No matter what industry you work in, if you have an internet-connected device, you are vulnerable to Cybersecurity attacks.
It feels as though society is constantly under persistent attack by cybercriminals and, with easily available access to technology, these crimes are not going away any time soon. Remote working during the pandemic has presented new opportunities to criminals, ready to exploit weaknesses in security.
Today, most of our important information is stored on computers, and almost everyone has a device of some description. Data breaches are becoming more common and, as protection systems get smarter, it seems hackers’ abilities are becoming smarter too!
Businesses are finding that it is not just traditional computers that are being hacked but the devices we carry with us are being exploited too. Our smartphones are a gold mine for data breaches – with reports of some businesses resorting to destroying their smartphones as data breaches increased the businesses vulnerability and losses were so high.
There is absolutely no doubt that you need to keep your business (and personal devices) as safe as possible and put in place cybersecurity protocols. You also need to ensure that you have the relevant cyber insurance cover in place that meets the needs of your business, should you become a victim of a cyber-attack.
There are many different types of Cyber-attacks, these can include:
- Malware including ransomware, spyware, viruses, worms.
- Theft of funds
- Man-in-the-middle attack.
- Distributed denial-of-service attack
- SQL injection
- Zero-day exploit
According to information from the British Insurance Broker Association Cyber insurance provider, CFC Underwriting, ransomware attacks have been the most reported incidents they have seen, with 31% of their cyber claims in 2020 representing a ransomware attack. A ransomware attack is defined as;
‘a type of malicious software designed to block access to a computer system until a sum of money is paid’.
The ransom demands made by criminals are also on the increase – ‘a few hundred’ bitcoin to ‘several thousand’. Paradoxically, this increase appears to have been fuelled by the insurance cover that is now available to pay the ransom to restore your data, and the criminals are leveraging this. To keep the cycle going, many criminals do actually unencrypt the data once the ransom is paid, although some of this data finds its way onto the Dark Web, where it is traded.
You may not feel that your business is sufficiently large to warrant an attack, but evidence shows that such attacks are mostly random, rather than targeted. Once on your system, the criminals will try to find your latest set of accounts, or other documentation, to work out how much you are likely to pay.
There are many ways that your systems can be infected with ransomware, the most common methods are spam or malspam (unsolicited emails that deliver malware). The email may contain infected attachments such as PDFs or word documents or they may contain links to malicious websites.
Another method is maladvertising, malicious advertising, which can distribute malware onto your systems with little or no user interaction. Even legitimate sites can direct users to criminal servers without ever clicking on an ad – these servers collect the victims’ details and locations and select the malware best suited to deliver to them – usually ransomware.
How to keep yourself protected.
The first step to prevent a ransomware attack is to make sure you invest high-quality, powerful cybersecurity – designed for real-time protection to prevent advanced malware attacks. Look out for cybersecurity features that will shield vulnerable programs from threats and block any ransomware from holding any files hostage.
You should also create secure backups of all your data regularly. Cloud storage that includes high-level encryption and multiple-factor authentication is a great option for security. External hard drives and USBs are a good option too, but you must ensure your external device is physically disconnected after backing up, or they can become infected with ransomware too – very clever these hackers!
Make sure all your system and software is updated and stay educated on how to detect spam, malspam, suspicious websites and other scams – make sure your staff are aware and educated as well – is that funny email from your friend really worth the watch? Finally, exercise common sense when clicking on anything – if it seems suspect – it probably is!
It is important that you protect your business from potential cyberattacks. Cybersecurity insurance (also known as Cyber Insurance) should cover first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted.
First-party (the business under attack) cover will include the cost of investigating the cybercrime, recovering lost data in a security breach and the restoration of infected computer systems. In addition, it provides loss of income incurred by a business that has been shut down by an attack, reputation management, extortion payments demanded by hackers, and notification costs, in the case you are required to notify third parties that their data has been compromised.
Third-party coverages (that result from claims against you from customers, suppliers, or other people or organisations that you hold data on) include damages and settlements, and the cost of legally defending yourself against claims of a GDPR Data Protection breach.
At MediaRoo, we have several cybersecurity insurance options available for clients – and it’s not usually as expensive as people think!! Get in touch to have a chat with Andrew and to find a policy that is right for you, and that will keep you, your business systems, and your data protected.