CNA Financial’s “Sophisticated Cyber-Attack”

CNA Financial’s “Sophisticated Cyber-Attack”

CNA Financial’s “Sophisticated Cyber-Attack

Commercial insurance carrier CNA was hit by a “sophisticated cyber-attack” that caused major havoc for certain systems, including email. Out of an abundance of caution, they contained the attack by proactively disconnecting their systems leveraging a methodical and carefully organized process. CNA is one of the biggest insurance companies in the U.S., with over 6,000 employees.

GDI Insurance Agency had a $250k+ premium account that most likely would have gone to them, but due to the system outage/failure they couldn’t get final pricing to us and lost the opportunity.  Having happened leading into 4/1 (the start of a new quarter was the WORST timing for an insurance company).  It’s murphy’s law, what can go wrong will (and when it does it’ll be at the worst possible time). If this happened with our agency, think of the losses they experience with other agencies as well.

CNA Insurance has been working around the clock for a week on the incident, and have just restored their enterprise email system, which is now safe. Adding additional security measures in place to protect their systems.

“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly,” the company said.

a sophisticated cyber-attack

How CNA Dealt With A Sophisticated Cyber-Attack

“Out of an abundance of caution, we contained the attack we sustained by proactively disconnecting our systems from our network. We are now in the restoration stage and are bringing back our systems leveraging a methodical and carefully organized process. As highlighted here and as an example of this ongoing process, we have restored email access and you can communicate with CNA employees safely and in the normal course of business.”

Download Your Cyber Risk Exposure Scorecard Today!

sophisticated cyber-attack

10 Cyber Security Resolutions to Reduce Your Data Exposures

Sophisticated cyber-attack, threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cybersecurity resolutions to help protect themselves from costly breaches. The following are resolutions your company can implement to ensure you don’t become the victim of a sophisticated cyber-attack:

  1. Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond.

    Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cybersecurity policies and know how to report suspicious activity.
  2. Install strong antivirus software and keep it updated—Outside of training your employees on the dangers of poor cybersecurity practices, strong antivirus software is one of the best ways to protect your data.
    Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, antivirus programs should be kept up to date.
  3. Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites.

    For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
  4. Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords.

    Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
  5. Use multi-factor authentication—While complex passwords can help deter cybercriminals, they can still be cracked. To further prevent cybercriminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials.

    Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
  6. Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system.

    Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
  7. Patch systems regularly and keep them updated—A common way cybercriminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
  8. Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
  9. Understand phishing threats and how to respond—In broad terms, phishing is a method cybercriminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information.

    These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.

    Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe.

    As such, it’s critical to train employees on common phishing scams and other cybersecurity concerns. Provide real-world examples during training to help them better understand what to look for.
  10. Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack.

    That’s where cyber incident response plans can help. While cybersecurity programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.

For additional cyber risk management guidance and insurance solutions, contact us today.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!

Preventing Ransomware Exposures from Remote Desk Protocol

Preventing Ransomware Exposures from Remote Desk Protocol

Preventing Ransomware Exposures from Remote Desk Protocol

Remote desk protocol (RDP)—which is a network communications protocol developed by Microsoft—consists of a digital interface that allows users to connect remotely to other servers or devices. Through RDP ports, users can easily access and operate these servers or devices from any location. RDP has become an increasingly useful business tool—permitting employees to retrieve files and applications stored on their organization’s network while working from home, as well as giving IT departments the ability to identify and fix employees’ technical problems remotely. This guidance for preventing ransomware exposures is especially important with remote workers.

Unfortunately, RDP ports are also frequently being leveraged as a vector for launching ransomware attacks, which entail a cybercriminal deploying malicious software to compromise a device (or multiple devices) and demand a large payment be made before restoring the technology for the victim. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyberattacks occur each day, with RDP reigning as the top attack vector for ransomware incidents.

Don’t let RDP contribute to a costly ransomware incident for your organization. Review the following guidance to learn more about how ransomware attacks can occur via RDP and best practices for minimizing the likelihood of such an incident.

Preventing ransomware exposures

Preventing Ransomware Exposures via RDP

RDP-based ransomware attacks usually stem from organizations leaving their RDP ports exposed to the internet. Although doing so can seem more convenient for employers in the scope of remote work operations, internet-exposed RDP ports are easy for cybercriminals to identify and offer a clear access point for deploying harmful attacks.

The typical process of an RDP-based ransomware attack is as follows:

  1. Scanning—First, a cybercriminal utilizes a port-scanning tool to search the internet for any exposed RDP ports. These scanning tools are often free and relatively simple to operate for attackers of varying skill levels.
  2. Gaining access—After identifying an exposed RDP port, the cybercriminal then gains access to the targeted server or device by using stolen credentials. Attackers can secure these credentials by either purchasing them on the dark web or implementing a brute-force tool that can rapidly input a series of usernames and passwords until the correct combination is found.
  3. Disabling security features—Once the cybercriminal has accessed the targeted server or device, they attempt to make it as defenseless against an attack as possible by disabling any existing security features (e.g., antivirus software, data encryption tools and system backup capabilities).
  4. Executing the attack—From there, the cybercriminal is able to steal sensitive data and deploy a ransomware attack on a vulnerable server or device. Some attackers even install backdoors during this step to allow for easy access during future attacks.  

Like other ransomware incidents, RDP-based attacks can result in devastating ramifications for the impacted organization—including business interruption issues, reputational damages and large-scale financial loss.

Download our Case Study Today!

Preventing ransomware exposures

Strengthening RDP Against Ransomware

Although RDP-based ransomware attacks have become increasingly common, there are several ways for you to bolster your organization’s RDP security and lessen the risk of such an incident impacting your operations. Consider the following best practices:

  • Close your RDP connection. First and foremost, ensure that your RDP connection is not open to the internet.
  • Establish a virtual private network (VPN). To keep your RDP port from being exposed to the internet, be sure to establish a VPN. This will allow remote employees to securely access your organization’s RDP port, while also making the port far more difficult for cybercriminals to locate online.
  • Elevate authentication protocols. Because cybercriminals require login credentials to properly execute an RDP-based ransomware attack, make sure you have effective user authentication protocols in place. Specifically, encourage employees to develop unique passwords for all of their devices and accounts. These passwords should be an appropriate length, refrain from using common words or phrases, and contain several special characters. In addition to strong passwords, consider requiring multifactor authentication for RDP port access as an extra layer of protection.
  • Implement login attempt limits. To stop cybercriminals from being able to deploy brute-force tools to secure login credentials during an attack, update RDP port protection features to detect when multiple failed login attempts have occurred in a short period of time. Establish a limit on how many incorrect logins can occur before the user is blocked from further attempts—therefore halting an attack.
  • Utilize adequate security software. Ensure all workplace technology is equipped with top-rated security software—including antivirus programs, a firewall, data encryption features and a gateway server—to deter attempted attacks. Update this software on a regular basis.
  • Restrict employee access. Be sure to uphold the principle of least privilege by only providing employees with RDP access if they absolutely need it to conduct their work tasks. These employees should be trusted and trained in appropriate RDP usage. After all, granting extra employees unnecessary RDP permissions simply creates additional security gaps.
  • Have a plan. Lastly, make sure your organization has an effective cyber incident response plan in place that addresses RDP-based ransomware attack scenarios. This plan should promote the backup storage of any critical data in multiple secure locations (both on-site and off-site) to minimize potential losses. Practice this plan regularly with staff and make updates as needed.

For additional risk management guidance and insurance solutions, contact us today.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!

Cyber Hack Update: MS Email

Cyber Hack Update: MS Email

Cyber Hack Update: MS Email

Tens of thousands of organizations around the world using Microsoft’s Exchange Server have been compromised by a cyber hack campaign suspected to have ties to China. This campaign exploited software vulnerabilities to seize control of systems and steal data, according to researchers.

Security researchers at Volexity first detected the cyber hack in January, according to Microsoft. Volexity has provided a full overview of the technical details on its website. FireEye’s Mandiant also reported evidence that the campaign hit U.S. retailers, local governments, a university and an engineering firm. Cybersecurity blogger Brian Krebs reported at least 30,000 U.S. organizations could be affected, among them being small businesses and municipalities.

Cyber Hack

Cyber Hack Microsoft Update

In a blog post, Microsoft researchers detailed the recent exploits of a highly skilled and sophisticated threat actor they call Hafnium. The threat actors were able to infiltrate Microsoft’s Exchange Server software using stolen credentials or zero-day vulnerabilities. They could then create web shells with administrative access, allowing the bad actors to steal data or control systems remotely.

According to Microsoft, the group typically targets U.S. entities, especially infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and other nongovernmental organizations.

Microsoft issued emergency security updates to protect Exchange Server customers. It should be noted that the hack is not related to the recent SolarWinds supply chain attack. Multiple security researchers reported that, after Microsoft issued its patch, hackers seemed to have kicked the hacking campaign into overdrive to access as many unpatched systems as possible.

We’ve Experienced a Cyber Breach Ourselves! Download Our Case Study Today!

Cyber Hack

Government Cyber Hack Task Force

The Biden administration will reportedly convene a task force to investigate the hack, and the federal Cybersecurity and Infrastructure Security (CISA) issued an alert to help organizations determine whether they may have been compromised.

On Twitter, former CISA head Christopher Krebs called the event a huge hack, adding that the affected parties dwarf the already-high reported numbers. Any organization using Outlook Web Access should be checking whether it has been compromised, according to Krebs.

“[The compromise] is going to disproportionately impact those that can least afford it,” Krebs said in a Tweet. “Incident response teams are burned out, and this is at a really bad time. Few organizations should be running exchange servers these days.”

Hacking the email systems of hundreds of thousands of organizations could not only lead to intellectual property theft but could also give rise to data breaches, business email compromise attacks, funds transfer fraud and other risks that would trigger insurance policies that cover cyber events. Having built backdoors into countless systems, the malicious actors can also come and go freely unless detected and locked out quickly, making patching and quick remediation essential.

The event comes at a time when federal lawmakers have been advised to quickly streamline the process of sharing threat information between the government, security firms and the private sector. A recent Senate hearing revealed some willingness on the part of lawmakers to move toward mandatory breach reporting with possibly liability protections for breached parties.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!

Health Care Data Breaches Jumped 55% in 2020

Health Care Data Breaches Jumped 55% in 2020

Health Care Data Breaches Jumped 55% in 2020

Health care data breaches and cyber events cost an estimated $13 billion and increased by 55% in 2020, according to a new report that found it takes an average of 236 days for health care firms to recover from breaches.

Cloud security firm Bitglass analyzed data from the U.S. Department of Health and Human Services to find that hacking and IT incidents were the top sources of compromise and lost records last year, causing over 67% of all breaches. The number of data breaches jumped to 599 from 386 in 2019, and the average cost per breached record rose to $499—up from $429.

According to the report, hacking and IT incidents have increased significantly since 2018, causing 91.2% of all breached health care records. During the same period, loss/theft and unauthorized disclosure have remained steady as less-frequent occurrences.

Health Care Cyber Security

“In 2014, lost and stolen devices were the leading causes of security breaches in health care, while hacking and IT incidents were the least common causes,” according to Bitglass. “Today, things have essentially inverted. Each year since 2015, hacking and IT incidents have been exposing more records than any other breach type. These results demonstrate the heightened impact of cybersecurity breaches, the shifting strategies of malicious actors and how health care organizations are grappling with cybersecurity.”

California led the nation in breaches at 49 health care cyber breaches, followed by Texas at 43, New York at 39, and Pennsylvania and Florida at 38. Many of the health care cyber breaches occurring in 2020 were a byproduct of the Blackbaud ransomware attack.

The Department of Health and Human Services (HHS) Office for Civil Rights maintains a tally of reported health care breaches, with 47 new events occurring since Jan. 1. The 32 events reported in January 2021 were well below the 62 reported in December 2020, according to an analysis conducted by the HIPAA Journal. One of those January breaches occurred at the Florida Healthy Kids Corporation due to unpatched software vulnerabilities at a third-party IT vendor. The breach is estimated to have occurred over a seven-year period, involving names, birthdates, email addresses, telephone numbers, addresses, Social Security numbers, insurance information and significant financial information.

Medical Office Insurance

Cybersecurity for hospitals and health care organizations remained a key theme of 2020, as providers struggled to keep pace with both the COVID-19 pandemic and cyber threats.

The HHS numbers do not necessarily capture the full picture of ransomware’s impact on hospitals around the world and, in the last quarter of 2020, the threat only worsened, according to a report from Check Point. The trend is not isolated to the United States—two French hospitals recently fell victim to ransomware.

Since November 2020, Check Point observed a 45% increase in attacks against health care organizations around the world compared to a 22% increase against other sectors. While attacks also include botnets, DDoS and other hacks, ransomware is showing the biggest increase, according to the firm, with the Ryuk ransomware strain particularly prevalent.

The major motivation for threat actors with these attacks is financial. They are looking for large amounts of money, and fast.

“It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more,” according to Check Point. “It is also important to note that unlike common ransomware attacks—which are widely distributed via massive spam campaigns and exploit kits—the attacks against hospitals and health care organizations using the Ryuk variant are specifically tailored and targeted.”

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive healthcare office insurance quote!

Top Cybersecurity Takeaways From 2020

Top Cybersecurity Takeaways From 2020

Top Cybersecurity Takeaways From 2020

According to a recent report from the Information Systems Audit and Control Association (ISACA), cyberattacks currently reign as the fastest growing form of crime. In addition to security and reputational repercussions, these attacks can often cause significant financial disruption—with global cybercrime costs estimated to reach a startling $6 trillion during 2021. The Top Cybersecurity Takeaways from 2020 are listed below.

cybersecurity takeaways

No organizations are immune to cyberattacks. In fact, over half (53%) of respondents from ISACA’s report expect to experience a cyberattack within the coming year. With this in mind, it’s important to review top cyber trends from the last 12 months and respond accordingly to ensure your organization remains safe and secure in 2021. Here are some of the most common cyber concerns from 2020, as well as best practices for avoiding them:

  • Social engineering—Cybercriminals implement social engineering scams to manipulate their victims into sharing sensitive information. This manipulation usually occurs in the form of impersonating an individual or organization that the victim trusts, thus making the victim feel falsely comfortable with providing their information. While these scams can happen via text, phone call or email, the latter method (also known as phishing) is the most popular. To keep these scams from wreaking havoc on your organization, instruct staff to always verify the identity of the individual or organization they are communicating with and be wary of sharing any sensitive information over the phone or online.
  • Ransomware—Ransomware is a type of malicious software that cybercriminals use to compromise a device (or multiple devices) and demand a large payment be made before restoring the technology for the victim. Since ransomware often appears in the form of deceptive links or attachments, encourage employees to never click on suspicious links or download attachments from unknown senders.
  • Software update issues—Although conducting routine software updates may seem like an arbitrary act, it can make all the difference in protecting your organization. Failing to update your software regularly can create major cybersecurity gaps, making it easier for cybercriminals to infiltrate your systems. That being said, keep staff on a strict update schedule, and consider using a patch management system to further assist with updates.

Cybersecurity Takeaways: The Importance of Promoting Strong Passwords

Cyberattack methods continue to grow and evolve over time. One specific tactic that cybercriminals frequently utilize is hacking victims’ accounts or devices by cracking their passwords.

This tactic is often all too easy for cybercriminals when their targets fail to create strong enough passwords to ward off password-cracking technology or—in some cases—simple guesses.

Nevertheless, cybersecurity experts confirm that establishing an effective password can increase the amount of time it would take for a cybercriminal to hack into an account or device from just a few hours to several years.

Taking this into consideration, password strength should be a top priority across your organization. Encourage your employees to create proper passwords with this guidance:

  • Focus on length—Choose a password that’s eight to 16 characters long.
  • Make it unique—Use at least two special characters within your password. Don’t use family or pet names, special dates or common phrases as your password.
  • Switch it up—Remember to change your password every 30-45 days.
  • Refrain from recycling—Never reuse or repeat a password across devices or accounts.
cybersecurity takeaways

Cybersecurity Takeaways: How to Prevent a Malware Attack

Malware is a form of malicious software that cybercriminals deploy via unsafe links, downloaded attachments or other virus-ridden programs with the intention of disrupting normal computing operations, collecting sensitive information and controlling your organization’s technology system resources. Malware programs are being produced at an alarming rate and are consistently changing in form and purpose, making detection and prevention increasingly difficult for organizations across industry lines.

According to recent research, nearly 980 million (and counting) malware programs currently exist, while 350,000 new pieces of malware are discovered each day. What’s worse, an estimated four companies are targeted by a malware attack every minute.

Consider the following guidance to help prevent malware attacks:

  • Secure your systems—Take steps to protect your organizational devices from potential malware exposures. This may entail:
  • Using a virtual private network (VPN) for all internet-based activities (e.g., browsing and sending emails)
  • Installing (and regularly updating) antivirus software on all devices
  • Implementing a firewall to block cybercriminals from accessing your organization’s VPN
  • Restricting employees’ access to websites that aren’t secure
  • Limiting which employees receive administrative controls to prevent inexperienced staff from mistakenly downloading a malicious program
  • Educate your employees—Next, be sure to train your employees on how to prevent and respond to a malware attack. Give your staff these tips:
  • Avoid opening or responding to emails from individuals or organizations you don’t know. If an email claims to be from a trusted source, be sure to verify their identity by double-checking the address.
  • Never click on suspicious links or pop-ups—whether they’re in an email or on a website. Similarly, avoid downloading attachments or software programs from unknown sources or locations.
  • Only browse safe and secure websites on organizational devices. Refrain from using workplace devices for personal browsing.
  • If you suspect a malware attack, contact your manager or the IT department immediately for further guidance.
  • Ensure adequate coverage—Lastly, it’s crucial to secure proper insurance coverage to stay protected in the event of a cyberattack. After all, even with proper cybersecurity measures in place, attacks can still occur.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!

Privacy and Cyber Security

Privacy and Cyber Security

Privacy and Cyber Security

With the enormous amount of sensitive information stored digitally, companies need to take the proper measures to ensure this data is never compromised. Ultimately, it is the responsibility of business owners to protect their clients’ data with privacy and cyber security.

Failing to do so can result in a data breach, which costs companies billions of dollars every year. Understanding the risks involved with data security can help you prevent a privacy breach.

Know the Privacy and Cyber Security Risks

The first step in protecting your business is to recognize basic types of risk:

  • Hackers, attackers and intruders—These terms are applied to people who seek to exploit weaknesses in software and computer systems for their personal gain. Although their intentions are sometimes benign, their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to malicious activity (stealing or altering a client’s information).
  • Malicious code—This is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.
    • Viruses: This type of code requires that you actually do something before it infects your system, such as open an email attachment or go to a particular Web page.
    • Worms: This code propagates systems without user interventions. They typically start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers.
    • Trojan horses: Trojans hide in otherwise harmless programs on a computer, and much like the Greek story, release themselves when you’re not expecting it and cause a lot of damage. For example, a program that claims to speed up your computer system but actually sends confidential information to a remote intruder is a popular type of Trojan.

IT Risk Management Practices

To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions utilize industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems.

Consider the following when implementing risk management strategies at your organization:

  • Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, the data stored and processed and importance to the organization.
  • Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems, the facilities where systems are stored or other conditions that may affect the impact of risk to the organization.

Due Diligence When Selecting an ISP

In addition, your organization should take precautionary measures when selecting an internet service provider (ISP) for use for company business.

An ISP provides its customers with Internet access and other Web services. In addition, the company usually maintains Web servers, and most ISPs offer Web hosting capabilities. With this luxury, many companies perform backups of emails and files, and may implement firewalls to block some incoming traffic.

To select an ISP that will reduce your cyber risks, consider the following:

  • Security – Is the ISP concerned with security? Does it use encryption and SSL to protect any information that you submit?
  • Privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information, and how it is handled and used?
  • Services – Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
  • Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
  • Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that their services will be unavailable, does it adequately communicate that information to its customers?
  • User supports – Are there any published methods for contacting customer service, and do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
  • Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
  • Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?

Government Regulation

There aren’t many federal regulations regarding cyber security, but the few that exist cover specific industries. The 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley (GLB) Act and the 2002 Homeland Security Act, which includes the Federal Information Security Management Act (FISMA) mandate that health care organizations, financial institutions and federal agencies, respectively, protect their computer systems and information. Language is often vague in these laws, which is why individual states have attempted to create more specific laws on cyber security.

California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach. Currently, all 50 states and the District of Columbia have data breach notification laws in place.

Protection is our Business

Your clients expect you to take proper care of their sensitive information. You can never see a data breach coming, but you can always plan for a potential breach. Contact GDI Insurance Agency, Inc. today—we have the tools necessary to ensure you have the proper coverage to protect your company against a data breach.

California’s Leader in Insurance and Risk Management

As one of the fastest-growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. The GDI team has developed an “insurance cost reduction” quoting plan, that provides you with the best coverage at the best rate!

We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business.

Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!