1500 Lake Shore Drive, Suite 400, Columbus, OH 43204
614.481.4300
Category

Cyber Security Awareness

MOBILE WORKERS + MOBILE PHONES: ARE YOU PREPARED?

By Cyber Security Awareness | No Comments

If you supply your workers with company cell phones, laptops, BlackBerries, iPads, or other portable devices, and a worker is injured using the device when doing company business off site or off the clock, you could face a costly Workers Compensation claim.

The increasing use of mobile devices in the workplace is challenging traditional notions of work-related mishaps, creating a significant risk-management exposure for businesses.

Picture a woman in her car on the way to work. She has a laptop open on the passenger seat, a GPS on her windshield, another portable device open on the dashboard, a smart phone in her hand, and earphones in her ears, when she runs off the road and suffers a broken leg. Or picture a man walking down the street after he leaves the office. He’s so engrossed in checking work e-mail and texting on his BlackBerry that he’s oblivious to a crosswalk, stumbles when he hits the curb, falls, and is hit by a car. Both of these people might easily argue that their injuries were work-related.

Before the explosive growth of telecommuting and mobile devices, most employees worked in a defined physical location during a specified time. In 2009, 17.2 million Americans worked from home – a number that’s projected to double by the end of 2012. With mobile devices, people can (and increasingly do) work from: their houses, cars, clients’ locations, subways, libraries, bars, airports, parks – even at the beach; a survey by contact manager program Xobni showed that 59% of Americans check their work e-mail while on vacation.

Many of these workers believe that management expects, or encourages, this type of behavior. Even if this isn’t the case, your business could have some responsibility for incidents resulting from it – just as you might in harassment situations

The solution: Ask yourself how much risk your business is willing to accept by delivering these mobile devices to employees in the hope of growing productivity. Then work with your human relations department to set “best practices” rules that define the scope and use of this technology away from the workplace – to create a culture that balances your employees’ professional responsibilities with their personal lives. This can present a serious challenge, especially with younger, tech-savvy employees who tend to blur the personal and the professional by using social media on the job, while checking on their work when they’re away from the office.

To learn more about how to protect yourself from this exposure please feel free to get in touch with our risk management professionals.

How to File a Cyber Insurance Claim

By Cyber Security Awareness | No Comments
When your data is stolen or compromised, you will be grateful for your cyber insurance. It helps you regain control of your identity and handle any financial repercussions of the theft. It’s not enough to buy insurance, though. You also need to know the steps to take in case you ever need to file a claim.

    • Call Your Insurance Agent

      After your data is compromised, you must take action right away. Contact the company that issued your cyber insurance policy and explain the details about what happened – what information was stolen, which website was involved and when it happened. Find your agent’s contact information on your policy.

    • Contact Other Insurance Companies

      In addition to the company that holds your cyber insurance policy, contact other insurance companies. For example, if your laptop containing all your financial documents was stolen, you may be able to file a homeoners’ insurance claim.

    • Prepare for the Investigation

      The insurance company will now start an investigation into your claim. Depending on the size of your claim, the investigation process may be rather lengthy and could include forensic analysis and a legal process.

    • Provide Data to Forensic Analysts

      Forensic specialists are experts at detecting and handling data breaches. If necessary in your case, they will discover the technical details of the data breach.

    • Check Out the Response Plan

      A response plan outlines how the breach will be handled. It includes:

      • Credit monitoring
      • Data recovery
      • Implementation of protective measures
    • Your insurance agent will provide details about the response plan, so stay in contact to ensure you remain updated.

    • Read Your Coverage Letter

      After you report a data breach to your insurance company, they will prepare and send you a coverage letter that outlines the details of your specific coverage. Read the letter carefully and clarify anything you don’t understand.

    • Monitor Costs

      Paying for a data breach can be expensive and could exceed your insurance policy coverage limits. Discuss any financial responsibility with your insurance company.

    • Understand the Legal Process

      Your claim may involve a legal battle as you perform mediation, negotiate a settlement or file a claim in court. If this situation applies to you, ask your insurance company for a list of approved defense lawyer or discern if you can hire an off-panel attorney. Your legal counsel should have experience handling data breach claims and guiding you through the legal process.

 A data breach disrupts your life and can be challenging to handle. Your cyber insurance can help you navigate this challenge successfully, so understand the steps you need to take as you file a claim.

What is a Credit Report Freeze?

By Cyber Security Awareness | No Comments

In early September, the credit reporting agency Equifax announced a significant data breach. Hackers were able to access the names, birth dates, Social Security numbers and addresses of 143 million consumers, which put their identity and credit at risk. A credit report freeze is one protective measure Equifax recommended. Every consumer, including you, should understand this protective measure as you protect your data, identity and credit.

What is a Credit Report Freeze?

A credit report freeze allows you to restrict who can access your credit report. When a freeze is in place, only certain professional entities can see your information, and it’s less likely that an identity theft can access your data.

Ways a Credit Report Freeze Affects You

When you place a credit report freeze on your account, it affects you in several ways.

1. It prevents certain entities from accessing your credit report. This includes potential employers, mortgage companies and car dealers.

2. Existing creditors and any debt collection agencies they hire and government agencies responding to a court order or subpoena may continue to access your credit report.

3. You can continue to access your free annual credit report.

4. It does not affect your credit score.

5. You will continue to receive prescreened credit offers for credit or insurance. Call 888-5OPTOUT (888-567-8688) or go online to optoutprescreen.com if you wish to stop receiving these offers.

How to Place a Credit Report Freeze

Contact the three nationwide credit reporting companies to freeze your credit report.

To place a freeze, you must provide your name, birth date, Social Security number, address and other personal information. You will also have to pay a fee. It typically ranges from $5 to $10 but varies based on where you live.

How to Know if Your Credit Report Freeze is Successful

After placing a credit report freeze, you will receive a confirmation letter from the credit reporting company. It includes a unique password or PIN you will need if you ever choose to lift the freeze.

How to Lift a Credit Report Freeze

Your credit report freeze remains in place indefinitely. However, you may want to lift it so you can apply for a job or credit. To do that, simply contact the credit reporting company to request a lift. You will provide your password or PIN, pay a fee that varies by state and indicate if you want a temporary or permanent lift.

A credit report freeze can protect your personal data and identity. Consider monitoring your bank, insurance and credit card statements, though, too, and purchase cyber liability insurance as a further protective measure.

Fight Back Against Cyber Crime

By Cyber Security Awareness | No Comments

How secure are your business assets? According to the Association of Certified Fraud Examiners (ACFE), companies with less than 100 employees lose an average of $155,000 a year to fraud. Small businesses also have a higher fraud rate than larger firms and non-business owners.

Don’t be a victim! To help protect your business against losses from scam artists and cybercriminals, security experts recommend taking these precautions.

Separate personal banking and credit cards from your business accounts to ensure that scam artists don’t get their hands on all your money; this will also make it easier to track business expenses and tax deductions. Pay bills online or make sure to store paper bills securely.

Invest in a firewall as well as anti-virus protection, and spyware- malware detection software Provide offsite backup to keep your business up and running after a cyberattack.

Secure your IT infrastructure by using a dedicated computer for all online financial transactions. If possible, avoid using it for other online activities (such as social media, email and web-surfing) which can open the system to cyberthieves.

Make sure that passwords are complex (with one upper-case letter, one number and at least eight characters), have them changed regularly, and assign different passwords for separate accounts.

Hold regular training sessions for all staff on basic security threats and prevention measures.

Use background checks for all employees who handle cash or high-value merchandise or have access to sensitive data.

Buy insurance to protect your small business against losses from fraud or cybercrime.

We’d be happy to tailor coverage to your needs – at a price you can afford. Just give us a call.

Choose A Secure Password With 11 Tips

By Cyber Security Awareness | No Comments

Celebrate National Cyber Security Awareness month with strong passwords. They protect your information from cybercriminals and keep you safe as you use the internet.

1. Use a combination of letters, numbers and symbols.

The best keywords are difficult to guess, so use a combination of lowercase and uppercase letters, numbers and symbols.

2. Use at least eight characters.

Longer passwords are more difficult to guess, so aim to make all your passwords at least eight characters long.

3. Avoid common words.

It’s amazing how many people set common words like “qwerty” or “12345” as their passwords. You secure your accounts when you use more challenging passwords.

4. Opt for unique phrases.

Single-word passwords are easy for hackers to crack with their dictionary software. Phrases like “I like ham sandwiches” or “the dog ate my homework” are more challenging to hack. Consider misspelling phrases, too, and replace letters with numbers or symbols or abbreviate words. Examples include ilIkeh@msandw!ches or tHed@g8myhomew*rk.

5. Avoid using your name or familiar numbers.

Hackers can easily find information about your life and use those details to hack into the websites you use. Never use your:

  • Name, including nickname or maiden name
  • Birth date
  • Social Security number
  • Street address
  • Family members’ names or birthdates
  • Pets’ names
  • Address, current or former

6. Don’t reuse passwords.

When you change your password, pick a unique password that you’ve never used on any site.

7. Give every site a different password.

Use the same password for multiple sites, and you invite a hacker to access all your information. Instead, use a different password for every site. A password manager can help you remember all your different passwords.

8. Use a two-factor authentication.

A two-factor authentication or 2FA increases your log-in security. It typically includes your password and a PIN, code, fingerprint or voiceprint.

9. Don’t save your passwords.

Browsers typically prompt you to save passwords. Always click no. Someone could gain access to your device and then log into websites using your saved passwords.

10. Log out of websites and devices.

After using a website or device, log out. This step reduces the chances of someone logging onto your device and gaining access the sites you used.

11. Change your passwords often.

At least once a month or more often for bank or social media sites, change the password. Set a reminder alarm on your phone’s calendar if necessary.

Celebrate National Cyber Security Awareness month by securing all your passwords. When you secure your passwords, you make it more challenging for cybercriminals to steal your personal information. For additional safety tips and details about cyber insurance, talk to your insurance agent today.

What Is A Data Breach?

By Cyber Security Awareness | No Comments

You’ve probably heard the term “data breach,” but do you really understand what it is? Make time now to learn more details about a data breach, including what you can do to protect yourself.

Data Breach Defined

A data breach, data leak or data spill is defined as an incident when protected, sensitive or confidential data is viewed, used or stolen by someone who does not have authority to access that data.

The term typically describes a breach that occurs online over the internet. However, it also includes laptop thefts or reading physical files.

During a breach, affected data can include:

  • Non-sensitive or sensitive personally identifiable information (PII) – address, age, or Social Security number
  • Personal health information (PHI) – medical history, lab test results and insurance information
  • Intellectual property
  • Trade secrets

How Does a Data Breach Occur?

Anyone can be affected by a data breach, and it can happen in several ways.

  1. Thieves intercept unencrypted data.
  2. Hackers gain access to files over weak or unsecured computer networks.
  3. Someone with access to personal information sells it to thieves.
  4. Your laptop, smartphone or other electronic device is misplaced or stolen.
  5. A hacker gathers the personal data you share over unsecured websites.
  6. Phishing schemes entice you to share your data with criminals.
  7. You send sensitive information through social media.
  8. Physical files or hard copies of information are stolen.
  9. Someone videotapes an employee who enters data into the computer.

What Happens After a Data Breach?

When your data is used, viewed or stolen, it can affect you in several ways.

  • The criminal could access your financial accounts.
  • Someone could impersonate you and open credit accounts or apply for car, house or personal loans in your name.
  • The thief could log into your work account and gather secret information about your company.

Protection from a Data Breach

Numerous regulations dictate how employers, medical providers and others can use your data. For example, the Health Insurance Portability and Accountability Act (HIPAA) regulates access to your PHI, and the Payment Card Industry Data Security Standard defines who can access and use your sensitive PII.

These protections aren’t always enough, though. You should also take several steps to protect your data.

  • Secure your devices with passwords.
  • Use a different and challenging password for each log-in.
  • Encrypt sensitive personal and work data.
  • Share personal information, including your credit card number, on secure sites.
  • Do not open links from untrusted sources.
  • Update software often.
  • Subscribe to a data breach monitoring service.
  • Purchase cyber liability insurance

A data breach can affect your life now and well into the future. Take steps today to protect yourself.

Steps To Take If Your Identity Is Stolen

By Cyber Security Awareness | No Comments

Identity theft affects over 17 million people every year reports the Bureau of Justice Statistics. While you hope it doesn’t happen to you, these steps can help you take action if you are an identity theft victim.

Take action immediately.

As soon as you think your identity is stolen, take action. The situation will only get worse if you wait to correct it.

Create a log.

In a notebook or on your phone, create a log that tracks every phone call, letter or email you send. Record the dates and times of the communication and the person to whom you speak. You’ll need this record to prove that you’re taking action to address the identity theft.

Contact the three credit bureaus.

Ask the three credit bureaus to put a fraud alert on your accounts.

Review your credit reports.

Check your credit reports carefully. Verify that your personal information is correct then look for any inquiries, open accounts or delinquencies that you did not initiate. Report suspicious activity to the credit bureau immediately.

File a Federal Trade Commission report.

When you report identity theft to the FTC at www.identitytheft.gov or 1-877-ID-THEFT (438-4338), you receive a personalized guide that helps you recover your identity. They also provide you with important forms for creditors and the police.

File a police report.

Identity theft is a crime, so report it to the police. Provide as much evidence of the theft as you can, and keep a copy of the police report to show your creditors.

Contact other organizations if necessary.

If you think your Social Security number or passport is compromised, contact the appropriate organizations.

Close compromised accounts.

Scan your bank and credit card statements, including dormant accounts, for suspicious or fraudulent activity. Alert the financial institution right away if you spot problems, and ask them to lock or close your account.

Open new accounts.

You must continue to pay bills after your identity is stolen, so open new bank and credit card accounts. For each account, choose unique PINs and passwords.

Deal with debt collectors.

You may receive notices from debt collectors about outstanding bills. Call them and send a letter that indicates you are an identity theft victim and not responsible for unpaid bills. Include any related documentation, such as the police report. Ask the debt collector to confirm in writing when the collection account is closed.

Identity theft is challenging to handle and disrupts your life. If you’re a victim, take these steps.

Workplace Cyber Risks

By Cyber Security Awareness | No Comments

The federal Internet Crime Complaint Center received more than 330,000 complaints in 2009, and more than a third of them ended up in the hands of law enforcement. The damages from those referred to the authorities totaled more than a half billion dollars. The Government Accountability Office estimated that cyber crime cost U.S. organizations $67.2 billion in 2005; that number has likely increased since then.

With so much of business today done electronically, organizations of all types are highly vulnerable to theft and corruption of their data. It is important for them to identify their loss exposures, possible loss scenarios, and prepare for them.

Some of the questions they should ask include:

What types of property are vulnerable? 

The organization should consider property it owns, leases, or property of others it has in its custody.

Some examples:

  • Money, both the organization’s own funds and those it holds as a fiduciary for someone else
  • Customer or member lists containing personally identifiable information, account numbers, cell phone numbers, and other non-public information
  • Personnel records
  • Medical insurance records
  • Bank account information
  • Confidential memos and spreadsheets
  • E-mail
  • Software stored on web servers

Different types of property will be susceptible to various threats, such as embezzlement, extortion, viruses, and theft.

What loss scenarios could occur?

The organization needs to prepare for events such as:

  • A fire destroys large portions of the computer network, including the servers. Operations cease until the servers can be replaced and reloaded with data.
  • A computer virus infects a workstation. The user of that computer unknowingly spreads it to everyone in his workgroup, crippling the department during one of the year’s peak periods.
  • The accounting department discovers a pattern of irregular small funds transfers to an account no one has ever heard of. The transfers, which have been occurring for almost three months, were small enough to avoid attracting attention. They total more than $10,000.
  • A vendor’s employee strikes up a casual conversation at a worker’s cubicle and stays long enough to memorize the worker’s computer password, written on a post-it note stuck to her monitor. Two weeks later, technology staff discovers that an offsite computer has accessed the human resources database and viewed Social Security numbers, driver’s license numbers, and other personal information.

In addition to taking steps to prevent these things from happening, the organization should consider buying a Cyber insurance policy. Several insurance companies now offer this coverage; although no standard policy exists yet, the policies share some common features. They usually cover property or data damage or destruction, data protection and recovery, loss of income when a business must suspend operations due to data loss, extra expenses necessary to maintain operations following a data event, data theft, and extortion.

However, each company might define these coverages differently, so reviewing the terms and conditions of a particular policy is crucial. Choosing an appropriate amount of insurance is difficult because there is no easy way to measure the exposure in advance. Consultation with the organization’s technology department, insurance agent and insurance company might be helpful.

Finally, all policies will carry a deductible; the organization should select a deductible level that it can afford to pay and that will provide it with a meaningful discount on the premium. Once management has a thorough understanding of the coverages various policies provide in relation to the organization’s exposures, it can fairly compare the costs of the policies and make an informed choice.

Computer networks are a necessary part of any organization’s environment today. Loss prevention and reduction techniques, coupled with sound insurance protection at a reasonable cost, will enable an organization to get through a cyber loss event.

Downloading Software Safely

By Cyber Security Awareness | No Comments

Getting new software for the office can be a trying process. Top quality programs like Photoshop can be prohibitively expensive for a small business when you need to outfit your whole office, and the free stuff is a bit of a crap shoot. Obviously, we have to recommend against pirating. Individuals using Sony Vegas or Adobe Illustrator without a license aren’t really taking a huge risk, but releasing professional work with pirated software is a recipe for a lawsuit that will wind up costing you quite a bit more than the licensing fees would have.

But then, the free and cheap alternatives bring their own risks. Check out some people’s Firefox and Google Chrome browsers and you’ll see about an inch of browser space and twelve inches of search bars, task bars and plugins. This is a problem you encounter when you’re not too picky about where you’re getting your free software. The problem is that it’s more or less legal to take any piece of open source software and add a ton of stuff to the install process that the user doesn’t need. They don’t even need to include viruses and adware if you’re actually choosing to do the auto-install without deselecting all the bloatware that comes with it.

If you can get your free software directly from the official website, then that’s always the best option. Unfortunately, sometimes the official website is long gone, in which case you will want to check some forums to see if anyone has posted a legit copy to a file sharing site.

A lot of torrents for pirated software carry viruses, spamware, adware and spybots, which is another reason why they can ultimately cost you in the long run. Getting a virus off of your laptop isn’t such a big deal. Getting a virus off of every laptop in your office, and out of all the software you’ve been distributing yourself, that’s another story.

If you see someone sharing freeware on social media, just don’t click the link unless the post comes from a verified account. People love to spread infected shareware and freeware on Twitter, Facebook and Youtube.

Basically it comes down to doing your research and getting your software from as close to the source as possible. Keep your security software up to date, don’t trust random links or Youtube spam, and don’t just click on the first download you see.

Preventing Cybercrimes

By Cyber Security Awareness | No Comments

Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security.

They believe that people who rob with a mouse and a keyboard rather than a gun target large corporations, because those businesses have the most money. This leads them to the misguided belief that cybercriminals will not bother them. In fact, the NACHA – The Electronic Payments Association – reports that Eastern European criminal syndicates have targeted small businesses precisely because they have allowed themselves to become easy marks.

Experts in the field estimate that one in five small businesses do not use antivirus software, 60% do not encrypt data on their wireless networks, and two-thirds lack a data security plan. This failure to take precautions makes a small business easy pickings for computer hackers. However, there are several things business owners can do to protect themselves.

Use two-factor authentication. This is a mechanism that requires the user to do more than one thing for authentication. It ordinarily has two components — one thing the user knows (such as a password), the other a randomly generated number that the user must input. The number comes from an electronic token card, which generates a new number every few seconds. If the user enters a number that the system is expecting, the system will authenticate the user.

Inoculate systems against the Clampi Trojan virus. This virus resides on a computer, waiting for the user to long onto financial websites. It captures log-in and password information, relays it to servers run by the criminals, instructs the computer to send money to accounts that they control, or steals credit card information and uses it to make unauthorized purchases. The trojan monitors more than 4,500 finance-related websites.

Be on guard against “phishing” e-mails and pop-up messages. These messages purport to be from legitimate businesses with which the recipient does business. They ask the user to update or verify information, often threatening negative consequences if she fails to do so. Clicking on the links in the messages brings the user to an authentic looking Web site. However, it is actually bogus; the site collects personal information that the collector can use to steal the user’s identity. System users should ignore these messages.

Arrange for financial institutions to alert the business owner should they spot unusual activity involving the firm’s accounts. 

Install firewalls and encryption technology to block uninvited visitors from uploading to or retrieving data from the firm’s servers and to protect data sent on public networks. Intrusion detection systems can inform the business owner of attempts to hack into the network. Be cautious about opening attachments to e-mails, especially if the sender is someone unfamiliar to the user. Attachments may contain viruses or Trojan horses that can steal login information and passwords or corrupt a system.

Protect against intrusion by disgruntled former or current employees. Deactivate passwords for former employees, erect barriers to keep employees from accessing systems unrelated to their jobs, and implement sound accounting procedures for financial transactions.

In addition to these safeguards, small businesses may want to consider purchasing computer fraud and employee theft insurance. These policies will protect the business against those losses that still occur; insurance companies are likely to offer favorable pricing to businesses that take precautions against cybercrime.

One of our professional insurance agents can give advice on the appropriate types and amounts of coverage. Modern technology gives businesses unprecedented abilities, but it also presents significant risks. Every business owner must take steps to keep the cybercriminals out.