By Geoff Kinsella, Safeonline
As I sit in my home office, I am being encouraged to click on a Microsoft link to release undelivered emails, to open a file from my IT department and to open another one from internal accounts. They all have one thing in common - they are all fraudulent phishing emails, and, in reality, would lead to a world of pain for me and my company.
Being called Safeonline has some privileges however, as we are all highly tuned to spot these scams and not fall prey to them. This Safeonline ‘sixth sense’ has been honed over 20+ years of placing Cyber insurance on behalf of a host of businesses: and sadly, managing the resultant claims that arise. But do your clients have the same level of staff awareness throughout their companies?
At the very time that the world is pulling together to try to combat a deadly and hidden adversary, another equally dangerous enemy is preying on our often more relaxed home working practices. As many struggle to make ends meet and look for any form of support they can find from government or other agency sources, the cybercriminals continually adapt to prey on these vulnerabilities.
The majority of home computers do not have the most up to date security patches installed and equally, many home Wi-Fi routers are never configured properly to keep the attackers at bay. So, unless you have a secure VPN set up for your company and your IT team are on hand to make sure that your staff have the right security settings on their personal machines, your company and its financial welfare are at risk. To be honest, how many of your SME clients have the resources to expend on IT infrastructure to combat these threats?
The reality is that the largest percentage of cyber losses come from SME clients and cybercrime is the major culprit. Equally, employees are also identified as the source of many issues whether they are caused by genuine error or malicious intent.
So in this brave new world in which we find ourselves, it is perhaps time to undertake (or redo): awareness training for employees; review your technical prevention controls and; create (or update) your business continuity plan in the event of a ransomware or other attack. As I am often heard saying, identify your ‘crown jewels’ in terms of data or processes, identify who within and outside your organization has access (and how) to these and make sure that their security is the best it can be. Identify who would be interested in the data and why, this will help you design your defence and your continuity plan. Back up data regularly and verify the integrity of those backups. You should also secure these backups, making sure they are not connected to the computers and networks they are backing up!
If you have purchased a quality cyber insurance product, such as PoCydon, which we developed exclusively for Brokerslink Partners & Affiliates, there will be a contact number and a team of experts at your disposal for pre and post breach advice and assistance. As cyber insurance is still a relatively inexpensive purchase given the level of protection you receive, it is still an extremely valuable addition to your cyber risk management arsenal. Bear in mind, as the number of losses is increasing, the pricing of this coverage will eventually undergo a correction and become more expensive. This is perhaps the time the industry is likely to react.
But there are some simple steps you can take to protect yourself, your employees and your clients and as an affiliate partner of the global broking network we have produced and shared this useful check list with Brokerslink Partners & Affiliates.
This is an extract of a more detailed article, with specific advice and guidance, produced exclusively for Brokerslink.