Business Cyber Risks and Tips for Risk Management
There’s a saying that goes ‘fail to prepare and prepare to fail’. This is extremely true for cyber risks. Do you have a website? Networked computers connected to the internet? Do you store private client information? If the answer to any of these questions is yes, then you need cyber liability insurance.
Young companies and startups often feel immune to cyber risk and are tempted to opt-out of the coverage to save on premium. Startups actually have the most to gain from proper cyber liability coverage. The harm to reputation from having client data compromised can be fatal if not managed properly. Further, startups and other small businesses may be considered soft targets and at greater risk than larger corporations.
Here are five potential cyber risks facing small businesses now:
This is where a piece of malicious software, generally received via a phishing email, encrypts all of the data on the company’s network, then the perpetrators request a ransom in order to provide the decryption key. Often these ransom amounts are below $2,500 but the costs to remedy the situation as an alternative to paying the ransom would be far more. Just recently Penneco Oil Co. Inc.’s computers were infected which enabled the conspirators to hack the company’s bank accounts for $3.5 million.
This is when a hacker manages to gain access to a company’s network. Hackers often accomplish this by exploiting an unpatched vulnerability within the software. This allows them to gain access to company data. Often the target of the hackers is personally information of customers, especially credit card information. NASA was once hacked by a 16 year old Jonathan James NASA officials valued the documents stolen by James at around $1.7 million. The incident forced NASA to shut down its computer systems for three weeks and cost them about $41,000 to fix.
Denial of Service Attack
These attacks as becoming increasingly cheap and easy to carry out for attackers. A denial of service attack is done simply by overwhelming a company’s website through pushing a large volume of data to its servers in a malicious manner. One known example is the wave of attacks that targeted Yahoo and Amazon in 2000, which was estimated to have a cost over $1.2 billion in damages.
Humans can often be the weakest link in your company’s cyber risk management. A vast number of data breaches are the result of information being lost, or distributed to the wrong person, this is easy to do for e.g. an email typo. Even the seemingly mundane can have far reaching consequences, particularly where sensitive personal information is involved.
This is where a criminal poses as a senior person within the firm – either by hacking into or ‘spoofing’ their email account. Spoofing is when a hacker poses as someone else and ‘tricks’ the user into thinking they are, generally, someone with authority. They then convince a worker with financial authority to make a rush payment. The worker makes the payment and it is an automatic loss. Deloitte recently published a press release explaining to clients that these frauds have increased tremendously and warned them to be vigilant.
Small businesses can help reduce their exposure to cyber risks by:
• Using secure passwords: TIP: make passwords stronger by using three random words, numbers and symbols.
• Installing antivirus and malware software on all company devices.
• Regular software updates: software updates contain vital security upgrades which help protect you from the latest malware and hackers.
• Educate staff on the dangers of cyber risks, and what to be aware of, particularly where unusual emails or requests are received.