Cyber Risk…Cyber Security

Increasing Cyber Risk

The COVID-19 pandemic has changed how almost every company operates and has accelerated the landscape of cyber risk:

• Many companies have adopted work-from-home policies, providing more remote access to company systems and data via laptops and cell phones. Sometimes, employees may use their devices to connect or conduct company business.
• Electronic meetings via Zoom and other platforms to conduct company business have created additional opportunities for hacking.
• Businesses have changed their operations, including, in some cases, expanding e-commerce offerings and payment methods.
• Stress on IT infrastructure and resources from both a systems and staffing perspective.

Due to the growing reliance on technology, cyber risk has long been considered a top risk for organizations in coming decades; however, with the arrival of the coronavirus, many companies are realizing that cyber concerns, which seemed years off, have become a reality much more quickly and the challenges are accelerating.

• The number of people working remotely has increased the number of targets for cyber attackers using phishing scams and malware in the newly remote workforce.
• Fast deployment of work-from-home may result in system access vulnerabilities and increase the risk of lost devices.
• Changes in operations requiring expanded online functionality, including payment and other e-commerce features, have potential liability concerns for the security of customer data.

Despite the challenges of this rapid change, many cyber risks are known. Therefore, they can be anticipated and, with proper planning, mitigated through prevention efforts, in addition to reviewing data security protocols and increased training. More and more businesses are purchasing Cyber Liability Insurance as part of their risk management plan. Cyber insurance can help companies to be financially protected when a data breach or other cyber risk occurs despite their best efforts.

Two Key Areas of Risk

Increased phishing and malware attacks

Put your employees on alert. Law enforcement and cyber experts have reported dramatic increases in cyber criminals using the pandemic as an opportunity to send phishing emails and spread malware attacks, which, if successful, can collect login credentials, account numbers, and other sensitive personal and business information. The best line of defense is training staff on how to identify red flags of social engineering phishing scams and to follow proper protocols if they receive suspicious communications.

Here are links to two helpful resources that can help you and your staff learn how to identify scams:

• The Federal Trade Commission has an informative guide on recognizing and avoiding phishing scams, which includes additional information that you can use to train yourself and your staff on how to prevent phishing scams and what to do if you fall victim.
• KnowBe4 also has a helpful cheat sheet to help identify Social Engineering Red Flags in emails.

Systems and confidentiality exposures

With employees working from home, the exposures increase exponentially, especially if work-from-home before the pandemic was different for your organization. Also, if your business has changed how it operates and conducts customer transactions, it’s essential to consider that these new activities are being correctly managed to address security concerns. Assessing your company’s preparedness and protection in the face of cyber and data risks requires considering security from various angles.

Here are just a few to consider:

• Are employees remotely accessing your network using company-issued or personal devices?
• Are you using security software to help detect threats, and is your system data backed up separately from your network?
• Have you established procedures for storing and accessing sensitive company/customer information?  Have you maintained security with remote access?
• Have you established procedures to ensure that sensitive information is secure using Zoom or other online meeting tools?
• Have you changed how your business provides services and conducts transactions/payments, such as online payment, that could impact the storage and protection of private personal information?

Depending on how you answered these questions, you may feel confident that you are doing all you can to protect yourself from cyber risks, or you may find that you have areas that require improvement.

How Cyber Liability Insurance Helps Protect Your Business

Cyber Liability insurance protection addresses the first- and third-party risks associated with e-business, the Internet, networks, and informational assets. While some general insurance liability policies may offer limited protection in the event of a data breach, typically, the coverage provided isn’t sufficient for a significant cyber liability event. Cyber Liability includes security breaches, data theft, virus transmission, copyright issues, trademark, intellectual property infringement, libel, or any other matters that first parties can pass to third parties via the Internet.

Some of the types of claims that may occur include:

• Accidental release of confidential customer information
• Spreading a virus into a customer’s computer system
• Theft of customer’s credit card or banking account numbers
• Identity theft resulting from data breach
• Denial of service attack hacking
• Electronic data extortion or destruction
• Interruption of business operations due to the system being down
• Webmaster uses another site’s content in site development

While the exposures outlined above are not all-inclusive, and no policy covers every risk, Cyber Liability insurance can make all the difference in helping your business avoid a crippling financial impact if a system or data breach occurs despite your mitigation efforts. Contact Us to learn more about getting Cyber Liability coverage for your business. We look forward to helping ensure your business has the protection it needs, especially during these challenging times of accelerated risk.