You are focused on your business – let us protect it!!!! We are here to make sure all of your business insurance needs are met, that means thorough coverages at affordable rates. We are honored to serve all of our Commercial Clients – thank you! In our Commercial Corner, we will (hopefully) provide insights and tips to help you and your business!
Cyber Security – Protect your Business
Cindy and Amy recently sat down with Timothy Knifton (friend and client of EIA), CEO of Invisible Technology, about Cyber Security and trends he has seen this year.
Below are some questions we asked to help you better understand these increased threats and what you can do to protect yourself and your business.
Timothy Knifton – CEO Invisible Technology | [email protected] | 210.888.9050 ext. 4
1. What are the top three Internet/Cyber Security trends you are seeing for Small Businesses so far this year?
- Email accounts getting hacked
- Social Engineering through email/telephone (someone sending you an email or calling you that looks like Microsoft (for example), but it really is not) – or they will call you because your account has been “hacked”. These attacks also can be mirrored as emails from your business (or one of your employees) to one of your clients usually asking for money for a service your business never performed
- CryptoLocker (aka “ransomware”) attacks – usually a professionally looking email (it typically includes attachments) which appears to have been sent by a legitimate company. Once the attachment is opened, it can lead to offers to decrypt data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline. – most of the business that get hit once with a CryptoLocker attack will get hit again. Many that have experienced this attack have lost key data and have, for example, not been able to do payroll for an extended period of time.
2. Can you provide 3 real-world scenarios on Social Engineering?
- Employee of Wealth Management received a fake email to login into Office 365 OneDrive which was a fake page for OneDrive. Employee typed into fake page Office 365 login credentials for hacker. Hacker auto-forwarded all emails of employee to the hacker’s personal email account and read through them. The hacker identified a client of the Wealth Management company and sent an fake email from another employee’s email address at wealth management to the client requesting $15,000 for IRS payment. Client called firm to find out why and they were then alerted of hack.
- Doctor received a pop up to call Microsoft which was a fake alert with a scammer’s 800 number. Doctor called number and gave scammer credit card and several hundred dollars monthly to scan his laptop each month. 6 months in, scammer states they have a bad virus and needs $500 of iTunes cards to buy Microsoft hacker software on eBay. Doctor calls me after buying gift cards and we disconnect scammer from laptop.
- Assisted living employee gets call from “Microsoft” support that they have a virus. They need to scan and email a check to the hacker and get them remote access to remove the virus. Employee scans check and emails them. Hacker then puts remote access software on the computer. Owner calls me and we clean it up.
- Microsoft will never call you, ever unless you have 10,000 plus employees and spend over $50,000 per month with them.
- Never install software that you are directed to over the phone, ever.
- Turn on anti-spam and anti-virus all the time for email. Block countries you do not operate in.
3. Any tips for newly formed small businesses on starting to build their Internet or Cyber Security processes/infrastructure? Businesses that are at-risk are those who do not have anti-virus, no or low anti-spam protection and no firewall protection– any internet traffic in the world can access and potentially break through their client data, revenue, employee information, etc.
Tips we would have for this group of businesses:
- Get Cyber Insurance to cover lost money due to attacks on your business
- Must have a budget for e-security
- Enable security protection on your machines
- Block connection to countries you do not do business with
4. After taking the first steps of Internet and Cyber Security, what are some the secondary areas of focus for small business owners?
- Be able to restore data when it is lost – find an appropriate back-up system
- Test the security and backup systems – find out how long it takes to recover the data. Sometimes it can take more than 3-5 days to get everything back.
After all of this… Cindy and Amy recommend you take a look at your Cyber Security Risks on your Insurance Policy. Here’s why:
Improving Business Cybersecurity
Businesses must protect their data and information systems. Every computer and mobile device is vulnerable to an attack. The consequences of such an attack can range from simple inconvenience to financial catastrophe. Depending on the particular industry, and the size and scope of the business, cybersecurity can be very complicated and may require specialized expertise. However, even the smallest business can be better prepared.
Start with the following simple steps, which are recommended by US-CERT, a partnership between the U.S. Department of Homeland Security (DHS) and the public and private sectors:
- Use anti-virus software and keep it up-to-date.
- Activate the software’s auto-update feature to ensure your software is always up-to-date.
- Do not open e-mails from unknown sources.
- Be suspicious of unexpected e-mails that include attachments, whether they are from a known source or not.
- When in doubt, delete the file and the attachment, and then empty the computer’s deleted file.
- Use hard-to-guess passwords.
- Passwords are a good first layer of protection, but attackers can guess or intercept passwords. You can strengthen that first layer of protection by avoiding passwords based on personal information or words found in the dictionary; building passwords from combinations of numbers, special characters, and lowercase and capital letters; and not sharing your passwords with anyone else.
- Change passwords frequently.
- Do not give out your password to anyone.
- Additional security measures can protect you even if an attacker does obtain your password. Consider multi-factor authentication to strengthen the security of the network.
- Protect computers from internet intruders by using firewalls.
- There are two forms of firewalls: software firewalls that run on a personal computer and hardware firewalls that protect computer networks or groups of computers.
- Firewalls keep out unwanted or dangerous traffic, while allowing acceptable data to reach a computer.
- Do not share access to computers with strangers.
- Check the computer operating system to see if it allows others to access the hard drive. Hard-drive access can open up a computer to infection.
- Unless you really need the ability to share files, your best bet is to do away with it.
- Back up computer data.
- Many computer users have either already experienced the pain of losing valuable computer data or will at some point in the future. Back up data regularly and consider keeping one version of the data off site.
- Regularly download security protection updates, known as patches.
- Patches are released by most major software companies to cover up security holes identified in their programs.
- Regularly download and install the patches, or check for automated patching features.
- Check security on a regular basis.
- Evaluate computer security settings regularly. The programs and operating system on a computer have security settings that can be adjusted.
- Consider if tighter security, such as multiple-door locks or a high-tech access control system, is needed at the business.
- Make sure employees know what to do to maintain current security on their equipment.
- Educate employees on how to update virus protection software, how to download security patches from software vendors, and how to create proper passwords.
- Designate a person to contact for more information if there is a problem.
- Keep employees informed of current security threats where applicable.
- Monitor US-CERT current activity.
- The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT. Visit the page for up-to-date notices on alerts and vulnerabilities reported to them.
Get Automated – Business Owner blog
Our friends at getautomated.net have created a blog for business owners. They are on a quest to share stories, tools, and knowledge to help you save some time from boring and stressful routines. Check out their latest blog – 5 Time Wasters Business Owners Should Automate
Tip 1: Benefits of having all of your Commercial insurance needs under one agency:
- Eliminate coverage confusion! Having multiple insurance agencies manage your portfolio gets confusing for everyone
- Separate policies with different insurance agencies can be scary – you may think you have coverage in one area, but you really don’t
- Things really get hairy when you have a claim
- One contact managing your entire business portfolio makes things simple
Tip 2: Commercial Coverage Highlight: Employment Practices Liability
Today business owners face an increased risk of lawsuits arising from employees who allege discrimination, wrongful termination, sexual harassment and other claims. Claims of this type are excluded from your General Liability coverage leaving your business exposed. Employment Practices Liability Insurance (EPLI) provides coverage for wrongful employment act claims against your business by employees or applicants for employment that claim their legal rights have been violated. This may include employment-related claims made through the Equal Employment Opportunity Commission (EEOC) or the equivalent state administrative agency.
Employment Practices Liability (Pre Employment Screening) provides coverage for reimbursement for settlements, judgments, and the expense of defending yourself when you are accused of:
· Failure to hire or promote
· Discrimination against employees or prospective employees
· Sexual or other harassment or coercion
· Wrongful termination, dismissal or discharge
· Employment-related libel, slander, humiliation, mental anguish infliction of emotional distress, defamation or invasion of privacy.
· Employment-related misrepresentations to employee or applicant
· Other wrongful employment acts
Amy and Cindy bring years of experience and are here to help your business!
Commercial Lines Account Manager
I am nationally licensed and have over 20 years of insurance experience including several years of service with one of the largest global insurance brokerage and risk management firms in the industry. I pride myself in helping clients understand their commercial lines coverages and advising them on ways to protect their business.
Commercial Account Manager
I have nearly 15 years experience in Insurance Account Management, Client Services and Production. I pride myself on the ability to build real relationships with my clients and they trust me. I am an innate protector so making sure my insureds are covered adequately comes second nature for me.