1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: cyber

It’s Not Too Late, Start Your Cyber Resolution Today

CFC has put together a few top cyber-related resolutions for this year.  Check them out and have a secure 2019!

  1. I will change all default passwords on my personal and work devices.
  2. I will regularly check for updates to the operating systems of my laptop, computer and mobile phone.
  3. I will install strong anti-virus software and keep it updated.
  4. I will think twice before clicking on unknown links or attachments in emails.
  5. I will authorize payments to new transfer partners via telephone to minimize risk of fraud.
  6. I will not share sensitive information on social media that could be used against me in phishing attacks.
  7. I will back up my entire system at least once a week on an external hard drive.
  8. I will encrypt my mobile phone and all of my other devices.
  9. I will talk to my kids (or parents) about how to stay safe online.
  10. In the event that resolutions 1-9 fail, I’ll have a cyber insurance policy in place to save the day!

Source: www.cfcunderwriting.com


Critical Cyber Exploits Affect Nearly All Computers

Cyber security researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data. The flaws, referred to as Meltdown and Spectre, are both caused by design flaws found in nearly all modern processors. These vulnerabilities can be exploited to access all of the data found in personal computers, servers, cloud computing services and mobile devices.

Because Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks.

Researchers believe that Meltdown and Spectre may be limited to processors manufactured by different companies, but also warn that the design flaws that contribute to Meltdown and Spectre have been present for years. Here are some key details about each flaw:

  • Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access all of the device’s data. Meltdown can be used to access desktop, laptop, server and cloud computer systems, and can even be used to steal data from multiple users who share one device. Although researchers have only been able to verify that Meltdown affects processors made by Intel, other processors may also be affected. Many software developers have already released updates that prevent hackers from exploiting Meltdown.
  • Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos and documents, even if those applications adhere to regular security checks. Spectre affects almost every type of computer system, including computers, servers and smartphones. Additionally, researchers have confirmed that the design flaw that enables Spectre is present in Intel, AMD and ARM processors that are used by nearly every computer and mobile device. Software developers are currently working on a patch to prevent the exploitation of Spectre, but some experts believe that future processors may have to be redesigned in order to fix the vulnerability.

When Meltdown and Spectre were originally discovered in 2017, researchers immediately reported them to major hardware and software companies so work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple and Amazon have already been updated to help defend against the flaws. However, you shouldn’t rely solely on a software patch to protect against these vulnerabilities. Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre:

  • Update all of your devices immediately, and check for new updates regularly. You should also encourage your friends, family members and co-workers to do the same.
  • Contact any cloud service providers and third-party vendors you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
  • Install anti-virus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.

© Zywave, Inc. All rights reserved


5 Cyber Risk Questions Every Board Should Ask

When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.

To help oversee their organization’s cyber risk management, boards should ask the following questions:

  1. Does the organization utilize technology to prevent data breaches? Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are current and effective.
  2. Does the organization have a comprehensive cyber security program that includes specific policies and procedures? Boards should ensure that cyber security programs align with industry standards and are audited on a regular basis to ensure effectiveness and internal compliance.
  3. Has the management team provided adequate employee training to ensure sensitive data is handled correctly? Boards can help oversee the process of making training programs that foster cyber awareness.
  4. Has management taken appropriate steps to reduce cyber risks when working with third parties? Boards should work with the company’s management team to create a third-party agreement that identifies how the vendor will protect sensitive data, whether the vendor will subcontract services and how it will inform the organization of compromised data.
  5. Has the organization conducted a thorough risk assessment and considered purchasing cyber liability insurance? Boards, alongside the company’s management team, should conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.

Contact your insurance broker to learn more about cyber risk mitigation strategies that you can start using today to keep your business secure.

© Zywave, Inc. All rights reserved


3 Business Lessons from the HBO Hack

HBO, an American premium cable and satellite television network, was the victim of a data breach. On July 31, 2017, HBO revealed that a group of hackers had stolen 1.5 terabytes of data from the network. Following the breach, the cyber criminals were systematically leaking spoilers and unaired episodes of “Game of Thrones,” one of HBO’s flagship shows.

This hack demonstrates that intellectual property can be just as valuable to cyber criminals as personal identifiable information. To avoid falling victim to a similar cyber attack, organizations should keep in mind the following business lessons learned from the HBO hack:

  1. Having a communications plan in place is critical. Following the breach, HBO was quick to ease the concerns of stakeholders, assuring the public that no internal emails had been stolen. However, this turned out not to be the case, and HBO publicized misinformation. This can be damaging to a brand, as balancing transparency and authenticity following a cyber event is crucial. Having a formal communications strategy can help organizations map out what information is shared to the public and at what time.
  2. Cyber attacks can be damaging to an organization’s reputation. Even if the financial impact of the HBO breach ends up being minimal, the reputational damage has been done. The breach jeopardizes HBO’s image and undermines customer loyalty and trust that took years to build up.
  3. To protect your business from a cyber attack, you need to understand your vulnerabilities. It’s been reported that the HBO hackers used multiple points of entry to get into the company’s system and steal data. Organizations should understand their vulnerabilities to protect against attacks. Entry points can differ depending on the business, but often include employees connecting to networks, online printers and employees using a virtual private network while working remotely.

While you can never predict when a data breach will occur, keeping in mind the lessons above will ensure that your organization is adequately prepared.

© Zywave, Inc. All rights reserved


Manufacturing is a Top Target for Cyber Criminals

Cyber security is a top-of-mind risk for organizations of all sizes and across all industries. This is especially true for manufacturers, as it is an industry norm for organizations to quickly adopt new, more efficient technologies—technologies that are often a target of cyber criminals.

In fact, according to the Insurance Institute of Canada, manufacturing is one of the top industries targeted by cyber criminals. While specific cyber exposures for manufacturers vary, they typically relate to the categories outlined in this article.

Data and Intellectual Property Loss

Almost every business stores sensitive information. For manufacturers, this typically includes personally identifiable information of employees and customers. Items like names, addresses and credit card information are all at risk in the event of a data breach.

A data breach can occur as the result of a number of incidents, including hacking, the loss of a laptop and unauthorized employee access. Data breaches can be incredibly costly for manufacturers, and expenses related to forensics, notification costs, public relations, crisis management, and fines and penalties can add up quickly.

What’s more, the theft of intellectual property (IP) is a top concern among manufacturers. If IP is stolen during a data breach, organizations risk losing their competitive advantage. IP is often a manufacturer’s most valuable asset—an asset that needs constant protection.

Further complicating matters for manufacturers is that systems are becoming increasingly connected, and sophisticated spear phishing attacks, mobile device challenges and state-sponsored attacks have each elevated the risk of IP theft.

Employee Negligence

One of the most important aspects of any manufacturing operation is its people. However, due to constantly advancing technology and the frequency at which employees are permitted to bring their own devices to work, manufacturers are increasingly exposed to new and disruptive cyber threats.

Four of the top 10 cyber threats facing organizations can occur as the result of employee negligence. Phishing scams, the abuse of IT systems, errors and omissions, and the unsecure use of mobile devices can all occur if employees are improperly trained or wish to do an organization harm.

Industrial Control Systems and Connected Devices

​Industrial control systems are command network and system devices designed to monitor and control industrial processes. These systems are designed to promote efficiency and are often connected to the internet. While this connectivity is essential in modern manufacturing operations, it has created a new exposure for businesses to consider.

This type of exposure was demonstrated in late 2014, when hackers were able to take over the control systems at a German steel mill through the use of phishing emails. The hackers were then able to disrupt the control system to such a degree that a blast furnace could not be properly shut down, which, in turn, lead to an explosion and massive physical damage to the plant. This incident illustrates just how complex cyber exposures can be for manufacturers.

Additional Risks

In addition to the risks above, there are a number of cyber threats in the manufacturing industry that can negatively impact an organization’s bottom line without warning. The following are some risks to be aware of:

  1. Third-party damages. When connecting with customers and vendors online, third-party damages can occur. Third-party damages can take various forms, but often occur when a virus is transmitted to another company or customer. When this happens, your organization could be held liable for any damages.
  2. Business interruptions. Manufacturing businesses often require the use of computer systems, and a disaster can halt your ability to transmit data and lead to lost revenue. Time and resources that normally would have gone elsewhere will need to be directed toward the problem, which could result in further losses. This is especially important as denial-of-service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization’s server.
  3. Cyber extortion. Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. Because a variety of manufacturing projects are time sensitive, delays of any kind can wreak havoc on an organization’s bottom line.

Protecting Yourself with the Right Coverage

To protect your business, cyber liability insurance should be used as part of your overall risk management strategy so you can address a cyber breach quickly and reduce possible damages. The following are possible exposures that may be covered by a typical cyber liability policy:

  • Data breaches
  • Intellectual property rights
  • Damages to a third-party system
  • System failure
  • Cyber extortion
  • Business interruption

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage your business needs is based on your individual operations and your range of exposure. It is important to work with a broker who can identify your areas of risk so a policy can be tailored to fit your situation.

© Zywave, Inc. All rights reserved


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn