There is a lot of ‘phishing’ going on these days. As many as one in five people fall prey to phishing incidents, but over 14 percent don’t recognize these phishing attacks. Learn more about phishing and how to combat attacks on your personal or company email.
What is Phishing?
Phishing is a scam that cybercriminals use to gain access to sensitive information. It often occurs via email. The cybercriminal will send you an email that looks official but actually includes spyware, malware or other malicious software. When you open the link or download the file from the email, the criminals can access confidential information like bank account information, your social security number and other data. In many cases, you never know that your information has been compromised.
How to Recognize a Phishing Email
Phishing emails are designed to look authoritative so that you will open them and give the cybercriminal access to your computer. While these emails often look like they’re from a real company, you can usually recognize them via five signs.
- Sender Address
Before opening any email, look at the sender’s address. It may look similar to the official company’s address but could be slightly off. For example, it may use dot-net instead of dot-com or include a small spelling error like micrsoft or micosoft.
Cybercriminals use threats and fear to manipulate consumers. They may say that you will lose money, face criminal charges or suffer another devastating consequence if you don’t open the email. In most cases, these threats are meant to incite fear and get you to comply with their complicit wishes.
Steps That Can Protect Your Email
You can’t prevent cybercriminals from targeting you. However, you can take steps to protect yourself.
- Install spam filters and virus scans.
- Learn to recognize phishing emails.
- Only open email links from verified and trusted sources.
- Delete any emails that look suspicious.
- Train coworkers and associates to recognize phishing threats.
- Purchase cyber insurance that protects you if you are a victim of phishing.
You can’t stop cybercriminals from targeting your email, but you can use these tips to protect yourself and your data.
With data breaches becoming a fairly regular thing, everyone needs to know that they can freeze their credit to prevent identity theft. With a significant data breach, hackers are able to access the names, birth dates, Social Security numbers and addresses of millions of consumers, which put their identity and credit at risk. A credit report freeze is one protective measure Equifax (and other agencies) recommended. Every consumer, including you, should understand this protective measure as you protect your data, identity and credit.
What is a Credit Report Freeze?
A credit report freeze allows you to restrict who can access your credit report. When a freeze is in place, only certain professional entities can see your information, and it’s less likely that an identity theft can access your data.
Ways a Credit Report Freeze Affects You
When you place a credit report freeze on your account, it affects you in several ways.
1. It prevents certain entities from accessing your credit report. This includes potential employers, mortgage companies and car dealers.
2. Existing creditors and any debt collection agencies they hire and government agencies responding to a court order or subpoena may continue to access your credit report.
3. You can continue to access your free annual credit report.
4. It does not affect your credit score.
5. You will continue to receive pre-screened credit offers for credit or insurance. Call 888-5OPTOUT (888-567-8688) or go online to optoutprescreen.com if you wish to stop receiving these offers.
How to Place a Credit Report Freeze
Contact the three nationwide credit reporting companies to freeze your credit report.
To place a freeze, you must provide your name, birth date, Social Security number, address and other personal information. You will also have to pay a fee. It typically ranges from $5 to $10 but varies based on where you live.
How to Know if Your Credit Report Freeze is Successful
After placing a credit report freeze, you will receive a confirmation letter from the credit reporting company. It includes a unique password or PIN you will need if you ever choose to lift the freeze.
How to Lift a Credit Report Freeze
Your credit report freeze remains in place indefinitely. However, you may want to lift it so you can apply for a job or credit. To do that, simply contact the credit reporting company to request a lift. You will provide your password or PIN, pay a fee that varies by state and indicate if you want a temporary or permanent lift.
A credit report freeze can protect your personal data and identity. Consider monitoring your bank, insurance and credit card statements, though, too, and purchase cyber liability insurance as a further protective measure.
With the current COVID-19 pandemic, more people are opting to away from crowds and social situations – and may work from home.
While and employer’s cybersecurity insurance can reduce liability, it makes sense to also implement several security measures in the telecommuting (work-from-home) policy to protect the company.
Use Secure Wi-Fi Networks
Sure, your employees could connect to their neighbor’s wireless network or use public Wi-Fi at a coffee shop. These unsecured networks can open the door for cybersecurity breaches, though. Instruct employees to only connect to secure Wi-Fi networks or provide a safe and secure Virtual Private Network (VPN) for use as they work.
Maintain Security Settings
To protect work-issued devices and confidential data, you may set security settings on the devices you give telecommuters. Remind employees that they should not use a proxy or other method to get around those security settings. Doing so will compromise their device and the company’s data.
From apps to data, everything employees access from their work-issued device should be protected by encryption. This security measure makes it harder for thieves and hackers to steal or access information.
Employees should only have access to essential data and files, not the company’s entire virtual filing cabinet. This limited access protects information and improves security
To get into the device and access various files, employees should use secure passwords. The ideal password contains letters, numbers and symbols, is not easy to guess and is unique to each site. Change passwords at least once a month, too. For additional safety, utilize a two-step authentication process, PIN or token system when logging it.
Prohibit Device Lending
It’s common for telecommuters to let a co-worker or family member use their laptop or phone for a few minutes to check email, play a game or make a call. Discourage this practice since the other person could download questionable content, drop or damage the device, access confidential files, or otherwise compromises the device or security.
Protect Devices from Theft
Leaving a laptop, tablet or phone unattended gives thieves an invitation to steal the device. Remind employees to keep their devices with them at all times and not leave their work devices unattended or in an unlocked vehicle. Likewise, they should take care to secure USB drives and other accessories from theft. You can add tracking capabilities to devices for additional security.
After every work session, employees should log out of the websites they accessed, their Wi-Fi network and their device. This log out procedure protects company data.
Telecommuting is a privilege that benefits your employees and company. Use these security measures to protect everyone.
Modern technology has made it easier than ever for employees to work from home and still remain connected to their place of employment. Using remote employment has actually become a popular trend over the last ten years, especially since selling to the global market has become such an important factor in a business being competitive. Many businesses have found that they can minimize their expenses and attract international customers with more attractive prices if they decrease their overhead by allowing workers to remotely commute.
Despite the many benefits of using remote employees, there are downsides. Many employers considering this trend wonder how they can ensure workplace safety when the employee’s physical workplace is their own home. Another consideration is the degree of employer liability in remote employment.
Fortunately, OSHA has addressed some of the safety issues surrounding remote employment. According to OSHA guidelines, employers are required to maintain a safe workplace, even for employees working from their own home. OSHA will not require an employer to inspect a remote employee’s home worksite, nor inspect it themselves.
However, OSHA may inspect the worksite of an employee that’s performing an at-home job on behalf of their employer if it possibly involves health or safety hazards and there’s a complaint. A record of all occupational illnesses and injuries must be kept on all at-home workers if an employer is subject to OSHA record keeping requirements. Keeping in mind that OSHA compliance measures shouldn’t involve controlling the home worksite of employees, employers might need to take some additional practical measures to ensure OSHA compliance.
As far as safety compliance goes, the absence of immediate supervision for remote workers is one of the main problems employers face. Experienced, highly-trained, long-term employers are generally the worst offenders when it comes to taking safety risks. This group of employees often become complacent due to the fact they’re so accustomed and comfortable with their job, feel they’re familiar with the job’s hazards, and might have escaped disciplinary action when ignoring safety procedures or taking shortcuts in the past.
One of the best ways that employers can counteract the above dangerous attitude toward safety is by using a holistic approach to safety. Employers should focus and place great importance on each individual employee actively participating in the safety process and taking responsibility for their own safety. Whether at home, on the road, or at a remote jobsite, remote employees need to be ready, willing, and able to take the appropriate actions to protect themselves in any given situation.
Employers will need employee support to make any approach to safety successful, which means that employers must have total employee involvement in the safety process. Involve your remote employees in the process of determining what’s needed to prevent injury to themselves and others during remote location work. Most employers find that the experience and firsthand knowledge of their employees is actually very advantageous in creating safe remote worksites.
Remember, employees that understand the value of safety are more likely to be motivated and willing participants. They’re also more apt to embrace safety behaviors for the longevity of their employment. Employers can reinforce their employee’s positive attitude about safety by having electronic or person-to-person safety counseling in place and ensuring safety managers are encouraging safety participation.
As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Benefits of Cyber Liability Insurance
- Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
- Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
- Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
- Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact Scurich Insurance today.
Cyber security threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cyber security resolutions to help protect themselves from costly breaches.
The following are resolutions your company can implement to ensure you don’t become the victim of a cyber crime:
- Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond. Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cyber security policies and know how to report suspicious activity.
- Install strong anti-virus software and keep it updated—Outside of training your employees on the dangers of poor cyber security practices, strong anti-virus software is one of the best ways to protect your data. Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, anti-virus programs should be kept up to date.
- Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites. For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
- Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords. Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
- Use multi-factor authentication—While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
- Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system. Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
- Patch systems regularly and keep them updated—A common way cyber criminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
- Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
- Understand phishing threats and how to respond—In broad terms, phishing is a method cyber criminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information. Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe. As such, it’s critical to train employees on common phishing scams and other cyber security concerns. Provide real-world examples during training to help them better understand what to look for.
- Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack. That’s where cyber incident response plans can help. While cyber security programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.