You and your company can make several preparations regularly to help prevent a cyber attack.
Host an Educational Event
Begin planning an open house, expo, lecture, or other educational event that focuses on cybersecurity. Depending on your company, you may decide to focus your educational efforts on information that will benefit senior citizens, college students or families. For example, your IT specialist could present advice that helps consumers avoid cybercrime, or you could show customers how to implement security protocols on their electronic devices. Get creative as you prepare to raise cybersecurity awareness during an educational event.
Cybersecurity training should occur year-round, but your employees may be especially receptive to security tips during a month that’s focused on raising awareness. Take advantage of this annual opportunity to discuss topics like choosing secure passwords, securing electronic devices used for work and managing email safety. Or choose a different topic based on your unique needs.
Focus on Different Weekly Topics
Some topic ideas include:
- Online safety at home.
- Training for a cybersecurity career.
- Ensuring online safety at work.
- Safeguarding critical infrastructure throughout the nation.
Your company can prepare to discuss these weekly topics during your events, through customer newsletters and on social media.
Utilize Your Social Media Influence
If your company has a large social media following, you have a powerful platform to raise awareness for cybersecurity. You can write blog posts that outline the importance of cybersecurity, share information about how to join the cybersecurity workforce or detail the ways your business protects data. Also, prepare infographs and other visual aids that discuss online safety tips.
Partner with Other Companies
Your company can partner with other businesses as you increase cybersecurity awareness. Share the latest cybersecurity information, create resources that educate the public about cybersecurity or host an online safety seminar together.
Check your Cybersecurity Insurance Coverage
Cybersecurity insurance protects your business in many circumstances. Review your needs with your Scurich insurance agent as you ensure you have the correct amount of cybersecurity insurance for your company.
Consider taking these steps now. They give you the tools you need to raise cybersecurity awareness among your employees, customers and community.
There is a lot of ‘phishing’ going on these days. As many as one in five people fall prey to phishing incidents, but over 14 percent don’t recognize these phishing attacks. Learn more about phishing and how to combat attacks on your personal or company email.
What is Phishing?
Phishing is a scam that cybercriminals use to gain access to sensitive information. It often occurs via email. The cybercriminal will send you an email that looks official but actually includes spyware, malware or other malicious software. When you open the link or download the file from the email, the criminals can access confidential information like bank account information, your social security number and other data. In many cases, you never know that your information has been compromised.
How to Recognize a Phishing Email
Phishing emails are designed to look authoritative so that you will open them and give the cybercriminal access to your computer. While these emails often look like they’re from a real company, you can usually recognize them via five signs.
- Sender Address
Before opening any email, look at the sender’s address. It may look similar to the official company’s address but could be slightly off. For example, it may use dot-net instead of dot-com or include a small spelling error like micrsoft or micosoft.
Cybercriminals use threats and fear to manipulate consumers. They may say that you will lose money, face criminal charges or suffer another devastating consequence if you don’t open the email. In most cases, these threats are meant to incite fear and get you to comply with their complicit wishes.
Steps That Can Protect Your Email
You can’t prevent cybercriminals from targeting you. However, you can take steps to protect yourself.
- Install spam filters and virus scans.
- Learn to recognize phishing emails.
- Only open email links from verified and trusted sources.
- Delete any emails that look suspicious.
- Train coworkers and associates to recognize phishing threats.
- Purchase cyber insurance that protects you if you are a victim of phishing.
You can’t stop cybercriminals from targeting your email, but you can use these tips to protect yourself and your data.
With data breaches becoming a fairly regular thing, everyone needs to know that they can freeze their credit to prevent identity theft. With a significant data breach, hackers are able to access the names, birth dates, Social Security numbers and addresses of millions of consumers, which put their identity and credit at risk. A credit report freeze is one protective measure Equifax (and other agencies) recommended. Every consumer, including you, should understand this protective measure as you protect your data, identity and credit.
What is a Credit Report Freeze?
A credit report freeze allows you to restrict who can access your credit report. When a freeze is in place, only certain professional entities can see your information, and it’s less likely that an identity theft can access your data.
Ways a Credit Report Freeze Affects You
When you place a credit report freeze on your account, it affects you in several ways.
1. It prevents certain entities from accessing your credit report. This includes potential employers, mortgage companies and car dealers.
2. Existing creditors and any debt collection agencies they hire and government agencies responding to a court order or subpoena may continue to access your credit report.
3. You can continue to access your free annual credit report.
4. It does not affect your credit score.
5. You will continue to receive pre-screened credit offers for credit or insurance. Call 888-5OPTOUT (888-567-8688) or go online to optoutprescreen.com if you wish to stop receiving these offers.
How to Place a Credit Report Freeze
Contact the three nationwide credit reporting companies to freeze your credit report.
To place a freeze, you must provide your name, birth date, Social Security number, address and other personal information. You will also have to pay a fee. It typically ranges from $5 to $10 but varies based on where you live.
How to Know if Your Credit Report Freeze is Successful
After placing a credit report freeze, you will receive a confirmation letter from the credit reporting company. It includes a unique password or PIN you will need if you ever choose to lift the freeze.
How to Lift a Credit Report Freeze
Your credit report freeze remains in place indefinitely. However, you may want to lift it so you can apply for a job or credit. To do that, simply contact the credit reporting company to request a lift. You will provide your password or PIN, pay a fee that varies by state and indicate if you want a temporary or permanent lift.
A credit report freeze can protect your personal data and identity. Consider monitoring your bank, insurance and credit card statements, though, too, and purchase cyber liability insurance as a further protective measure.
With the current COVID-19 pandemic, more people are opting to away from crowds and social situations – and may work from home.
While and employer’s cybersecurity insurance can reduce liability, it makes sense to also implement several security measures in the telecommuting (work-from-home) policy to protect the company.
Use Secure Wi-Fi Networks
Sure, your employees could connect to their neighbor’s wireless network or use public Wi-Fi at a coffee shop. These unsecured networks can open the door for cybersecurity breaches, though. Instruct employees to only connect to secure Wi-Fi networks or provide a safe and secure Virtual Private Network (VPN) for use as they work.
Maintain Security Settings
To protect work-issued devices and confidential data, you may set security settings on the devices you give telecommuters. Remind employees that they should not use a proxy or other method to get around those security settings. Doing so will compromise their device and the company’s data.
From apps to data, everything employees access from their work-issued device should be protected by encryption. This security measure makes it harder for thieves and hackers to steal or access information.
Employees should only have access to essential data and files, not the company’s entire virtual filing cabinet. This limited access protects information and improves security
To get into the device and access various files, employees should use secure passwords. The ideal password contains letters, numbers and symbols, is not easy to guess and is unique to each site. Change passwords at least once a month, too. For additional safety, utilize a two-step authentication process, PIN or token system when logging it.
Prohibit Device Lending
It’s common for telecommuters to let a co-worker or family member use their laptop or phone for a few minutes to check email, play a game or make a call. Discourage this practice since the other person could download questionable content, drop or damage the device, access confidential files, or otherwise compromises the device or security.
Protect Devices from Theft
Leaving a laptop, tablet or phone unattended gives thieves an invitation to steal the device. Remind employees to keep their devices with them at all times and not leave their work devices unattended or in an unlocked vehicle. Likewise, they should take care to secure USB drives and other accessories from theft. You can add tracking capabilities to devices for additional security.
After every work session, employees should log out of the websites they accessed, their Wi-Fi network and their device. This log out procedure protects company data.
Telecommuting is a privilege that benefits your employees and company. Use these security measures to protect everyone.
Modern technology has made it easier than ever for employees to work from home and still remain connected to their place of employment. Using remote employment has actually become a popular trend over the last ten years, especially since selling to the global market has become such an important factor in a business being competitive. Many businesses have found that they can minimize their expenses and attract international customers with more attractive prices if they decrease their overhead by allowing workers to remotely commute.
Despite the many benefits of using remote employees, there are downsides. Many employers considering this trend wonder how they can ensure workplace safety when the employee’s physical workplace is their own home. Another consideration is the degree of employer liability in remote employment.
Fortunately, OSHA has addressed some of the safety issues surrounding remote employment. According to OSHA guidelines, employers are required to maintain a safe workplace, even for employees working from their own home. OSHA will not require an employer to inspect a remote employee’s home worksite, nor inspect it themselves.
However, OSHA may inspect the worksite of an employee that’s performing an at-home job on behalf of their employer if it possibly involves health or safety hazards and there’s a complaint. A record of all occupational illnesses and injuries must be kept on all at-home workers if an employer is subject to OSHA record keeping requirements. Keeping in mind that OSHA compliance measures shouldn’t involve controlling the home worksite of employees, employers might need to take some additional practical measures to ensure OSHA compliance.
As far as safety compliance goes, the absence of immediate supervision for remote workers is one of the main problems employers face. Experienced, highly-trained, long-term employers are generally the worst offenders when it comes to taking safety risks. This group of employees often become complacent due to the fact they’re so accustomed and comfortable with their job, feel they’re familiar with the job’s hazards, and might have escaped disciplinary action when ignoring safety procedures or taking shortcuts in the past.
One of the best ways that employers can counteract the above dangerous attitude toward safety is by using a holistic approach to safety. Employers should focus and place great importance on each individual employee actively participating in the safety process and taking responsibility for their own safety. Whether at home, on the road, or at a remote jobsite, remote employees need to be ready, willing, and able to take the appropriate actions to protect themselves in any given situation.
Employers will need employee support to make any approach to safety successful, which means that employers must have total employee involvement in the safety process. Involve your remote employees in the process of determining what’s needed to prevent injury to themselves and others during remote location work. Most employers find that the experience and firsthand knowledge of their employees is actually very advantageous in creating safe remote worksites.
Remember, employees that understand the value of safety are more likely to be motivated and willing participants. They’re also more apt to embrace safety behaviors for the longevity of their employment. Employers can reinforce their employee’s positive attitude about safety by having electronic or person-to-person safety counseling in place and ensuring safety managers are encouraging safety participation.
As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Benefits of Cyber Liability Insurance
- Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
- Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
- Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
- Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact Scurich Insurance today.