Proactive Best Practices for Cybersecurity

In the conference panel, “Avoiding the Hack: Lessons Learned From Cybersecurity Incidents,” Scott Aubuchon, vice president of information technology for The Aubuchon Co., and Michael Eldridge, chief information officer for Jerry’s Home Improvement Center, shared best practices for proactively protecting your business from cyberattacks.

They were joined by Scott Reynolds, president and CEO of American Hardware and Lumber Insurance, who provided expert insight into cybersecurity, and Luke Vander Linden from the Retail & Hospitality Information Sharing and Analysis Center, who moderated the discussion.

In 2020, The Aubuchon Co. experienced a cyberattack, but thanks to help from its cyber insurance company, was able to get back online and back to business quickly. Aubuchon says it is crucial for operations to have cyber insurance. If something goes wrong, the business needs to rely on its cyber insurance company to walk through the remediation process.

“You’ll never be fully prepared for a situation like this, but you have to be ready,” Aubuchon says. “I give our CFO at the time a ton of credit for making sure we were fully covered by our cyber insurance coverage.”

Reynolds says the most important part of insurance is not the limit, it’s the coach you receive through the insurance company.

“To be able to make that phone call to an expert to walk you through what to do next, it’s invaluable,” Reynolds says.

Insurance is critically important, because when it comes to cyberattacks, it’s a matter of when, not if.

“Big companies have built up their defenses, so threat actors will start looking for easier targets, especially small and medium-size businesses,” Vander Linden says.

Along with insurance, having a safety management program, including firewall and endpoint protection is critical. Eldridge says he is always looking at how deep the company’s defense goes.

“There is no one silver bullet. I’m taking those different products and services and trying to weave them together to create a security fabric that best fits our needs and our company right now,” Eldridge says. “I might have a good solution today, but in six months, it might be outdated. It’s important to keep fresh and current and reach out to the experts I have to guide me.”

Key Takeaways

  • It’s a matter of when, not if, when it comes to cyberattacks.
  • Have cybersecurity insurance.
  • Create a safety management program.
People think that threat actors are just someone in their parent’s basement, but they are real businesses with human resources departments, cubicles and full operations.

- Luke Vander Linden

Vice President of Membership and Marketing, RH-ISAC