Search This Blog

Wednesday, October 20, 2021

Does Your Business Need Cyber Insurance?

By Catherine Powell

Image courtesy Pixabay
You can't watch the news, read a business magazine or peruse a newsfeed without learning about a new cyber-attack.  You'll either find that another form of malware has reared its ugly head or you'll learn that another Fortune 500 Company has been hacked.  Sorry to say it, but cyber liability has not only reached epidemic proportions,  it doesn't just effect big businesses.  In 2020, the average cost to small to medium-sized businesses (SMBs) whose computers were infected with viruses and malware was $68,000 per incident.  Targeted attacks cost the average business $188,000 to mitigate.  What's even worse is that 70% of all cyber attacks in 2020 targeted SMBs.  That's because they're easier to breach with off-the-shelf hacking tools.  (That's right, hackers can buy sophisticated hacking software on the Dark Web.) If you own a business and are tired of losing sleep over the possibility of being hacked, here's what you need to know.

How shall I hack thee? Let me count the ways. Today there are all too many ways in which a computer, a smartphone, a server, or a network can be breached.  Vulnerabilities inside and outside a company can give hackers a foothold to penetrating any system that is web-enabled.  Once inside your business, hackers can steal, alter, or delete records.  They can read emails, texts and internal messages to pass business secrets along to your competitors.  They can install viruses, worms, and malware that can bring your business to a halt.  They can unleash ransomware that will encrypt your hard-drives and threaten to destroy the data they contain unless you pay up.


What are some of the more popular ways of gaining access to your system?  If your idea of a hacker is a young computer nerd who sleeps by day and spends his or her nights pounding out code to try to guess your company's passwords, you're way behind the times.  Today's hackers have an armada of online tools and a myriad of ways to gain entry to any web-enabled devices you have in your place of business.  Below are the top 5 ways in which hackers can crack any business.


1. Phishing Attacks - While posing as a trusted friend, advisor, colleague, or client, a hacker sends you an innocuous looking email or text asking you to click on a link to receive something of value.  While the message may seem legitimate and you may indeed get the thing of value in return, what you don't realize is that you've just given a hacker access to your smartphone, tablet or laptop.  From there, the hacker can access your files, emails, photos and videos, or other proprietary information saved on the device.  More importantly, you may have also uploaded malware or spyware on your device that will allow the hacker to take control of the device, even to the point of surreptitiously activating any microphone or webcam built into it. 


2. Drive-By Downloads - Hacking has gotten so sophisticated nowadays that victims don't even need to click on a link to get infected.  Drive by download attacks deliver unwanted malware to a computer or mobile device by taking advantage of known flaws in apps, web browsers, or operating systems.  Just by uploading a free app, updating a web browser or operating system, you could later come to find that an unwanted hitchhiker was delivered with that piece of software.  Most drive-by attack victims have no idea how their system got infected because the deed was done without any action required on their part.


3. Wi-Fi Vulnerabilities - Wi-Fi routers are just as vulnerable to being hacked as are other devices.  In fact, unless you change the default password on your router, you may have already been hacked since the list of default passwords is published widely online.  Once inside your router, a hacker has the keys to the castle, since this device handles all web-enabled communications in your business.  Even if you or your IT manager changed the password, it's all too easy for a hacker to purchase wireless hacking tools that are designed to capture the handshake between the router and a connected device. 


4. Cloudjacking - If your company uses cloud computing, the corporate cloud is another vulnerability which is all too easily exploited by hackers.  Once a hacker breaches a cloud network, they can access or alter company files, or they may try to pose as a trusted member of your staff who then requests even more proprietary information from your legitimate employees.  


5. IoT Device Hacking - If your company uses smart-locks, wireless security cameras, and/or web-enabled virtual assistants, hackers who crack these systems can gain a bird's eye view of your offices or make it easy to break into your place of business.  Since many IoT devices come with little or no anti-malware to keep hackers at bay, the Internet of Things could soon become something of a nuisance to your firm if they are breached.


What's the worse that can happen? - If hackers break into your business computers, they can do much more than just annoy you.  They can cause real monetary damage.  If hackers manage to get hold of personnel records, they can use this information to commit identity theft.  If they steal client records, you could wind up being sued by your own customers.  If they get their hands on your banking information, you could find your corporate account has been drained dry.  This is, if the hackers decide to let you continue to do business as usual.  You could step into the office one fine day  to find your company computers have been held for ransom and the hackers have threatened to wipe your system clean unless you pay up.


What can you do to prevent your business from being damaged by hackers? - If you even suspect that a company computer has been compromised, the first thing you need to do is shut it down.  If your machines are networked, turn off your Wi-Fi router to keep any malware from spreading.  The longer you keep the network on, the more damage hackers can do.  Don't try to deal with hackers on your own.  You need professional help. Call in an IT professional to assess and remediate the damage.  Make sure you brief all your employees on the situation so they don't inadvertently add to your problem by doing anything contraindicated if your company has been hacked.

But wait, there's more.   Whether the hackers disrupted your business in any meaningful way or not, this discovery is going to cost you money. At best, you're going to lose billable time trying to sort out the mess.  Your business could be down for days or weeks while your network is restored.  Since you're required by law to notify anyone you do business with that their data was compromised, this could cost you customers. In a worst case scenario, your business database could be wiped clean, your good name could be ruined and you could be facing a long and costly series of court cases brought by your clients and possibly by any employees who were financially harmed by the breach.


Is there something you can do to reduce the wrecking ball wielded by hackers? - Just as you protect your business from financial harm by purchasing worker's comp for your employees and business insurance to protect you from property losses and corporate liability, there is a way to lessen the sting of getting hacked.  It's called Cyber Insurance.  While it won't prevent your business from being hacked, it can help you weather the financial storm that can occur after the fact. 


1. Cyber insurance helps pay the costs to recover systems damaged by hackers.
2. It can also help you pay for the costs incurred to inform clients of the breach, as well as offering credit monitoring to those who are affected.
3. Since cyber-crime directly impacts the bottom line of your business, cyber insurance can help you recover the expenses associated with a business disruption.
4. It may even help you recover any ransom your company is forced to pay to hackers.
5. If your company is forced to defend itself in court, legal costs and any judgments levied against your firm will be paid up to the limit of the policy.
6. Depending on the sensitive nature of the data that was stolen from your company, your firm may face fines from regulatory agencies that could also be a covered claim on a cyber insurance policy.
If your business relies heavily on office automation, you owe it to yourself to find out if cyber insurance is right for you.   


Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com/
 

2 comments:

  1. Halloween isn't the only scary thing that occurs at this time of the year.

    ReplyDelete
  2. cyber attacks greatly increase during the holidays - starting with Halloween - Be vigilant!

    ReplyDelete

Student Pilot Insurance Makes for Happy Landings

 By Catherine Powell Image courtesy Pixabay If you or someone you know is considering getting their private pilot's license, there are a...