As cyberattacks become more frequent and severe, it is increasingly essential for organizations to practice good cyber hygiene to minimize their risk exposure. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely. Here are some helpful tips for you.
Daily routines, good behaviors and occasional checkups can make all the difference in ensuring an organization’s cyber health is in optimal condition. The following are essential parts of cyber hygiene:
• Passwords—The use of strong and complex passwords—containing at least 12 characters and a mix of upper- and lower-case letters plus symbols and numbers—that are changed regularly is an essential cyber hygiene practice. Users should avoid sharing passwords or repeatedly using them across different accounts. • Multifactor authentication—Important accounts, including email, social media, and banking apps, should require multifactor authentication to limit the opportunity for cybercriminals to steal data. • Data backups—Essential files should be backed up separately, such as on an external hard drive or in the cloud. Remember, having your data stored in the cloud does not mean it is secure. You still need a regular backup of that data! • Firewalls—A network firewall prevents unauthorized users from accessing company websites, email servers, and other sources of information accessed through the Internet. • Security software—High-quality antivirus software can perform automatic device scans to detect and remove malicious software and protect against various online threats and security breaches. • Software Updates –Always immediately apply all updates and patches for relevant software. • Employee education—Employees are one of an organization’s most significant cybersecurity vulnerabilities. Workforce cybersecurity education is essential to teaching employees to identify phishing attacks, social engineering, and other cyberthreats. • Social Engineering
1. Verify all payment changes by phone. Use a trusted phone number already on file—not one provided on the invoice or email. This step is a condition or warranty of your policy coverage.
2. Secure your email accounts. Use Multi-Factor Authentication (MFA) and remind employees to approve MFA requests only when they initiate them.
3. Communicate with your partners and clients. Let them know that you will always confirm banking changes by phone and encourage them to adopt similar protocols.
4. Test small transactions first. Send a small test payment to confirm new or updated banking details before transferring larger amounts.
For more information on how Cyber Privacy and Crime Insurance can provide additional protection, contact Heather at 587-597-5478 or heather@thorinsurance.ca
Did you know cybercrime is now considered the new ‘fire’ in the business world? Protecting your company is crucial, especially with over 72 percent of businesses affected by ransomware attacks in 2023. Here are some eye-opening facts:
You are nine times more likely to have a cyber attack than a property claim.
60% of companies go out of business after a cyber-attack.
The costs of a cyber claim can be devastating!!
Loss from operational disruption
Remediation and recovery expenses
Legal fees
Hiring of expert teams
Regulatory fines
Ransom payment, if you choose to pay it
Reputational harm
Loss of customer loyalty
Enter Cyber Insurance
This is crucial in safeguarding your business from fraud, system shutdowns, and lockouts. CFC Underwriting, a Lloyd’s of London Syndicate and market leader in cyber insurance, offers a comprehensive Three-Pillar Solution.
Pillar One – Prevention:
Through vulnerability scanning, threat monitoring, and claims data, they are used to identify risks. They provide instant support through their Response app, eliminating threats before they develop. “Kindly take a look at these tips as well!”
Pillar Two – Response:
A qualified world-class team of experts who jump in to help you – available 24/7, responding within 15 minutes to triage incidents, contain threats, and get businesses back online.
Pillar Three – Coverage:
That’s the insurance piece where that provides the coverage for breaches, attacks, and the cost of recovering your data, plus additional costs to re-create data and applications.
Cyber insurance is a supplement, not a replacement for your existing IT teams. It’s like adding sprinklers and fire alarms to your building – essential for comprehensive protection.
The Costs
Your current protection levels, business size, and employee count influence premiums. Considering the average cost of a privacy breach exceeds $200 per customer, investing in cyber insurance is an investment in your company’s long-term viability. Moreover, the cost of cyber insurance protection could be as low as $100 per month!
What’s Next?
Let’s discuss how we can tailor Cyber Privacy and Crime insurance options for your business. Get in touch to discuss securing your company’s future.
Why on earth would someone spend time writing a “primer” for business owners on commercial insurance?
I mean, think about it. What do we usually hear about insurance?
“Insurance is like marriage. You pay, pay, pay, and you never get anything back.”Al Bundy
Or,
“It’s a rip-off, and insurance companies are just out to make money.”
And finally,
“The wordings are so confusing and full of fine print.”
Every one of those statements does hold some truth. Sometimes you do pay and never get anything back. That makes some sense. The whole premise of insurance is that “the premiums of the many go to pay the losses of the few.” You may go through your lifetime and never have a claim. You didn’t receive any money from the insurer. However, the insurer was there for you in case you did. Is that different from paying Employment Insurance all your life and never being out of a job?
As for insurance companies, out to make money that makes sense too. Aren’t you in business for the same reason?
The last statement about confusion is almost bang on. The contracts can be confusing, so you must understand the wording of that policy. It’s a contract between you and the insurer. You pay a premium to transfer some business risks to the insurance company.
There is no doubt that insurance can be confusing, and therein lies the reason why you need to take some time and learn more about how you can protect your business.
Many insurance companies are including limited cyber coverage in some commercial package policies on the market today. You need to be aware that this coverage is not intended to provide the higher levels of protection required to cover the varied cyber incidents occurring these days.
Just as you secure your premises to attempt to avoid having a loss, it’s just important to secure your IT systems. In the event you do suffer a cyber-attack, having a solid cyber insurance policy can provide coverage for both first party and third-party losses.
First Party losses are costs that must be born by you, the insured. This can include:
Breach Costs
Data Damage
Network Failure and resultant Business Interruption
Outside provider/cloud service provider failure
Cyber extortion and ransomware
Customer attrition
e-Theft
Third Party losses are those costs that you will be liable for as a result of the cyber breach:
(Network) Privacy and confidentiality liability
Privacy and network security liability
Multimedia Liability
Technology Errors &Omissions
Payment Card Industry Data Security Standard losses (PCI DSS
Additional costs for such expenses incurred in crisis management, fraud response, public relations and forensic and legal may also be included in the protection depending on the insurance product purchased.
Premiums will be determined based on a number of factors including:
Type and amounts of coverage required
Industry and business type
Size of the business
Type of data stored on the network
Risk mitigation and security measures taken by your company
History of cyber-attacks
Privacy policies
An insured loss whether it be to your physical property, a third-party liability claim or a malicious cyber event can put you out of business.
Remember many of the breaches and hacks are caused by simple human error. I’ll share some tips on what to look for so you aren’t victimized.
Let me remind you that I am not a techie. I’m a business owner just like you and feel that it’s important to me to understand the risk and prepare. It’s like putting a fire wall in a building to prevent spread of a fire or ice-melt on your sidewalks to prevent slip and falls. Cyber risk is huge and very costly and I want to be prepared. Hopefully this information will be helpful to you and please check with your tech guru for their expertise.
I preface this blog with a reminder that protecting yourself, your data and data of others, is not just a nice thing to do. There are laws in place that impose strict rules and responsibilities under Provincial and Federal laws. The Personal Information Protection and Electronic Documents Act (PIPEDA) (PIPEDA) and Canada’s anti-spam legislation (Anti-Spam) are two pieces of legislation.
Here are some suggestions as to how you might protect yourself.
1. Know what’s happening. If you read my first blog, you are already aware of the some of the threats posed by cyber-criminals. Good for you!
2. Change your passwords. I know! That’s such a pain. It’s much easier to use one password for all your sites. The danger in that is that if your passwords are duplicated and not changed regularly, a hacker has much easier access to all of your sites. There are a number of software programs available to assist you. Personally, I use Norton’s Password protector.
3. Secure your home office. Have you changed your router password since it was installed? Do you have antivirus software and automatic back-up tools?
4. SPAM. You’ve all seen those emails that look like they are coming from someone you know. So, you click on it or worse yet open an attachment. Bang – you’ve just downloaded malware onto your system. Check email headers and sender’s addresses and only open attachments of verified trusted senders and those that you are expecting to receive.
5. VPN. With so many business owners and employees working from home, it makes it much more accessible to cyber-criminals. A Virtual Private Network on your home computer can mask your internet protocol (IP) address so that your online activity is virtually untraceable. It establishes secure and encrypted connections. Again, shop around to get good speed and reliability.
These are just a few tips that many of you may know about. If not, I hope it’s been helpful. Remember to call on the tech experts. I would also suggest that perhaps an Information Technology Audit might be appropriate to make sure you are safeguarding your assets, maintaining data integrity and operating effectively.
In our next blog, I will talk about the next level of cyber protection – yes Insurance! As technology and society changes, the insurance world must adapt. There are now many insurers who have products available. We will talk about some of the features to look for.
Breaches, DDo’s, Phishing, Whaling, Malware, Porting, Trikbots, Ransomware and Zoombombing. What do these words have in common?
Yes! These are all Cyber Crimes and every business owner who owns a computer and uses email or has a website is a target.
And nowadays we are all more exposed than ever. The majority of business owners and employees are working from home now. You can bet that cyber criminals are also stepping up their game as security working from home is usually not as effective.
The FBI recently announced that cyber crime has quadrupled compared to the months before the COVID 19 pandemic.
Examples of Cyber Risks
Employee Error – losing a USB key, failing to secure passwords. If you do hard drive back-ups and the back-up is lost or stolen that’s a huge potential privacy breach that could cost thousands of dollars.
Malicious Hackers – These hackers attempt to shut companies down – steal data or money. Hackers have become an enterprise with HR, Research & Development and customer service departments
Ransomware/Extortion – This is a hack where data is stolen or made inaccessible and a demand is made, usually for cash (bitcoin). Any business depending on their online presence to sell their products is at risk.
Breach – any time sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual or entity without authorization.
DDos – Distributed Denial of Service. An attack that attempts to render an online service unavailable by overwhelming it with traffic from multiple sources.
Malware – Code with malicious intent that typically steals data or destroys something on the computer. Installed malware on a corporations’ computer can work silently in the background and corrupt months or years worth of data.
Phishing – an attempt to obtain sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Threat Agent – An individual or group that can manifest a threat. This may not even be intentional. It could simply involve an inept computer operator who trashes a batch job by typing the wrong command.
Whaling – An attack that typically involves a hacker masquerading as a senior executive asking an employee to transfer money.
Porting – (SIM porting) someone impersonating someone requests a mobile provider “port” or move his number to a new SIM card on a different device. Criminals steal personal information via mobile phones in order to gain access to bank accounts, apply for credit in your good name, or impersonate you to defraud your entire contact list.
The list goes on and changes as new threats are created and discovered. It’s a moving target.
If you are interested in learning more, you can peruse some of these articles that I have include for you at the end of this blog.
Stay tuned for the next blog where I will share some tips from the experts on some of the ways you can protect yourself.
Thanks for following my videos and blogs. For me, it’s not just about protecting consumers by providing them with insurance options. Its more about education and communication that helps to identify, analyze, evaluate, and treat risk – be it an insurance product or other method of avoiding, reducing, sharing, or retaining the risk.
Remember – “We make a living by what we get; we make a life by what we give”
Take care, stay safe and be well.
In the News
April 1, 2020 Cyber-Attacks up 37% Over the Past Month as Covid 19 Bites
Oct 3/19- Just a name or birthday can be worth up to $1.50 on the black market. A scanned passport or driver’s license can command up to $35, and a full ID package (name, address, social insurance number, e-mail address and bank account number) can go for up to $100.
