<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1602061480087256&amp;ev=PageView&amp;noscript=1">

R&R Insurance Blog

11 Steps to Protect Your Business from Cyber Crime

Posted by the knowledge brokers

Wed, Apr 04, 2018 @ 01:08 PM

RRI_Cyber-530x275-Homepage-CTA_v1aCyber criminals, for the purposes of extortion, can threaten to shut down computer systems or erase data, infect a company with a virus, publish private information or personally identifiable information on customers or employees, institute a denial-of-service attack or take over social media. There are numerous examples of these attacks happening day in and day out, to businesses of all sizes.

Travelers has provided the following checklist to help protect businesses from cyber crime:

1. Know your data. A company cannot fully know how much is at risk until they understand the nature and the amount of data they have.

2. Create file back-ups, data back-ups and back-ups bandwidth abilities. This will help a company to retain its information in the event that extortion occurs.

3. Train employees to recognize spear phishing. All employees should learn the importance of protecting the information they regularly handle to help reduce exposure to the business.

4. Do background checks on employees. Background checking employees can help identify whether they have criminal pasts.

5. Limit administrative capabilities for systems and social footprint. The less employees with access to sensitive information, the better.

6. Ensure systems have appropriate firewall and antivirus technology. After the appropriate software is in place, evaluate the security settings on software, browser and email programs. In doing so, select system options that will meet your business needs without increasing risk.

7. Have data breach prevention tools, including intrusion detection. Ensure employees are actually monitoring the detection tools. It is important to not only try to prevent a breach, but to make sure that if a breach occurs, the company is aware as soon as possible. Time is of the essence.

8. Update security software patches in a timely manner. Regularly maintaining security protections on your operating system is vital to them being effective over time.

9. Include DDoS security capabilities. It is important to have the ability to avoid or absorb attacks meant to overwhelm or degrade your systems.

10. Put a plan in place to manage a data breach. If a breach occurs, there should be a clear protocol outlining which employees are part of the incident response team and their roles and responsibilities.

11. Protect your business with insurance coverage designed to address cyber risks. Cyber insurance coverage typically provides protection for costs associated with data breaches and extortion events. The right insurance program will also provide access to skilled professionals to manage the event from start to finish.

Attend our upcoming Cyber Seminar to learn more about protecting your business.

 

Topics: Cyber

CEOs Paying the Price for a Data Breach

Posted by the knowledge brokers

Mon, Jan 22, 2018 @ 04:01 PM

Fired.jpgDo you know what the following people have in common?

Amy Pascal, Greg Steinhafel, Frank Blake, Richard Smith, Noel Biderman

All were CEOs of companies that lost their jobs following a data breach/hacking of their respective companies.

  • Amy Pascal was CEO of Sony Pictures.  The company settled a class action lawsuit for $15 million
  • Greg Steinhafel was CEO of Target.  They settled class action lawsuits for $50 million
  • Frank Blake was CEO of Home Depot.  The company paid $27.25 million to banks, $134 million to Visa, MC and more banks, $19 million in class action settlements
  • Richard Smith was CEO of Equifax.  Suits are still pending at time of publishing
  • Noel Biderman was CEO of Ashley Madison. They paid $11.2 million to settle claims

The expense of dealing with a data breach can add up quickly.  Take, for example, a hospital that experienced a breach of 40,000 records.  The price tag was $450,000 for credit monitoring and ID Theft insurance, $175,000 in notification and call center expenses, $25,000 forensics costs and $90,000 in legal costs, and $500,000 in regulatory fines.

In another instance, a former hospital employee downloaded 102,000 patient records.  The expenses amounted to $1.4 million in credit monitoring & call center, $500,000 in notification expenses, $500,000 legal expenses, $250,000 forensics, $1.5 million in legal expenses and $750,000 in regulatory fines.

Many companies were impacted by the Petya/NotPetya malware in 2017.  Consider a full day without phones, six days without email, nearly two weeks without complete access to documents, and  $700,000 in lost billings.  That’s what happened when this malware hit a global law firm.  What lessons did they learn?  With ransomware, detection comes too late; everyone has a plan until you get punched in the face; no firm is immune. Globally the malware cost $1.5 billion, including companies such as  FedEx which posted a $200 million loss and Maersk  which posted a $300 million loss, to name just a few.

All companies are at risk regardless of size, industry, or location.  How do you offset the staggering amounts that a cyber event can cost your company?  Invest in risk management, cyber security, and cyber insurance.

 

Topics: Cyber

2018 Starts with Major Cyber Vulnerabilities Identified

Posted by the knowledge brokers

Fri, Jan 05, 2018 @ 10:16 AM

Computer Bug.jpgOne of the challenges that businesses have in protecting themselves from cyber attacks is keeping up with patching vulnerabilities.  In 2017 we saw in both the WannaCry  and the Petya/NotPetya events how quickly malware can spread globally through un-patched, unsupported software.

This week, major computer design flaws have been identified.  Here is a good explanation from KnowBe4, Inc. of the issue:

"Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It's really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

So, What Are We Doing About This?

We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.

In the meantime, we need you to be extra vigilant, with security top of mind and Think Before You Click."

This impacts not only corporate computers and desktops, but also smartphones and internet servers.   Intel, Amazon, Google, Apple, Microsoft, Firefox have either released fixes or will be soon.  

Not only do you need to address this issue, but be prepared in the event that your business is attacked before you can install the fixes.   And, do you have an insurance policy to protect your business?

Topics: Cyber

October | National Cyber Security Awareness Month

Posted by the knowledge brokers

Fri, Oct 13, 2017 @ 03:33 PM

iStock-622184706.jpgEach year National Cyber Security Awareness month is held in October.  As such, many events are held around the country bringing together experts from government, industry and security to share information and enhance the dialogue around cyber risks.

The resounding theme?

Cyber is a risk to be managed not a risk that can be prevented.

Cyber crime is a threat to all industries, governments and businesses. There is no perfect solution and we will be in constant battle against those that seek to extort monies, disrupt our infrastructure, cause damage to our businesses and harm individuals.  Equifax had a cyber security budget of $250 million over 3 years to enhance cyber security  and a team of 225 professionals across the globe and still suffered a breach affecting 145.5 million people. Small business and non-profits are at greater risk as they have neither the funds nor personnel to effectively manage the ever evolving threat landscape.

Cyber extortion became a $1 billion industry for criminals in 2016. According to Rod Rosenstein, Deputy Attorney General for the Dept of Justice, there are 100,000 extortion demands made every day around the globe. 

Business leaders must learn to approach cyber risk as they do other aspects of their business such as safety and compliance. Cyber is a serious and inevitable risk your business will confront. Have you determined what level of risk is acceptable?  There will be financial consequences. It is a grave mistake to think that it will not happen to you.

From Stuxnet in 2010 to WannaCry and Petya/NotPetya in 2017 malicious code can be targeted at a specific Industrial Control System to malicious code being spread to hundreds of thousands of computers around the globe within hours, unsuspecting companies have felt the impact. Companies have incurred losses involving having to replace computer hardware to loss of income in excess of $200 million. 

R&R urges all companies to be #cyberaware and focus on cyber risk management especially during the month of Cyber Security Awareness.   

 

Topics: Cyber

Cyber Risk Goes Beyond Protecting Personal Information

Posted by the knowledge brokers

Tue, Aug 08, 2017 @ 11:17 AM

iStock-169953890.jpg

New technologies are being incorporated into almost all aspects of business, and companies are heavily relying on its continuous functionality for everyday operations. No matter what the industry, a byproduct of this Digital Transformation is cyber risk. As more companies turn to digital automation, often times they overlook the fact that they are also opening up their processes to new cyber risks and vulnerabilities.

Here is one example of how a manufacturing company is run on digital technology:

  • The production line is fully automated.
    • How much product to produce
    • What are the peak production times (hours/days)
    • How many orders they need to process, when shipments are made
    • Just one hour of down time on their production line would cost the business a large amount of money
  • All employees have key cards to enter and leave the premises. Their sales people communicate via their network connections.

This example shows that cyber risk goes farther than just protecting personal information. It’s crucial to keep in mind that any device that can send or receive information via the internet provides an entrance for hackers to breach data, lockdown systems, and disrupt operations, costing you time, money, and security.

In order to keep all aspects of your company safe, it is better to be proactive than reactive when choosing cyber security and cyber insurance. Contact a Knowledgebroker for a free analysis of your cyber insurance policy so you can be better prepared if an attack were to happen.

Topics: Cyber

2017 Breach Forecast: Healthcare will be most targeted sector

Posted by the knowledge brokers

Wed, Aug 02, 2017 @ 02:42 PM

Cyber Healthcare.png2017 Data Breach Forecast Report from Experian:

"Of the potential sources for a breach, electronic health records (EHR) are likely to be primary target for attackers. The portable nature of his information and the number of different entities and end-points that need access to them mean the potential for them to touch a vulnerable computer system is high. While there may be significant protections in place to secure them in transit, it only takes one compromised or outdated system to lead to exposure. Further as more healthcare institutions deploy new mobile applications, it's possible that they will introduce new vulnerabilities that will also be attractive targets for attackers."

"Ransomware attacks may also move from just locking systems to outright stealing information to either sell or leverage for identity theft. Additionally, with the recent Office of Civil Rights (OCR) guidance classifying ransomware attacks as requiring consumer notification, we are likely to hear about a larger number of these types of cases when compared to other sectors".

Think your organization is immune?  Think again:

What is your plan when the inevitable happens to your organization?

Contact your knoweldgebroker for a free analysis of your cyber insurance policy and disaster recovery plan.

Topics: Cyber

Are you Prepared for a Cyber 9/11?

Posted by the knowledge brokers

Wed, Jul 26, 2017 @ 07:52 AM

Capture.pngThis week Lloyd’s of London released a report that stated “a major, global cyber attack could trigger an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as Superstorm Sandy in 2012.” So far in 2017 The WannaCry and Petya/NotPetya attacks affected hundreds of thousands of computers in over 150 countries in an alarmingly rapid period of time.

As reported in The Hill, the Petya malware, which first hit the Ukraine, spread to other areas of Europe and the US. The malware forced a hospital in West Virginia to replace its entire computer system, disrupted operations in Merck, FedEx and Cadbury, as well as stalled operations at the Port of Los Angeles.

Security experts agree that the attacks will continue and will impact more US businesses. And not just giant corporations are at risk. One of the commonalities in these attacks is that they were spread through unsupported software. Many businesses were impacted not directly but through a third party vendor.

  • How well do you know the security of your vendors?
  • How will you recover loss of income when an attack impacts any of your vendors and indirectly impacts your operations?

Imagine a scenario where a global attack comes on the heels of a natural disaster. What about an attack on major cloud provider? Will your business survive? Can your business survive?

Cyber Insurance is not a substitute for cyber security. However, policies are available that will be a valuable asset in responding and recuperating from a cyber attack. Logically, those businesses that understand their risk, have taken all possible precautions and are prepared to respond will be in a better position than those that do not.

Topics: Cyber