In recent years, ransomware attacks have steadily been on the rise. These incidents—which entail cybercriminals compromising a device or server and demanding a large payment be made before restoring the technology (as well as any data stored on it) for the victim—double extortion ransomware attacks are one of the most damaging cyberattack methods, incurring an average of $1 million in total losses per incident.
As these attacks become increasingly common, numerous ransomware techniques have also emerged. Specifically, double extortion ransomware attacks are now a potential cybersecurity concern for organizations across industry lines. This technique follows a similar protocol to that of a typical ransomware attack, but comes with an extra threat—the victim must pay a ransom not only to regain access to their technology and data, but also to keep that data from being uploaded publicly online.
Double extortion ransomware attacks are particularly concerning, seeing as these incidents can further pressure organizations to comply with ransom demands in order to keep their data private. Review the following guidance to learn more about how double extortion ransomware attacks work and what your organization can do to prevent such an attack.
How Double Extortion Ransomware Attacks Work
To outline the general framework of a double extortion ransomware attack, this technique starts out like most other ransomware incidents, in which a cybercriminal first gains access to their target’s device or server—often via phishing scams, nonsecure websites or malicious attachments. From there, the cybercriminal is able to compromise the victim’s technology and encrypt data stored on it. Then, the cybercriminal delivers their ransom demand and accompanying consequences for noncompliance.
Contrary to a typical ransomware incident, however, these consequences are twofold. That is, failing to pay the ransom could result in the cybercriminal both permanently restricting the victim’s access to their technology and sensitive data, as well as sharing this data publicly on the internet. Although double extortion ransomware attacks can occur at any organization, these incidents are most common within establishments that store a considerable amount of sensitive data. This includes health care facilities, financial institutions, government organizations and large retail businesses.
Double extortion ransomware attacks can be significantly more damaging for affected organizations than typical ransomware incidents. This is because even if organizations have protocols in place (e.g., storing data in multiple secure locations) that allow them to recover their compromised information without paying a ransom, they may still be pressured to do so in order to keep their data from going public. After all, a data breach can lead to further ramifications—including reputational damages, regulatory fines and class action lawsuits.
What’s more, cybercriminals who conduct double extortion ransomware attacks are known to demand higher ransom payments, sell or trade stolen data to other attackers for future extortion attempts and still move forward with sharing data publicly even after the ransom is paid (whether on purpose or by accident)—making these attacks all the more damaging.
Preventing Double Extortion Ransomware Attacks
When it comes to combatting double extortion ransomware attacks, it’s important to prioritize standard ransomware prevention measures. This includes conducting routine employee training on how to detect potential ransomware risks (e.g., suspicious emails or attachments), implementing policies that prohibit browsing nonsecure websites on organizational servers or devices, and installing adequate security features on all workplace technology (e.g., a virtual private network, antivirus programs, data encryption software, email spam filters, an internet firewall and a patch management system).
In addition to these key prevention measures, the best course of action for reducing double extortion ransomware attack risks is to establish an effective cyber incident response plan for your organization. This plan should explicitly address double extortion ransomware attack scenarios and outline steps that employees should take to limit the damages during such an event.
Lastly, it’s vital to secure appropriate insurance coverage for ultimate peace of mind in the event of a ransomware attack. A dedicated cyber insurance policy can offer much-needed support and resources when an attack occurs, minimizing the potential damages and financial impact on your organization.
For additional risk management guidance and insurance solutions, contact us today.
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
Commercial insurance carrier CNA was hit by a “sophisticated cyber-attack” that caused major havoc for certain systems, including email. Out of an abundance of caution, they contained the attack by proactively disconnecting their systems leveraging a methodical and carefully organized process. CNA is one of the biggest insurance companies in the U.S., with over 6,000 employees.
GDI Insurance Agency had a $250k+ premium account that most likely would have gone to them, but due to the system outage/failure they couldn’t get final pricing to us and lost the opportunity. Having happened leading into 4/1 (the start of a new quarter was the WORST timing for an insurance company). It’s murphy’s law, what can go wrong will (and when it does it’ll be at the worst possible time). If this happened with our agency, think of the losses they experience with other agencies as well.
CNA Insurance has been working around the clock for a week on the incident, and have just restored their enterprise email system, which is now safe. Adding additional security measures in place to protect their systems.
“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” the company said.
How CNA Dealt With A Sophisticated Cyber-Attack
“Out of an abundance of caution, we contained the attack we sustained by proactively disconnecting our systems from our network. We are now in the restoration stage and are bringing back our systems leveraging a methodical and carefully organized process. As highlighted here and as an example of this ongoing process, we have restored email access and you can communicate with CNA employees safely and in the normal course of business.”
10 Cyber Security Resolutions to Reduce Your Data Exposures
Sophisticated cyber-attack, threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cybersecurity resolutions to help protect themselves from costly breaches. The following are resolutions your company can implement to ensure you don’t become the victim of a sophisticated cyber-attack:
Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond.
Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cybersecurity policies and know how to report suspicious activity.
Install strong antivirus software and keep it updated—Outside of training your employees on the dangers of poor cybersecurity practices, strong antivirus software is one of the best ways to protect your data. Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, antivirus programs should be kept up to date.
Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites.
For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.
Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
Use multi-factor authentication—While complex passwords can help deter cybercriminals, they can still be cracked. To further prevent cybercriminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials.
Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system.
Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
Patch systems regularly and keep them updated—A common way cybercriminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
Understand phishing threats and how to respond—In broad terms, phishing is a method cybercriminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information.
These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.
Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe.
As such, it’s critical to train employees on common phishing scams and other cybersecurity concerns. Provide real-world examples during training to help them better understand what to look for.
Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack.
That’s where cyber incident response plans can help. While cybersecurity programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.
For additional cyber risk management guidance and insurance solutions, contact us today.
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
Preventing Ransomware Exposures from Remote Desk Protocol
Remote desk protocol (RDP)—which is a network communications protocol developed by Microsoft—consists of a digital interface that allows users to connect remotely to other servers or devices. Through RDP ports, users can easily access and operate these servers or devices from any location. RDP has become an increasingly useful business tool—permitting employees to retrieve files and applications stored on their organization’s network while working from home, as well as giving IT departments the ability to identify and fix employees’ technical problems remotely. This guidance for preventing ransomware exposures is especially important with remote workers.
Unfortunately, RDP ports are also frequently being leveraged as a vector for launching ransomware attacks, which entail a cybercriminal deploying malicious software to compromise a device (or multiple devices) and demand a large payment be made before restoring the technology for the victim. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyberattacks occur each day, with RDP reigning as the top attack vector for ransomware incidents.
Don’t let RDP contribute to a costly ransomware incident for your organization. Review the following guidance to learn more about how ransomware attacks can occur via RDP and best practices for minimizing the likelihood of such an incident.
PreventingRansomware Exposures via RDP
RDP-based ransomware attacks usually stem from organizations leaving their RDP ports exposed to the internet. Although doing so can seem more convenient for employers in the scope of remote work operations, internet-exposed RDP ports are easy for cybercriminals to identify and offer a clear access point for deploying harmful attacks.
The typical process of an RDP-based ransomware attack is as follows:
Scanning—First, a cybercriminal utilizes a port-scanning tool to search the internet for any exposed RDP ports. These scanning tools are often free and relatively simple to operate for attackers of varying skill levels.
Gaining access—After identifying an exposed RDP port, the cybercriminal then gains access to the targeted server or device by using stolen credentials. Attackers can secure these credentials by either purchasing them on the dark web or implementing a brute-force tool that can rapidly input a series of usernames and passwords until the correct combination is found.
Disabling security features—Once the cybercriminal has accessed the targeted server or device, they attempt to make it as defenseless against an attack as possible by disabling any existing security features (e.g., antivirus software, data encryption tools and system backup capabilities).
Executing the attack—From there, the cybercriminal is able to steal sensitive data and deploy a ransomware attack on a vulnerable server or device. Some attackers even install backdoors during this step to allow for easy access during future attacks.
Like other ransomware incidents, RDP-based attacks can result in devastating ramifications for the impacted organization—including business interruption issues, reputational damages and large-scale financial loss.
Download our Case Study Today!
Strengthening RDP Against Ransomware
Although RDP-based ransomware attacks have become increasingly common, there are several ways for you to bolster your organization’s RDP security and lessen the risk of such an incident impacting your operations. Consider the following best practices:
Close your RDP connection. First and foremost, ensure that your RDP connection is not open to the internet.
Establish a virtual private network (VPN). To keep your RDP port from being exposed to the internet, be sure to establish a VPN. This will allow remote employees to securely access your organization’s RDP port, while also making the port far more difficult for cybercriminals to locate online.
Elevate authentication protocols. Because cybercriminals require login credentials to properly execute an RDP-based ransomware attack, make sure you have effective user authentication protocols in place. Specifically, encourage employees to develop unique passwords for all of their devices and accounts. These passwords should be an appropriate length, refrain from using common words or phrases, and contain several special characters. In addition to strong passwords, consider requiring multifactor authentication for RDP port access as an extra layer of protection.
Implement login attempt limits. To stop cybercriminals from being able to deploy brute-force tools to secure login credentials during an attack, update RDP port protection features to detect when multiple failed login attempts have occurred in a short period of time. Establish a limit on how many incorrect logins can occur before the user is blocked from further attempts—therefore halting an attack.
Utilize adequate security software. Ensure all workplace technology is equipped with top-rated security software—including antivirus programs, a firewall, data encryption features and a gateway server—to deter attempted attacks. Update this software on a regular basis.
Restrict employee access. Be sure to uphold the principle of least privilege by only providing employees with RDP access if they absolutely need it to conduct their work tasks. These employees should be trusted and trained in appropriate RDP usage. After all, granting extra employees unnecessary RDP permissions simply creates additional security gaps.
Have a plan. Lastly, make sure your organization has an effective cyber incident response plan in place that addresses RDP-based ransomware attack scenarios. This plan should promote the backup storage of any critical data in multiple secure locations (both on-site and off-site) to minimize potential losses. Practice this plan regularly with staff and make updates as needed.
For additional risk management guidance and insurance solutions, contact us today.
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
Tens of thousands of organizations around the world using Microsoft’s Exchange Server have been compromised by a cyber hack campaign suspected to have ties to China. This campaign exploited software vulnerabilities to seize control of systems and steal data, according to researchers.
Security researchers at Volexity first detected the cyber hack in January, according to Microsoft. Volexity has provided a full overview of the technical details on its website. FireEye’s Mandiant also reported evidence that the campaign hit U.S. retailers, local governments, a university and an engineering firm. Cybersecurity blogger Brian Krebs reported at least 30,000 U.S. organizations could be affected, among them being small businesses and municipalities.
Cyber Hack Microsoft Update
In a blog post, Microsoft researchers detailed the recent exploits of a highly skilled and sophisticated threat actor they call Hafnium. The threat actors were able to infiltrate Microsoft’s Exchange Server software using stolen credentials or zero-day vulnerabilities. They could then create web shells with administrative access, allowing the bad actors to steal data or control systems remotely.
According to Microsoft, the group typically targets U.S. entities, especially infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and other nongovernmental organizations.
Microsoft issued emergency security updates to protect Exchange Server customers. It should be noted that the hack is not related to the recent SolarWinds supply chain attack. Multiple security researchers reported that, after Microsoft issued its patch, hackers seemed to have kicked the hacking campaign into overdrive to access as many unpatched systems as possible.
The Biden administration will reportedly convene a task force to investigate the hack, and the federal Cybersecurity and Infrastructure Security (CISA) issued an alert to help organizations determine whether they may have been compromised.
On Twitter, former CISA head Christopher Krebs called the event a huge hack, adding that the affected parties dwarf the already-high reported numbers. Any organization using Outlook Web Access should be checking whether it has been compromised, according to Krebs.
“[The compromise] is going to disproportionately impact those that can least afford it,” Krebs said in a Tweet. “Incident response teams are burned out, and this is at a really bad time. Few organizations should be running exchange servers these days.”
Hacking the email systems of hundreds of thousands of organizations could not only lead to intellectual property theft but could also give rise to data breaches, business email compromise attacks, funds transfer fraud and other risks that would trigger insurance policies that cover cyber events. Having built backdoors into countless systems, the malicious actors can also come and go freely unless detected and locked out quickly, making patching and quick remediation essential.
The event comes at a time when federal lawmakers have been advised to quickly streamline the process of sharing threat information between the government, security firms and the private sector. A recent Senate hearing revealed some willingness on the part of lawmakers to move toward mandatory breach reporting with possibly liability protections for breached parties.
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
Health care data breaches and cyber events cost an estimated $13 billion and increased by 55% in 2020, according to a new report that found it takes an average of 236 days for health care firms to recover from breaches.
Cloud security firm Bitglass analyzed data from the U.S. Department of Health and Human Services to find that hacking and IT incidents were the top sources of compromise and lost records last year, causing over 67% of all breaches. The number of data breaches jumped to 599 from 386 in 2019, and the average cost per breached record rose to $499—up from $429.
According to the report, hacking and IT incidents have increased significantly since 2018, causing 91.2% of all breached health care records. During the same period, loss/theft and unauthorized disclosure have remained steady as less-frequent occurrences.
“In 2014, lost and stolen devices were the leading causes of security breaches in health care, while hacking and IT incidents were the least common causes,” according to Bitglass. “Today, things have essentially inverted. Each year since 2015, hacking and IT incidents have been exposing more records than any other breach type. These results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors and how health care organizations are grappling with cybersecurity.”
California led the nation in breaches at 49 health care cyber breaches, followed by Texas at 43, New York at 39, and Pennsylvania and Florida at 38. Many of the health care cyber breaches occurring in 2020 were a byproduct of the Blackbaud ransomware attack.
The Department of Health and Human Services (HHS) Office for Civil Rights maintains a tally of reported health care breaches, with 47 new events occurring since Jan. 1. The 32 events reported in January 2021 were well below the 62 reported in December 2020, according to an analysis conducted by the HIPAA Journal. One of those January breaches occurred at the Florida Healthy Kids Corporation due to unpatched software vulnerabilities at a third-party IT vendor. The breach is estimated to have occurred over a seven-year period, involving names, birthdates, email addresses, telephone numbers, addresses, Social Security numbers, insurance information and significant financial information.
Cybersecurity for hospitals and health care organizations remained a key theme of 2020, as providers struggled to keep pace with both the COVID-19 pandemic and cyber threats.
The HHS numbers do not necessarily capture the full picture of ransomware’s impact on hospitals around the world and, in the last quarter of 2020, the threat only worsened, according to a report from Check Point. The trend is not isolated to the United States—two French hospitals recently fell victim to ransomware.
Since November 2020, Check Point observed a 45% increase in attacks against health care organizations around the world compared to a 22% increase against other sectors. While attacks also include botnets, DDoS and other hacks, ransomware is showing the biggest increase, according to the firm, with the Ryuk ransomware strain particularly prevalent.
The major motivation for threat actors with these attacks is financial. They are looking for large amounts of money, and fast.
“It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more,” according to Check Point. “It is also important to note that unlike common ransomware attacks—which are widely distributed via massive spam campaigns and exploit kits—the attacks against hospitals and health care organizations using the Ryuk variant are specifically tailored and targeted.”
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
According to a recent report from the Information Systems Audit and Control Association (ISACA), cyberattacks currently reign as the fastest growing form of crime. In addition to security and reputational repercussions, these attacks can often cause significant financial disruption—with global cybercrime costs estimated to reach a startling $6 trillion during 2021. The Top Cybersecurity Takeaways from 2020 are listed below.
No organizations are immune to cyberattacks. In fact, over half (53%) of respondents from ISACA’s report expect to experience a cyberattack within the coming year. With this in mind, it’s important to review top cyber trends from the last 12 months and respond accordingly to ensure your organization remains safe and secure in 2021. Here are some of the most common cyber concerns from 2020, as well as best practices for avoiding them:
Social engineering—Cybercriminals implement social engineering scams to manipulate their victims into sharing sensitive information. This manipulation usually occurs in the form of impersonating an individual or organization that the victim trusts, thus making the victim feel falsely comfortable with providing their information. While these scams can happen via text, phone call or email, the latter method (also known as phishing) is the most popular. To keep these scams from wreaking havoc on your organization, instruct staff to always verify the identity of the individual or organization they are communicating with and be wary of sharing any sensitive information over the phone or online.
Ransomware—Ransomware is a type of malicious software that cybercriminals use to compromise a device (or multiple devices) and demand a large payment be made before restoring the technology for the victim. Since ransomware often appears in the form of deceptive links or attachments, encourage employees to never click on suspicious links or download attachments from unknown senders.
Software update issues—Although conducting routine software updates may seem like an arbitrary act, it can make all the difference in protecting your organization. Failing to update your software regularly can create major cybersecurity gaps, making it easier for cybercriminals to infiltrate your systems. That being said, keep staff on a strict update schedule, and consider using a patch management system to further assist with updates.
Cybersecurity Takeaways: The Importance of Promoting Strong Passwords
Cyberattack methods continue to grow and evolve over time. One specific tactic that cybercriminals frequently utilize is hacking victims’ accounts or devices by cracking their passwords.
This tactic is often all too easy for cybercriminals when their targets fail to create strong enough passwords to ward off password-cracking technology or—in some cases—simple guesses.
Nevertheless, cybersecurity experts confirm that establishing an effective password can increase the amount of time it would take for a cybercriminal to hack into an account or device from just a few hours to several years.
Taking this into consideration, password strength should be a top priority across your organization. Encourage your employees to create proper passwords with this guidance:
Focus on length—Choose a password that’s eight to 16 characters long.
Make it unique—Use at least two special characters within your password. Don’t use family or pet names, special dates or common phrases as your password.
Switch it up—Remember to change your password every 30-45 days.
Refrain from recycling—Never reuse or repeat a password across devices or accounts.
Cybersecurity Takeaways: How to Prevent a Malware Attack
Malware is a form of malicious software that cybercriminals deploy via unsafe links, downloaded attachments or other virus-ridden programs with the intention of disrupting normal computing operations, collecting sensitive information and controlling your organization’s technology system resources. Malware programs are being produced at an alarming rate and are consistently changing in form and purpose, making detection and prevention increasingly difficult for organizations across industry lines.
According to recent research, nearly 980 million (and counting) malware programs currently exist, while 350,000 new pieces of malware are discovered each day. What’s worse, an estimated four companies are targeted by a malware attack every minute.
Consider the following guidance to help prevent malware attacks:
Secure your systems—Take steps to protect your organizational devices from potential malware exposures. This may entail:
Using a virtual private network (VPN) for all internet-based activities (e.g., browsing and sending emails)
Installing (and regularly updating) antivirus software on all devices
Implementing a firewall to block cybercriminals from accessing your organization’s VPN
Restricting employees’ access to websites that aren’t secure
Limiting which employees receive administrative controls to prevent inexperienced staff from mistakenly downloading a malicious program
Educate your employees—Next, be sure to train your employees on how to prevent and respond to a malware attack. Give your staff these tips:
Avoid opening or responding to emails from individuals or organizations you don’t know. If an email claims to be from a trusted source, be sure to verify their identity by double-checking the address.
Never click on suspicious links or pop-ups—whether they’re in an email or on a website. Similarly, avoid downloading attachments or software programs from unknown sources or locations.
Only browse safe and secure websites on organizational devices. Refrain from using workplace devices for personal browsing.
If you suspect a malware attack, contact your manager or the IT department immediately for further guidance.
Ensure adequate coverage—Lastly, it’s crucial to secure proper insurance coverage to stay protected in the event of a cyberattack. After all, even with proper cybersecurity measures in place, attacks can still occur.
California’s Leader in Insurance and Risk Management
As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.
We use cookies to optimize our website and our service.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.