Skip to main content
Category

Cyber Security Awareness

Cost Of Cyber Breaches For Businesses

By Cyber Security Awareness

A cyber breach occurs when someone gains access to information they should not have. In our age of digitization, all businesses face cyber attack risks that could halt operations temporarily or permanently. Discover the cost of a cyber breach and ways you can protect your business.

Calculating the Cost of Cyber Breaches

The Wall Street Journal estimated that cyber crime in 2014 cost U.S. businesses $100 billion. That figure could top $2.1 trillion worldwide by 2019. Consider these nine common cyber breach costs.

1. Loss of Customers – A 2016 study found that 76 percent of consumers would stop doing business with a company that suffered repeated data breaches.

2. Business Disruption – Business process failure and lost employee productivity account for almost 40 percent of the total cyber attack costs. This figure does not account for lost ideas or blueprints. Additionally, your business could lose half of its annual revenue if a cyber attack occurs during the busy season.

3. Breached Client Records – Lost or stolen records that contain sensitive or confidential information can cost a company more than $221 per record.

4. Notification Costs – PCI, HIPAA and other regulations require your company to notify each individual whose information was affected by a cyber attack. The average notification costs in 2016 totalled $0.59 million.

5. Public Relations – To repair your reputation, expect to spend significant time and financial resources preparing and distributing media resources, informing victims, employees and shareholders about ongoing breach repair efforts, and acquiring new customers.

6. Legal Costs – Major retailers have paid as much as $10 million to settle class-action lawsuits filed by consumers. Your costs may not be that high, but you could face hefty legal fees in addition to your legal defense costs.

7. Regulatory Fines – After a breach, your business could face fines from several regulatory agencies, including the Federal Trade Commission, Federal Communications Commission,  Payment Card Industry Data Security Standard or Health and Human Services.

8. Identity Theft Repair and Monitoring – The cost of identity theft repair and monitoring averages $10 per victim.

How to Reduce Cyber Attack Risk

Unfortunately, your business cannot protect itself 100 percent from a cyber breach. However, you can take steps to reduce your risk.

First, implement data loss prevention technologies, including encryption. Then train employees to protect information and systems. You should also prepare an incident response plan and team as well as a business continuity management plan. Purchase cyber insurance, too, since it can cover financial loss.

A cyber breach is expensive and could break your business. Contact your insurance agent for specific tips on how you can protect your company.

How To Protect Your New Smart TV From Hackers

By Cyber Security Awareness

The brand new Smart TV you receive for the holidays adds value to your home entertainment system. Connect it to the internet and use a remote control, smartphone or tablet to watch movies and videos, post photos to social media sites, and access apps such as Netflix and Skype. Despite its smart features, your Smart TV can be hacked. Take steps to protect your new Smart TV from hackers.

How are Smart TVs Hacked?

While technology manufactures work tirelessly to patch potential security problems in smartphone and computer technology, Smart TV manufacturers haven’t been as vigilant. Hackers can gain access to your Smart TV via an unsecure internet connection or application source codes. They can then perform several malicious or invasive tasks.

  • Steal your credit card information or identity.
  • Access your passwords.
  • Utilize voice recognition software for data-mining purposes.
  • Use your browsing history to send you targeted ads or instant advertising messages.
  • Turn the camera on and spy on your or your possessions.
  • Take over social media apps and post questionable, offensive or inappropriate content on your behalf.
  • Access and modify files.

How to Prevent Hackers

You can take several steps to deter hackers and protect your Smart TV.

  • Update firmware and patches regularly.
  • Utilize the firewalls on your Smart TV and network router.
  • Perform regular malware scans.
  • Check for data-mining language in your TV’s manual, features or settings. Turn off or disable any data sharing permissions if possible.
  • Separate your device networks. Use one for your Smart TV and another for other devices so a hacker can’t access all your internet-connected devices.
  • Exercise caution when browsing the internet. Consider reserving your TV for entertainment purposes, and use your secure smartphone or computer to browse the internet, perform online banking tasks or shop.
  • Inspect instant messages that pop up on your TV screen. Only open messages from reputable and reliable sources.
  • Cover the camera. A piece of tape or paper prevents a third party from accessing the TV’s camera and spying on you and your family.
  • Disconnect the internet. When your Smart TV is not in use, disconnect it from the internet so hackers cannot access the device.
  • Discuss ways you can secure your specific Smart TV with its manufacturer.
  • Purchase cyber insurance. It can protect you if your preventative efforts fail and a hacker uses your personal information, data or TV for unlawful purposes.

You can protect your new Smart TV from hackers when you take these preventative measures. They protect your personal information, secure your new device and protect you and your family.

Ten Loss Control Tips to Keep Your Work Laptop Safe

By Cyber Security Awareness

The growing trend of staying competitive by using the mobility and freedom provided by technology can often be a double-edged sword. Although taking your show on the road to off-site business meetings is a lot more efficient and easier when everything you need to make an eye-catching presentation is right there on the laptop, the mobility of technology does open the door to losses from theft.

Here are some simple loss prevention practices that employees can adopt to ensure their laptop stays safe and secure at and away from their worksite:

    • Carry the laptop in a case that doesn’t standout or scream expensive technology with logos or emblems. The idea is that only the carrier knows the case contains a computer. To bystanders, the case could be full of useless papers or files.
    • When traveling, use the hotel safe to store your computer. Never leave an unattended computer in a hotel room. Hotels usually warn customers that they aren’t responsible for valuables left inside rooms. And, don’t think that a locked room door is a sufficient safeguard. Maid services routinely leave rooms wide open as they’re being cleaned, meaning a passer could easily swipe your computer while the maid is busy cleaning the bathroom.
    • Never leave a laptop on the seats or otherwise in plain view in a vehicle, even a locked vehicle. Trunks are also a highly-targeted area for thieves, as many assume this is where most people will try to secure their valuables. Whenever possible, take the computer with you or leave it in a more secure locked location.
    • Make sure that your laptop will be secure during breaks if you’re at an off-site meeting. Ask if the various entrances and exits will be locked during breaks and then observe to make sure the room is indeed secure before leaving your laptop. If any question, then carry your laptop with you.
    • Avoid checking your laptop as luggage during flights. There’s too much opportunity for it to be stolen or damaged. Remove the laptop from its carrying case and give it to the guard before you go through the airport security metal detectors.
    • Write down the serial number, make, and model of your laptop and keep this information separate from your laptop.
    • Even in your own office, you need to make sure that you store your laptop in a secure location when you aren’t using it, take lunch, or need to run to another area of the building. A good rule is to lock up your computer if you can’t directly see it from your location.
    • Of course, the physical computer isn’t the only loss you can suffer. Keep a regular data backup schedule to prevent lost data due to equipment failure. It’s also prudent to minimize how much intellectual property or proprietary data is stored in the hard drive.
    • Have a password system (preferably two-tiers) or a data encryption feature to protect your data.
    • Lastly, you might consider asking your employer to arm your laptop with a tracking device as a last line of defense. Tracking devices for computers operate much like a LoJack system does on your car. Once the software is installed on the computer, it will run in the background without you even knowing it’s there. Meanwhile, the program routinely reports the IP address your computer is using and who logged into it to the security company. In the event you report your laptop stolen, the security company can remotely change how frequently the above information is fed to them. Unbeknownst to the thief, the security company is tracking his/her location every time the computer goes onli

Tips to Combat Email Phishing Attacks

By Cyber Security Awareness

As many as one in five office workers fall prey to phishing incidents, but 14 percent of office workers don’t recognize phishing attacks. Learn more about phishing and how to combat attacks on your personal or company email.

What is Phishing?

Phishing is a scam that cybercriminals use to gain access to sensitive information. It often occurs via email. The cybercriminal will send you an email that looks official but actually includes spyware, malware or other malicious software. When you open the link or download the file from the email, the criminals can access confidential information like bank account information, your social security number and other data. In many cases, you never know that your information has been compromised.

How to Recognize a Phishing Email

Phishing emails are designed to look authoritative so that you will open them and give the cybercriminal access to your computer. While these emails often look like they’re from a real company, you can usually recognize them via five signs.

    • Sender Address

      Before opening any email, look at the sender’s address. It may look similar to the official company’s address but could be slightly off. For example, it may use dot-net instead of dot-com or include a small spelling error like micrsoft or mircosoft.

    • Graphics

      Cybercriminals do a great job of imitating the graphics of popular companies. However, the logo, colors or design may be slightly off in a small way.

    • Spelling and Grammar Errors

      Most companies and organizations employ a team of copywriters who write professional content that’s typically error-free. Emails with spelling or grammar errors, are possibly phishing schemes.

    • Links

      Email links are a cybercriminal’s primary phishing tool. You can hover your mouse over any links and verify that it matches the address of the email’s sender, a sign that the link is safe.

    • Threats

      Cybercriminals use threats and fear to manipulate consumers. They may say that you will lose money, face criminal charges or suffer another devastating consequence if you don’t open the email. In most cases, these threats are meant to incite fear and get you to comply with their complicit wishes.

Steps That Protect Your Email

You can’t prevent cybercriminals from targeting you. However, you can take steps to protect yourself.

  • Install spam filters and virus scans.
  • Learn to recognize phishing emails.
  • Only open email links from verified and trusted sources.
  • Delete any emails that look suspicious.
  • Train coworkers and associates to recognize phishing threats.
  • Purchase cyber insurance that protects you if you are a victim of phishing.

You can’t stop cybercriminals from targeting your email, but you can use these tips to protect yourself and your data.

MOBILE WORKERS + MOBILE PHONES: ARE YOU PREPARED?

By Cyber Security Awareness

If you supply your workers with company cell phones, laptops, BlackBerries, iPads, or other portable devices, and a worker is injured using the device when doing company business off site or off the clock, you could face a costly Workers Compensation claim.

The increasing use of mobile devices in the workplace is challenging traditional notions of work-related mishaps, creating a significant risk-management exposure for businesses.

Picture a woman in her car on the way to work. She has a laptop open on the passenger seat, a GPS on her windshield, another portable device open on the dashboard, a smart phone in her hand, and earphones in her ears, when she runs off the road and suffers a broken leg. Or picture a man walking down the street after he leaves the office. He’s so engrossed in checking work e-mail and texting on his BlackBerry that he’s oblivious to a crosswalk, stumbles when he hits the curb, falls, and is hit by a car. Both of these people might easily argue that their injuries were work-related.

Before the explosive growth of telecommuting and mobile devices, most employees worked in a defined physical location during a specified time. In 2009, 17.2 million Americans worked from home – a number that’s projected to double by the end of 2012. With mobile devices, people can (and increasingly do) work from: their houses, cars, clients’ locations, subways, libraries, bars, airports, parks – even at the beach; a survey by contact manager program Xobni showed that 59% of Americans check their work e-mail while on vacation.

Many of these workers believe that management expects, or encourages, this type of behavior. Even if this isn’t the case, your business could have some responsibility for incidents resulting from it – just as you might in harassment situations

The solution: Ask yourself how much risk your business is willing to accept by delivering these mobile devices to employees in the hope of growing productivity. Then work with your human relations department to set “best practices” rules that define the scope and use of this technology away from the workplace – to create a culture that balances your employees’ professional responsibilities with their personal lives. This can present a serious challenge, especially with younger, tech-savvy employees who tend to blur the personal and the professional by using social media on the job, while checking on their work when they’re away from the office.

To learn more about how to protect yourself from this exposure please feel free to get in touch with our risk management professionals.

How to File a Cyber Insurance Claim

By Cyber Security Awareness
When your data is stolen or compromised, you will be grateful for your cyber insurance. It helps you regain control of your identity and handle any financial repercussions of the theft. It’s not enough to buy insurance, though. You also need to know the steps to take in case you ever need to file a claim.

    • Call Your Insurance Agent

      After your data is compromised, you must take action right away. Contact the company that issued your cyber insurance policy and explain the details about what happened – what information was stolen, which website was involved and when it happened. Find your agent’s contact information on your policy.

    • Contact Other Insurance Companies

      In addition to the company that holds your cyber insurance policy, contact other insurance companies. For example, if your laptop containing all your financial documents was stolen, you may be able to file a homeoners’ insurance claim.

    • Prepare for the Investigation

      The insurance company will now start an investigation into your claim. Depending on the size of your claim, the investigation process may be rather lengthy and could include forensic analysis and a legal process.

    • Provide Data to Forensic Analysts

      Forensic specialists are experts at detecting and handling data breaches. If necessary in your case, they will discover the technical details of the data breach.

    • Check Out the Response Plan

      A response plan outlines how the breach will be handled. It includes:

      • Credit monitoring
      • Data recovery
      • Implementation of protective measures
    • Your insurance agent will provide details about the response plan, so stay in contact to ensure you remain updated.

    • Read Your Coverage Letter

      After you report a data breach to your insurance company, they will prepare and send you a coverage letter that outlines the details of your specific coverage. Read the letter carefully and clarify anything you don’t understand.

    • Monitor Costs

      Paying for a data breach can be expensive and could exceed your insurance policy coverage limits. Discuss any financial responsibility with your insurance company.

    • Understand the Legal Process

      Your claim may involve a legal battle as you perform mediation, negotiate a settlement or file a claim in court. If this situation applies to you, ask your insurance company for a list of approved defense lawyer or discern if you can hire an off-panel attorney. Your legal counsel should have experience handling data breach claims and guiding you through the legal process.

 A data breach disrupts your life and can be challenging to handle. Your cyber insurance can help you navigate this challenge successfully, so understand the steps you need to take as you file a claim.

What is a Credit Report Freeze?

By Cyber Security Awareness

In early September, the credit reporting agency Equifax announced a significant data breach. Hackers were able to access the names, birth dates, Social Security numbers and addresses of 143 million consumers, which put their identity and credit at risk. A credit report freeze is one protective measure Equifax recommended. Every consumer, including you, should understand this protective measure as you protect your data, identity and credit.

What is a Credit Report Freeze?

A credit report freeze allows you to restrict who can access your credit report. When a freeze is in place, only certain professional entities can see your information, and it’s less likely that an identity theft can access your data.

Ways a Credit Report Freeze Affects You

When you place a credit report freeze on your account, it affects you in several ways.

1. It prevents certain entities from accessing your credit report. This includes potential employers, mortgage companies and car dealers.

2. Existing creditors and any debt collection agencies they hire and government agencies responding to a court order or subpoena may continue to access your credit report.

3. You can continue to access your free annual credit report.

4. It does not affect your credit score.

5. You will continue to receive prescreened credit offers for credit or insurance. Call 888-5OPTOUT (888-567-8688) or go online to optoutprescreen.com if you wish to stop receiving these offers.

How to Place a Credit Report Freeze

Contact the three nationwide credit reporting companies to freeze your credit report.

To place a freeze, you must provide your name, birth date, Social Security number, address and other personal information. You will also have to pay a fee. It typically ranges from $5 to $10 but varies based on where you live.

How to Know if Your Credit Report Freeze is Successful

After placing a credit report freeze, you will receive a confirmation letter from the credit reporting company. It includes a unique password or PIN you will need if you ever choose to lift the freeze.

How to Lift a Credit Report Freeze

Your credit report freeze remains in place indefinitely. However, you may want to lift it so you can apply for a job or credit. To do that, simply contact the credit reporting company to request a lift. You will provide your password or PIN, pay a fee that varies by state and indicate if you want a temporary or permanent lift.

A credit report freeze can protect your personal data and identity. Consider monitoring your bank, insurance and credit card statements, though, too, and purchase cyber liability insurance as a further protective measure.

Fight Back Against Cyber Crime

By Cyber Security Awareness

How secure are your business assets? According to the Association of Certified Fraud Examiners (ACFE), companies with less than 100 employees lose an average of $155,000 a year to fraud. Small businesses also have a higher fraud rate than larger firms and non-business owners.

Don’t be a victim! To help protect your business against losses from scam artists and cybercriminals, security experts recommend taking these precautions.

Separate personal banking and credit cards from your business accounts to ensure that scam artists don’t get their hands on all your money; this will also make it easier to track business expenses and tax deductions. Pay bills online or make sure to store paper bills securely.

Invest in a firewall as well as anti-virus protection, and spyware- malware detection software Provide offsite backup to keep your business up and running after a cyberattack.

Secure your IT infrastructure by using a dedicated computer for all online financial transactions. If possible, avoid using it for other online activities (such as social media, email and web-surfing) which can open the system to cyberthieves.

Make sure that passwords are complex (with one upper-case letter, one number and at least eight characters), have them changed regularly, and assign different passwords for separate accounts.

Hold regular training sessions for all staff on basic security threats and prevention measures.

Use background checks for all employees who handle cash or high-value merchandise or have access to sensitive data.

Buy insurance to protect your small business against losses from fraud or cybercrime.

We’d be happy to tailor coverage to your needs – at a price you can afford. Just give us a call.

Choose A Secure Password With 11 Tips

By Cyber Security Awareness

Celebrate National Cyber Security Awareness month with strong passwords. They protect your information from cybercriminals and keep you safe as you use the internet.

1. Use a combination of letters, numbers and symbols.

The best keywords are difficult to guess, so use a combination of lowercase and uppercase letters, numbers and symbols.

2. Use at least eight characters.

Longer passwords are more difficult to guess, so aim to make all your passwords at least eight characters long.

3. Avoid common words.

It’s amazing how many people set common words like “qwerty” or “12345” as their passwords. You secure your accounts when you use more challenging passwords.

4. Opt for unique phrases.

Single-word passwords are easy for hackers to crack with their dictionary software. Phrases like “I like ham sandwiches” or “the dog ate my homework” are more challenging to hack. Consider misspelling phrases, too, and replace letters with numbers or symbols or abbreviate words. Examples include ilIkeh@msandw!ches or tHed@g8myhomew*rk.

5. Avoid using your name or familiar numbers.

Hackers can easily find information about your life and use those details to hack into the websites you use. Never use your:

  • Name, including nickname or maiden name
  • Birth date
  • Social Security number
  • Street address
  • Family members’ names or birthdates
  • Pets’ names
  • Address, current or former

6. Don’t reuse passwords.

When you change your password, pick a unique password that you’ve never used on any site.

7. Give every site a different password.

Use the same password for multiple sites, and you invite a hacker to access all your information. Instead, use a different password for every site. A password manager can help you remember all your different passwords.

8. Use a two-factor authentication.

A two-factor authentication or 2FA increases your log-in security. It typically includes your password and a PIN, code, fingerprint or voiceprint.

9. Don’t save your passwords.

Browsers typically prompt you to save passwords. Always click no. Someone could gain access to your device and then log into websites using your saved passwords.

10. Log out of websites and devices.

After using a website or device, log out. This step reduces the chances of someone logging onto your device and gaining access the sites you used.

11. Change your passwords often.

At least once a month or more often for bank or social media sites, change the password. Set a reminder alarm on your phone’s calendar if necessary.

Celebrate National Cyber Security Awareness month by securing all your passwords. When you secure your passwords, you make it more challenging for cybercriminals to steal your personal information. For additional safety tips and details about cyber insurance, talk to your insurance agent today.

What Is A Data Breach?

By Cyber Security Awareness

You’ve probably heard the term “data breach,” but do you really understand what it is? Make time now to learn more details about a data breach, including what you can do to protect yourself.

Data Breach Defined

A data breach, data leak or data spill is defined as an incident when protected, sensitive or confidential data is viewed, used or stolen by someone who does not have authority to access that data.

The term typically describes a breach that occurs online over the internet. However, it also includes laptop thefts or reading physical files.

During a breach, affected data can include:

  • Non-sensitive or sensitive personally identifiable information (PII) – address, age, or Social Security number
  • Personal health information (PHI) – medical history, lab test results and insurance information
  • Intellectual property
  • Trade secrets

How Does a Data Breach Occur?

Anyone can be affected by a data breach, and it can happen in several ways.

  1. Thieves intercept unencrypted data.
  2. Hackers gain access to files over weak or unsecured computer networks.
  3. Someone with access to personal information sells it to thieves.
  4. Your laptop, smartphone or other electronic device is misplaced or stolen.
  5. A hacker gathers the personal data you share over unsecured websites.
  6. Phishing schemes entice you to share your data with criminals.
  7. You send sensitive information through social media.
  8. Physical files or hard copies of information are stolen.
  9. Someone videotapes an employee who enters data into the computer.

What Happens After a Data Breach?

When your data is used, viewed or stolen, it can affect you in several ways.

  • The criminal could access your financial accounts.
  • Someone could impersonate you and open credit accounts or apply for car, house or personal loans in your name.
  • The thief could log into your work account and gather secret information about your company.

Protection from a Data Breach

Numerous regulations dictate how employers, medical providers and others can use your data. For example, the Health Insurance Portability and Accountability Act (HIPAA) regulates access to your PHI, and the Payment Card Industry Data Security Standard defines who can access and use your sensitive PII.

These protections aren’t always enough, though. You should also take several steps to protect your data.

  • Secure your devices with passwords.
  • Use a different and challenging password for each log-in.
  • Encrypt sensitive personal and work data.
  • Share personal information, including your credit card number, on secure sites.
  • Do not open links from untrusted sources.
  • Update software often.
  • Subscribe to a data breach monitoring service.
  • Purchase cyber liability insurance

A data breach can affect your life now and well into the future. Take steps today to protect yourself.