Cyber attacks on companies’ information systems and data have reached unprecedented proportions, and are growing with each passing year.
The biggest threat to an organization is if there’s been a breach of personally identifiable data or credit card information that it stores. That results in a number of costs, including notification costs, providing those whose data was compromised with credit monitoring, potential fines, legal costs if sued – and even reputational costs. If data is stolen, there are also restoration costs.
The threat is largest for smaller organizations. Because larger companies can afford to hire teams of technicians to thwart attacks, cyber criminals are increasingly targeting small and mid-sized organizations as they may not have the same resources to defend their data. The “2019 Internet Security Threat Report” by Symantec found that:
- 48% of cyber attacks target small business.
- Just 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyber attack.
According to the Symantec report, in 2018, enterprises accounted for 81% of all ransomware infections. While overall ransomware infections were down, enterprise infections were up by 12% from the 2017 level.
With ransomware, hackers gain access to your IT system, lock it down and demand a ransom to release it. The ransom usually has to be paid in bitcoin or other cryptocurrency so that the criminals can avoid detection.
Phishing and malware
One of the most common ways for criminals to compromise an organization’s data is through phishing, a process through which employees are sent e-mails with links, which if they are clicked, gives the hackers entry into the company’s computer systems. Malware is usually the code that is inserted into the computer system to either slow systems down or to access the information.
What you can do
- Install anti-malware software – This can weed out the latest malware before it does damage.
- Keep your software up to date – Using up-to-date versions of operating systems, applications, firmware and browser plug-ins helps protect against the latest threats by patching security vulnerabilities.
- Use strong passwords – Use a password manager tool to generate unique passwords and securely store your log-ins.
- Lock down your devices – If your staff uses company-owned devices, or you allow them to use their own, require that the devices are locked with a password, fingerprint or other method.
- Think twice before downloading – Remind staff to be cautious about downloading new software or browser plug-ins.
- Click carefully – Teach your staff to look for telltale signs of phishing e-mails that prompt them to click on malicious links.
The ultimate protection
Cyber-liability insurance covers losses that result from data breaches and other cyber events.
While cyber-liability policies vary among insurers, there are some common threads:
Loss or damage to data – Many policies cover the costs to restore or recover lost, stolen or corrupted data, and may also cover the cost of outside experts or consultants you hire to preserve or reconstruct your data.
Loss of income or extra expenses – Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails due a covered peril. The perils covered may be the same as those covered under damage to electronic data.
Cyber–extortion losses – Cyber-extortion coverage applies when a hacker or a cyber thief breaks into your computer system and demands a ransom to unlock it, or to not damage the data. Extortion coverage typically applies to expenses you incur (with the insurer’s consent) to respond to an extortion demand, as well as the money you pay the extortionist.
Notification costs – Policies may cover the cost of notifying parties affected by the data breach by government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm’s obligations under applicable laws and regulations.
Network security liability – This covers lawsuits that individuals or companies file against your organization alleging negligence on your part for failing to adequately protect data belonging to customers, clients, employees or other parties.