Not ANOTHER Blog on Cyber Security

Posted in: Commercial Insurance

No, really, this isn’t just another blog on Cyber. If by now the news of breaches at Target, Home Depot, Bank of America, Blue Cross Blue Shield, Sony, The US Office of Personnel Management and the Department of Defense haven’t raised alarms for you, there is nothing I can say that will bring you up to speed on the pervasiveness of cybercrime. No doubt many organizations are aware and have taken precautionary steps to mitigate cybercrime but an unnerving number of companies continue to believe that they are ‘too small’ to become the target of an attack.

Unfortunately, the reality is quite different. One of the largest breaches in recent memory was Target Stores where 40 million credit card numbers and 70 million total records were stolen. It resulted in a 46% drop in profits, $100 million in additional security improvements and $200 million in costs to financial institutions to re-issue new credit cards. What you likely didn’t know is that the source of the Target breach was their HVAC vendor – a small shop located in Sharpsburg, PA.

And just consider, credit card information is among the LEAST valuable information stolen, whereas health and general login information is one of the most valuable. While a stolen credit card number might be worth $5 or less on the black market, health-related information may sell for as much as 100 times that amount. To make matters worse, 81 percent of healthcare-related organizations have been compromised in the past two years.

Do you run the risk of being that HVAC vendor? Are you doing business over the internet with larger firms, including your vendors, customers and banks? If you’re not paying sufficient attention to cyber exposures, then I would argue you are at significant risk. Keep in mind that not all cyber-attacks are targeted – actually in many cases they are crimes of opportunity. Login credentials left out in the open, weak passwords, lax network monitoring, and failing to provide regular and consistent cyber risk education to your staff can expose your firm to catastrophic losses.

In the coming months, PSA will feature technical ways in which you can ‘harden’ your infrastructure by working with experts in the field. Yes, we believe in cyber insurance, but the best course is prevention – you may have homeowners insurance, but would you really leave a window open in your home during a thunderstorm?

Have questions about Cyber Insurance? We have answers and solutions to help manage your cyber risks.

There are a number of relatively easy steps you can take to at least raise awareness of exposures and potentially prevent data and financial loss – not to mention damage to your reputation and credibility – which may be the greatest loss of all:

  • Have staff develop strong passwords where feasible. These are passwords that are hard to guess, include symbols such as #!% and have a combination of capital and lowercase letters. Don’t leave passwords out for all to see.
  • Educate your staff on PHISHING attacks – where seemingly legitimate emails are really disguised attempts to gain access to your credentials (e.g. an email advising you to wire money coming from the CFO, a package is being delivered, etc.).
  • Limit access to your network using only encrypted and approved devices.
  • Ensure you have an active and up-to-date firewall and malware applications in place.
  • Develop an intranet policy that clearly spells out acceptable uses of computers and the intranet. Limit the use of internet access as much as possible to business applications. Many attacks are propagated through malware that lurks behind legitimate ads and links.
  • Make sure you have the latest operating system upgrades completed. In many cases the upgrades include fixes to known security risks.
  • Most email programs allow you to encrypt sensitive communications. Use it whenever you are sending non-public information to any recipient.
  • Last but not least expect to be a victim of cybercrime and prepare accordingly.

At PSA, we see ourselves as much more than an insurance broker – we are your partner in protecting and growing your assets. We’ve learned a thing or two along the way when it comes medium-sized risk – and this is an area we feel many small and medium-size firms don’t readily understand. We are here to help and will be glad to assist you in developing any of the ideas shared in this post. Feel free to contact me at jnapp@psafinancial.com.