Read why your business should proactively address the real threat of a cyberattack.
Learn the role cyber security and cyber insurance play in risk management.
Cyberattacks are the fastest growing crime in the country. Every entity, organization, business, or individual that is connected to the Internet is a potential target. For those reading this, that means you. Business owners and managers concerned about their longevity should assign a high priority to cybersecurity in their risk management plans/reviews. Cyber insurance is one tool to consider incorporating into the risk management program of any size business.
Let’s begin with two alarming statistics that should blow you away: 1) 43 percent of cyberattacks target small businesses, and 2) 60 percent of small companies go out of business within six months of a cyberattack. (From the website: smallbiztrends.com, Dec 31, 2018, updated article titled “Cyber Security Statistics: Numbers Small Businesses Need to Know). Unfortunately, most small businesses are unprepared for any type of cyberattack, even those businesses that acknowledge the importance of establishing cybersecurity practices. Folks, this is a bit like watching a tornado from your rooftop and hoping you and your house will be spared.
Cyber criminals are creative, prolific, and relentless in designing schemes to deceive you or your employees. Tactics range from phone calls or emails requesting sensitive information to spoofing, spear phishing, ransomware, and beyond. Just last month (April 2019), St. Ambrose Catholic Church in Brunswick, OH, fell victim to a BEC (Business Email Compromise) scheme in which roughly $1.75 million of planned renovation payments were unwittingly wired by the church to a fraudulent bank account. It is worth noting that in terms of victim loss by total dollar amount, the FBI’s 2018 Internet Crime Report ranked BEC/EAC (Business Email Compromise/Email Account Compromise) #1 of more than 30 internet crimes.
BEC/EAC is a sophisticated scam aimed at businesses and individuals making wire payment transfers or that have access to sensitive information. Frequently, a hacker gains access to a legitimate email account and proceeds to send notifications or instructions to recipients (who could be customers, suppliers, employees) to carry out unauthorized fund transfers. BEC/EAC is being conducted with increasing frequency on businesses in the U.S. and is now the most costly internet crime in dollars. The following is a rundown of basic safeguards your business should have in place:
- Establish and enforce an IT (Information Technology) security policy. Firewalls should always be turned on, operating systems kept up to date, anti-virus software and malware maintained on individual computers, and software updates and patches made as soon as they are available.
- Back up your data. The cloud is cost effective and provides a high level of security. External hard drives and flash drives are another option. Make sure you disconnect and remove the external device following back-up so it is not subject to compromise by a hacker.
- Incorporate multi-factor authentication to reduce the possibility of unauthorized access.
- Use difficult to duplicate passwords. Use different passwords for each application to slow down or prevent a hacker from widely penetrating your system. Avoid storing passwords on your computer. Consider using a password management system with high security protocols or an external device that can be physically removed and locked away once the authorized user has gained access.
- Train and routinely refresh yourself and your employees in cyber-security measures and cyberattack trends. Continually emphasize everyone should be careful what they download to avoid infecting your system with malware or viruses.
- Regarding fund transfers: A good rule of thumb is to firmly prohibit the transfer of funds following an email request, instruction, or notification until the sender verifies either face-to-face or voice-to-voice that the email communication is indeed authentic. Be skeptical of urgent or out-of-the-ordinary email requests/instructions.
- Slow down. Be alert and use common sense, especially before releasing funds or sensitive information of any kind.
Cyber insurance is a newer product that may provide both first party and third party liability protection. It is important to consider your business’ cyber exposures and discuss concerns with your insurance agent. Do you store personally identifiable information on a computer? Do you collect and/or remit payments electronically? Does your business have a social media presence? Would a successful cyberattack threaten the viability of your business or impair it significantly? Are critical components of your business dependent on accessing or transmitting data electronically? While the forgoing questions are definitely not all-inclusive, a “yes” answer to any of them warrants considering cyber insurance as a risk management tool.
Your Trusted Choice Independent Insurance Agent at Richey-Barrett Insurance is your source for business and commercial insurance, including cyber insurance. Contact us today.