections & VPNs

The Costs & Infrastructure Tied to a Remote Workforce
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).

Leveraging the Cloud

The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.

Staying Connected

The Costs & Infrastructure Tied to a Remote Workforce
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.

Reliable Home Internet

Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.

Shifting to Remote Work Can Help Future-Proof Your Business

By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.

Cloud Isn't the "Future"; It's the Now

Cloud Isn't the "Future"; It's the Now

Technology is continually changing and evolving, creating new and innovative ways to conduct business. While many of us may still think the cloud is some futuristic concept, in reality, it’s already here and has been for a while.

What is the Cloud?

At its core, the cloud is a collection of web-based applications. Instead of purchasing a program, installing it on your computer, and running it locally, the cloud allows you to remotely access programs using the internet. Instead of running on your machine, these programs are run on large, high-tech servers. Chances are you are already using the cloud; you just might not know it yet.
An excellent example is Google Docs. Even just a few years ago, if you wanted to create a text document, you would likely open up Microsoft Word. That meant that if you wanted to start on a document using your desktop at work, then review it at home later you would have to either save the document to a USB drive and physically bring it home or email it to yourself, make any changes, and then either resave the edited document to your USB drive or re-email it to yourself.
Google Docs works a lot like Microsoft Word, but the documents you create are stored on the cloud, not your local machine. That means that if you start a document on one computer and then switch to another machine, you don’t have to bring your document with you. Instead, you simply log into your Google account from the new machine, access your Google Drive (where your Google Doc is stored), and continue working. This also means that multiple people can view, comment on, and edit the same document in real-time from different locations.
Cloud Isn't the Future It's the Now

What Are the Benefits of Using the Cloud?

The cloud has many benefits beyond conveniently sharing and editing documents that update in real-time.

No Special Software

Before the cloud, if you wanted to use a program, you would need to purchase and install specialized software to do so. Now, all you need is an internet connection and an account. This makes it easy to work remotely, either from home or while away on business, and ensure that everyone is working with the most up to date version of each document or item.
It also means that you, and your company, can easily access a variety of more specialized programs without the need to physically purchase and install them.

No Data Backups

Since your data is stored remotely on a server, instead of on your computer, you don’t need to worry about backing up your data. The company that runs the servers handles all of that for you, freeing you, your staff, and your physical resources up for other tasks and lets you rest easy knowing that if an incident occurs at your organization, your data is protected.

Cost Savings

Purchasing and installing computer programs can be both costly and time-consuming. While some cloud-based programs require monthly fees to access, these are still typically less expensive than purchasing the program outright would be.
Cloud-based programs also require less IT support from your company since you don’t need to pay a professional to install software or network computers to a server, and any problems with the software are handled by the company that provides it, not your IT personnel.
The cloud also allows employees to work remotely more effectively, which can cut down on your infrastructure costs by reducing the amount of office space your organization requires. It also means that you no longer require brand new computers almost every year to support the latest software, since even older models can easily access cloud-based programs.

Automatic Updates

One of the most important things you can do from a cybersecurity perspective is to ensure all your software is up to date. With cloud-based software, the company that created and maintains the software handles all updates for you, freeing up employees for other tasks.


Using the cloud means that your organization can quickly and easily scale your operations or storage needs up and down depending on your current situation. Any new software or upgrades can be accessed quickly and easily, and may not even require upgrading your account.

Minimize Disruptions

Storing your data in the cloud means that if something happens to your office, such as a fire or a power outage, you can more easily resume normal operations. Data on the cloud remains safe and secure, and can easily be accessed remotely if necessary.
Cloud Isn't the Future It's the Now

Increased Cybersecurity – If You’re Prepared

A type of malware called ransomware (such as the famous Wannacry and Petya ransomware attacks) targets companies by encrypting their data and holding it hostage until the ransom is paid. Unfortunately, too many organizations are forced to cave because they don’t have proper backups of their data, and they can’t continue with normal business operations while their data is inaccessible. Storing your data on the cloud drastically reduces the effectiveness of ransomware attacks targeting your specific organization.
However, though the cloud has many benefits, it also brings with it unique cybersecurity considerations that you should discuss with your Managed Security Services Provider (MSSP). Your MSSP can help you identify potential vulnerabilities and address them effectively to safeguard your cloud-held digital assets better.
The cloud has already changed how we work, streamlining a lot of processes, making it easier to adjust our storage and operations quickly to better suit our needs, and making collaboration easier than ever. Though it has brought with it new cybersecurity concerns, these can be safeguarded against, and their potential impact mitigated, with flexible, robust, and tailored cybersecurity solutions.

Hacked? Here's What to Know (& What to Do Next)

Hacked? Here's What to Know (& What to Do Next)

Whether criminals are posting inappropriate or illegal content on your company website, sensitive data, and emails have been accessed by unauthorized users, or your data is being held hostage by ransomware, being hacked is every organization’s worst nightmare.

Though there’s nothing you can do to ensure a breach never happens, there are a lot of things you can do to minimize the likelihood of a breach occurring and, if one does happen, a lot you can do to contain and mitigate the damage and disruption associated with the incident. 

Contact Your MSSP

A good Managed Security Services Provider (MSSP) will help you respond quickly to a breach once you let them know a cybersecurity incident has occurred. A great MSSP will have been monitoring your systems closely and already know a breach has occurred, possibly even before you do. 

If, for some reason, your MSSP doesn’t already know about the breach, the first thing you should do is contact them for advice. Your MSSP will assess the situation and offer expert advice and support to help you repair the breach, minimize damage, alert users and relevant authorities, and assess the situation afterward so you can strengthen your cybersecurity defenses. 

Learn More: What is a Managed Security Services Provider?

What to Do When You Get Hacked

Find Out How the Incident Occurred

Before you can respond effectively to the incident, you need to know exactly what happened. Was software not kept up to date? Did an employee click on a suspicious link in a phishing email? Was a company laptop left unattended and stolen? Was your organization targeted with ransomware?

Once you know exactly what happened and what systems and files were accessed, you can work quickly to address the incident, thoroughly assess the damage, and take the necessary next steps.

Implement Your Incident Response Protocols

If you don’t already have incident response protocols in place, you should start crafting some right away. Each protocol is a plan that allows you to respond effectively to a specific threat or incident, sort of like safety plans for cybersecurity. Just like a fire safety plan outlines, in detail, what everyone in the building should do if there is a fire, a well-crafted incident response protocol should outline who should do what in the event of a cybersecurity incident.

However, having an incident response protocol is only useful if everyone involved knows exactly what their role is and how to carry out their duties effectively. To help everyone get familiar with the plan, you should have all critical personnel work through tabletop scenarios regularly.

Tabletop scenarios are like fire drills: they pose a hypothetical scenario and let your employees work through and refine their response in a no-stakes environment. When the scenario is complete, your team then sits down, preferably with someone from your MSSP, to review your response, look for weaknesses, and further strengthen your current protocols.

Though scheduling a tabletop scenario now won’t help with the current situation if you have already experienced a breach or other cybersecurity incident, you should begin drafting robust incident response protocols and conducting tabletop scenarios as soon as the current situation is resolved.

What to Do When You Get Hacked

If Necessary, Go Into Lockdown Mode

Depending on the nature of the incident, you may need to go into lockdown mode. If a company laptop has been infected with malware, that device needs to be isolated from the main network to avoid spreading the virus. If a particular area of the network has been compromised, that section should also be isolated from the larger network to prevent cybercriminals from accessing other systems.

One way to prevent cybercriminals from easily accessing multiple systems if they can hack into your system is to follow the zero trust architecture model. Zero trust makes lateral moves within the system more difficult by automatically assuming every user is unauthorized, even if they have already verified their identity and limits access to each area to employees who truly need it to perform their duties.

If your firewall and other perimeter defenses are the security guard at the front desk, zero trust architecture acts more like the RFID badges your employees wear as they move about the building. Once someone has moved beyond the security guard at the front desk, they still need to verify their identity before they can access restricted or sensitive areas, typically by swiping their keycard to unlock doors. This extra layer of security ensures that even if a cybercriminal gets past your firewall and other perimeter defenses (sneaks past the security guard), their access is limited to non-critical systems where they aren’t able to cause as much damage before they are discovered by security and removed.

Inform Your Users & the Relevant Authorities

Once you have contained the breach, isolated any infected systems or devices, and begun to repair the damage done by the cybercriminal, you need to inform your users or customers as well as the relevant authorities.

For example, GDPR (which applies to all organizations and companies whose customers include EU citizens) requires breaches are disclosed within 72 hours of their discovery, and US law requires that organizations notify affected individuals if their personally identifiable data may have been compromised.

Depending on which states you conduct business in, your organization will likely also be subject to other reporting laws. If you are unsure what is required of you in the event of a cybersecurity incident under state laws, your MSSP can help you review the relevant state laws and ensure that you comply with them fully.

Review What Happened & Improve Your Cybersecurity Protocols

Once the cybersecurity incident has been resolved, it is time to review your current protocols, identify which weaknesses were exploited, and craft flexible yet robust protocols to strengthen your cybersecurity posture.

This task may sound daunting, but that is where your MSSP comes in. Not everyone is a cybersecurity expert, and that is alright. Your MSSP’s job is not just to monitor your systems and help you respond to breaches. They are also there to provide expert advice and suggestions and help you avoid or minimize the impact of cybersecurity incidents going forward. 

Practice What You’ve Learned

Once your current cybersecurity protocols have been strengthened or updated, it’s vital that your employees understand what has changed, why those changes were made, and how they should respond to various cybersecurity incidents moving forward. Make sure any changes or updates are clearly communicated to all employees and relevant outside contractors, and that all concerned parties are given the chance to ask questions and seek clarification if necessary.

Once everyone has been brought up to speed, you should contact both a tabletop scenario and, if relevant, a pen (penetration test). A pen test involves hiring an ethical hacker to stress test your current cybersecurity protocols and try to access sensitive data. Once the test is done, the hacker then sits down with your organization and details what systems they were able to gain access to and how they managed to get past your defenses. They can also then provide you with suggestions for strengthening your cybersecurity posture.

A cybersecurity incident may be every organization’s worst nightmare, and when they happen, the consequences can be devastating. Having a great MSSP can help you recover quickly and effectively from a cybersecurity incident and strengthen your defenses to avoid future incidents. With 24/7/365 monitoring and a 15 minute guaranteed response time, VirtualArmour can help you craft robust yet flexible cybersecurity protocols so you can better safeguard your organization’s digital assets.