Cyber Security: A Continuing Threat … Are You Prepared?

Computer

Cryptomining. Ransomware. Business email compromise. Spear phishing. This is the new language of business risk. Whether it’s a massive data breach that exposes customer information like the Marriott incident reported in November 2018, or an automated ransomware attack that extorts bitcoin payments from a medi-spa owner, the cybercrime wave continues to swell as the cybercrime economy becomes more sophisticated.

The threat of cyber attacks continues to top the list of executive concerns around the globe. According to the latest survey by The Conference Board, US-based CEO’s rank cybersecurity as their number one concern.¹

Here’s one example why …
According to the 2018 Verizon Data Breach Investigations Report, 58 percent of all cyberattacks targeted small businesses.² Costs to respond and recover from these attacks averaged almost $385,000. While the nature and extent of attacks on small business vary greatly, 67 percent of SMBs experienced a cyberattack and 58 percent experienced a data breach in the last 12 months.

Are you still thinking this won’t affect your business? Ask yourself these questions:

  • Do your employees use computers and email?
  • Do you accept online payments?
  • Do you collect personal information from your clients?
  • Do your vendors have proper cyber security coverage to protect your business interests?

The answers to these questions help determine if your business is at risk …

Business owners are beginning to take the next step to protect their assets by adding cyber security coverage to their policies. This coverage can reimburse your out-of-pocket expenses, such as IT services for data recovery, forensics investigations, notification costs, credit-monitoring services, legal costs and business interruption.

Here are some tips on what to do in various situations to help mitigate the impact:

Ransomware infection

  • Isolate infected computer from all networks (by unplugging network cable and/or turning off WiFi)
  • Take picture of ransomware message (if possible)
  • Do not immediately rebuild your system (you might destroy important forensic evidence)
  • Regularly back up all critical data and store offsite

Phishing email attack

  • Change password (strong and unique passphrase)
  • Forward email to IT
  • Enable Multi Factor Authentication
  • Learn how to recognize a phishing email

Malware infection

  • Remove malware
  • Scan network for any other unauthorized files and user accounts
  • Install anti-virus software and keep updated

Email compromise

  • Change password (strong and unique passphrase)
  • Enable Multi Factor Authentication

Unauthorized files or user accounts on server or client

  • Close Remote Desktop Protocol (RDP) ports
  • Change passwords (strong and unique passphrase)
  • Enable Multi Factor Authentication
  • Use VPN for remote access

Mistaken wire transfer

  • Call bank and report details
  • Attempt to halt transfer

¹The Conference Board, “C-Suite Challenge 2019,” January 2019.
² Verizon, Data Breach Investigations Report, 2018
This is an excerpt from NAS Insurance’s 2019 Cyber Claims Digest: An Analysis of 2018 Cyber Claims Data