1-888-643-2217 Email ABEX
Keeping you updated

Cybercriminals Exploiting Coronavirus

Public concern and working-from-home mandates are providing opportunities for cybercriminals.

This CFC advisory provides some background on these risks along with some easy-to-implement steps that businesses can follow to avoid falling victim.

COVID-19 increasingly being used in phishing attempts

As new cases of the COVID-19 Coronavirus continue to be reported daily, cybercriminals have been leveraging the situation to take advantage of those looking for information on the outbreak. Scams include the following and are changing each day:

  • The Sophos Security Team has spotted emails impersonating the World Health Organization (WHO). The emails ask victims to “click on the button below to download Safety Measure”. Users are then asked to verify their email by entering their credentials, redirecting those who fall for the scam to the legitimate WHO page, and delivering their credentials straight to the phisher.
  • Interpol has warned of a large increase in fraudulent websites claiming to sell masks, medical supplies and other high demand items that simply take money from victims and never deliver the promised goods. It is advisable that internet users purchase items only from established and reputable sources.
  • There have been reports of airlines and travel companies being impersonated by fraudsters in a bid to either obtain sensitive information, like passport numbers, or install malware on victims’ computers. They may say they want to advise you of COVID-19 infected passengers on past flights you’ve taken or offer discounts on future flights. When in doubt, we advise users to be vigilant when clicking on any links, delete any suspicious emails, and not disclose sensitive information if you are approached unexpectedly.
  • Fraudsters are also developing fake charitable donation campaigns which claim to help individuals and communities impacted by the Coronavirus. Any money donated is sent to fraudulent accounts. Again, if you are wanting to support relief efforts, make sure to research the organizations you are looking to donate to.
  • A Twitter user has identified another malware campaign purporting to be a “Coronavirus Update: China Operations”. The emails have attachments linking to malicious software.

As global concern about the coronavirus grows, it is likely that threat actors will continue to abuse this outbreak to their advantage.

Increased remote working can open gateway to hackers

Remote desktop protocol (RDP), when set up correctly, is a great tool for remote working. However, using it without multi-factor authentication (MFA) enabled or on an insecure network can open the gateway to hackers. In fact, in 2019, 80% of the ransomware attacks we handled were initiated through RDP.

Businesses that start using RDP for remote working during the outbreak should be aware of some of the cybersecurity risks it can pose and ensure it is being used securely. Employees should always log on within a trusted network and ideally work with their IT department to secure personal devices – and implement MFA – prior to remote working.

CFC recommendations

We suggest implementing the following steps to bolster security:

  1. Test remote log-in capabilitiesNot only should personal devices be configured for secure remote working, but business should ensure that multi-factor authentication (MFA) is set up immediately. MFA is an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data that corroborates their identity. Implementing this significantly reduces the chances of cybercriminals being able to log into a business’s RDP. For more information on MFA and how to implement it, click here.
  2. Train your employees on how to spot a phishing emailAs a CFC cyber policyholder, you can get free access to a range of risk management tools, including CyberRiskAware, an e-learning tool focusing on phishing attacks. This valuable tool teaches people within your business to be more vigilant when in comes to opening attachments, clicking on links, transferring money, or sending sensitive information. To find out more about it, including instructions on how to access it, click here.
  3. Prepare for operational disruption in advancePut simply, prepare for the worst. As with so many cyber incidents, time is of the essence so ensure you have an incident response plan in place, a template for which you can access for free as a CFC cyber policyholder. And as ever, if you believe that one of your employees has fallen victim or that you are experiencing any kind of cyber event, notify CFC as soon as possible so that we can help you.
  4. Finally, be vigilantWhat’s becoming clear as this pandemic plays out is that cybercriminals are shifting tactics daily. If you see something on social media or receive an unsolicited email that seems too good to be true, it probably is. Aside from learning how to spot phishing emails, make sure to do your research, use reputable companies, and follow-up requests for money or information with a phone call using a number from a separate, trusted source.

Source: www.cfcunderwriting.com


A Message on COVID-19

We want to take a moment and extend our well wishes to you and your families. As the growing concern around the spread of corona virus (COVID-19) is on all of our minds and everyday business functions are being challenged, ABEX is committed to working with our brokers to provide the best service we can under the circumstances.
The well-being and safety of our employees and our communities are our top priorities, so all of our employees currently work from home. As the situation unfolds, we will be monitoring recommendations from national health authorities and making adjustments as necessary.

Business as usual

  • We’ve invested in our infrastructure so that all of our staff are equipped to connect remotely into our secure network and continue to provide seamless service to our clients.
  • Our staff continue to be available via email and phone as most of our underwriters’ extensions are routed to their cell phones.
  • General voicemail is being monitored and emailed to respective recipients.

Possible delays

  • We will endeavor to remain operating to service our obligations, but our service may be delayed due to circumstances outside of our power.
  • A number of our UK partners are in the same situation so this may cause additional delays.

Broker payments

  • We continue to receive mail and courier so please continue sending in your payments.
  • We encourage our brokers to use / sign up for ClearPay which is the safest and most productive way of making a payment.
  • As a last resort, we will accept EFTs, even though they are not as safe as the above methods. Please contact accountsreceivable@abexinsurance.com for our EFT information.

Open market placements

  • If you are having difficulty collecting payments for open market placements please reach out to the underwriter on file or if unsure, contact us at service@abexinsurance.com and we will work with our syndicates to extend premium payment conditions.
  • For open market policies needing extensions, please ensure you give us enough notice, so that we can communicate to syndicates.

Renewals

  • Please ensure you give us enough notice on any changes so that we can communicate to syndicates accordingly.

Thank you for your patience and understanding and please do not hesitate to contact us with any questions.  Stay safe and we wish you the best as we navigate through these challenging circumstances.


How to Stay Safe Online

The last couple of years has seen a surge in cyber events affecting businesses of all sizes. With the growing volume and sophistication of online threats like viruses, ransomware, and phishing scams, it’s important to know the proper practices to stay safe online.

From paying attention to browser warnings to being mindful of app permissions, a few small changes can make a big difference when it comes to cybersecurity. That’s why CFC’s in-house cyber claims and incident response team has assembled this handy infographic, which contains oodles of easy, actionable tips on things you can do – today – to become more secure.

Click here to download the full infographic below.

Source: www.cfcunderwriting.com


Climate Change Litigation and D&O Insurance

See the source image

With climate change firmly at the top of the news agenda, companies with large carbon footprints are under pressure to dampen their impact on the planet.

Growing concern has led to an upsurge in the numbers of litigation cases centered on companies’ disclosures related to their potentially harmful practices, with lawsuits against companies alleging misleading statements regarding their environmental practices and commitments.

Litigation has, so far, focused primarily on energy companies and big-name polluters, but it’s not beyond the realm of imagination to expect manufacturers and other greenhouse gas emitting organisations to come under scrutiny, too.

Here’s what you need to know about climate change litigation and D&O insurance:

What could climate change litigation mean for businesses? 

Companies are under pressure to lessen their environmental impact, and any disclosures they make relating to their greenhouse gas (GHG) emissions and environmental exposures are being scrutinized more than ever before – boilerplate disclosures are not acceptable. Any challenges made to such disclosures can lead to expensive and high-profile lawsuits, as seen with ExxonMobil, 3M and Australia’s Commonwealth Bank.

Companies should also be mindful of the rise in remediation suits, similar to the ones brought by the State of Rhode Island and Cities of San Francisco and Oakland. These entities sought damages from energy companies to repair and rebuild coastlines as a result of rising tides brought about by climate change, for which these companies were deemed responsible. With the nationwide cost of building new or rectifying existing seawalls estimated at over $400 billion, companies may well find themselves caught in a storm of defending wave after wave of liability lawsuits.

But this litigation only concerns energy companies, doesn’t it?

Not exactly. While litigation has focused primarily on energy companies, this doesn’t mean that other industries are safe. Essentially any company that emits greenhouse gases could be in the firing line – like transportation companies, agricultural businesses or businesses that manufacture products that emit GHGs. Even financial institutions. In fact, Barclays recently came under shareholder pressure to reduce its investments in fossil fuel companies, and many of the big banks have notably declared their intentions to curtail investments and loans in the fossil fuel sector.

To settle or fight: What happens in climate change disclosure cases?

Now that the world’s leading GHG emitters are showing a desire to adapt and change, any company found guilty of not pulling their climate change “weight” would suffer considerable reputational harm. When cases like this are taken to court it can prove expensive and timely. Large corporations like ExxonMobil can clear their name, but this is not always true for smaller companies which may be constrained by their financial means. Not every business can afford a protracted and expensive trial to prove their innocence.

Companies that settle out of court may find this to be a quicker, cheaper or less disruptive route, but with no admission of guilt, question marks tend to hang over what might have been the outcome had the case gone to trial.

Are current D&O insurance policies likely to respond to climate change litigation?

Aside from the bespoke terms and conditions set out in your standard D&O insurance policy, there are a few exclusions which (depending on how they are negotiated) could come into play when dealing with climate change litigation:

  1. The conduct exclusionThis excludes claims arising out of the gaining of financial advantage, personal profit or by committing a fraudulent act or omission. The latter is the most pertinent here as plaintiffs may allege that a company’s directors and officers knowingly disclosed false or misleading information about their climate change statistics. Policies, however, would likely still look to defend the accused against these allegations during the litigation process, but if a guilty verdict was issued, then the exclusion would be brought into play.
  2. The pollution exclusionThis exclusion typically excludes claims relating to the discharge or release of ‘pollutants’. The language of this exclusion will differ policy to policy and the decision as to whether any substance released, discharged or dispersed by an insured can be defined as a pollutant will be a matter for interpretation. Other factors to consider will be if the language in the exclusion is the ‘absolute’ version or the softer ‘for’ language version or if the exclusion provides securities or non-indemnifiable claims carve-backs. It is, however, worth noting however that on a D&O policy, loss will not extend to clean up costs.
  3. The bodily injury / property damage exclusionThis looks to exclude claims involving damage to property and bodily injury, death and mental anguish. Depending on the policy, this exclusion might include ‘absolute’ language or the softer ‘for’ language and may include non-indemnifiable or securities carve-backs.

How can policyholders protect themselves?

It’s crucial that businesses maintain adequate levels of D&O insurance and environmental liability insurance. The size of the limit should be a consideration, as should the terms and conditions of policies. Additionally, companies need to take proactive steps to reduce emissions and/or by becoming ‘greener’.

For boards of directors this might mean the nomination of a board member or establishment of a separate committee with clear responsibility for the company’s climate change objectives.

For energy companies, diversifying into cleaner energy or investing capital into negative emissions technology would strongly help in placating go-forward concerns.

Other steps might be to review fossil fuel operations and/or set emissions targets – Rio Tinto, for example, has put a stop to its coal mining operations altogether, while the world’s largest shipping company Maersk has committed to net zero emissions by 2050 (per Climate Action 100+’s progress report). Working with organizations such as the Institutional Investor Group for Climate Change, or Climate Action 100+ would show a further commitment to achieving their objectives.

What impact will climate change cases have on D&O insurance rates?

We may see an increase in the cost of D&O insurance on a case by case basis, but it’s more likely that insurers will be looking to mitigate exposures via exclusionary language, unless they are entirely confident in a company’s eco-friendly credentials.

Every move and declaration made by these companies will be under scrutiny, so any perceived inaction, false statement or dragging of heels will likely bring about a fierce reaction from investors, lobbyists, social movement organisations and government bodies alike. Should this ultimately turn into litigation, companies will likely incur sizable legal costs – whatever the outcome of the litigation.

Source: www.cfcunderwriting.com


Anatomy of a Cyber Policy

Cyber insurance policies tend to be modular in nature, meaning that they consist of a variety of different coverage areas and, for many, that has led to confusion around how exactly this cover fits together to create a uniform whole.

To help explain this further, CFC has dissected their cyber policy section by section to show how each part of this body of coverage functions.

Click here to download the full info-graphic below.

Source: www.cfc.com

 


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn