by Eric Shapiro
Cyber hacks are very much on the rise. What most people don’t understand is that hackers are usually not targeting any business specifically. Usually, they are using bots to troll the net looking for companies with weak security controls. Or they are sending out blast phishing emails hoping a naïve employee will click on a link or open a document that is infected with malware. Or they are creating social engineering scams to try to dupe people into wiring funds to the wrong bank accounts. Because these efforts are widely distributed and many bad actors are doing this, all companies are vulnerable. There are things all companies can do to stay vigilant and try to protect themselves beyond the usual firewalls, VPNs, etc.:
- Implement Multi Factor Authentication (MFA) – This should be used for anyone that can access your system remotely.
- Implement End Point Detection – This will help your IT staff continually monitor and respond to cyber threats.
- Train, Train, Train – Make sure your entire staff understands the threat and stays vigilant against opening the wrong attachments. Do phishing exercises regularly.
- Put controls in place around Wire Transfers – Make sure anyone that has the ability to do wire transfers is trained to correctly, verbally, confirm the details of all wires.
Due to the increase in frequency and severity of cyber-attacks, Cyber Insurance has become more expensive and more difficult to get. It’s also become much more important to have. Carriers are now requiring their insureds to have these controls in place before they will provide insurance. When completing the application for insurance pay close attention to the questions about controls and answer them honestly. If you do not have all these controls in place, you will probably be required to implement them so have a plan in place and articulate that. Work with your insurance agent to get the proper coverage based on your exposure. Terms and conditions vary widely in the marketplace so be very careful to make sure you get the best coverage you can. Remember, especially with cyber, you get what you pay for so don’t just buy on price.
Eric Shapiro is the Regional President for Socius Insurance.