Is improving your cyber incident response plan a goal for 2020? In an era of constantly evolving cyber threats and advancing technology, no organization is immune to the risk of a cyber attack. According to recent survey data, 53% of percent of businesses in the United States reported being the victim of a cyber attack in 2019.
That’s
why having a cyber incident response plan is a vital element of any organization’s
approach to business continuity. At a glance, cyber incident response plans
provide business leaders like you with proactive guidance to prevent cyber attacks,
as well as reactive steps to follow if a breach occurs. In other words, having
a cyber incident response plan can help prevent attacks from happening
altogether and limit the damages in the event of a worst-case scenario.
However,
simply having a cyber incident response plan in place won’t guarantee cyber resilience.
Rather, it’s important for your organization to routinely revisit your plan to
make necessary updates and improvements when new threats emerge.
How to Update and Improve Your Cyber Incident Response Plan
Consider the following tips to adequately update and improve your cyber incident response plan in 2020:
Maintain proper
documentation—Make sure your cyber risks are properly documented as a reference point
for improving your incident response plan. Keep in mind that when cyber risks
or threats evolve, your response plan should follow suit. Also, be sure to
document any past cyber incidents that took place. By doing so, you can better
analyze what went wrong and adjust your incident response plan to make sure the
same concern doesn’t happen again.
Prepare for different scenarios—No cyber incident is exactly the same. With this in mind, be sure your cyber incident response plan is multifaceted with tailored steps and preparations based on the type of attack. A common approach is to have varying levels of response based on the severity of the breach. For example, a phishing attack that only infected a single user and led to minimal data loss would call for a different response than a large-scale breach that resulted in significant disruption.Test your plan—In addition to preparing for different forms of cyber attack, it’s also crucial to routinely test your response plan with sample scenarios. Similar to a fire drill, try to involve every employee in the process of testing your response plan. This way, all staff members will know how they play a role, and you will be able to accurately determine the effectiveness of your plan. From there, you can make adjustments as needed and feel more confident in your plan in the event of a real cyber attack.
The LargerBreaches of the Past Decade
Cyber attacks are an increasing threat in terms of both frequency and severity. Businesses of all sizes can be targeted by cyber attacks. Here are five of the most notable data breaches from the past decade:
Target – 2013
Home Depot – 2014
Anthem – 2015
Equifax – 2017
Marriott – 2018
Cyber Security Trends to Watch in 2020
One of the challenges of implementing reliable cyber security and create a cyber incident response plan is that the finish line keeps being moved. As security measures continue to improve, so do the methods and tools of cyber criminals.
There is a range of possible threats to be aware of when it
comes to keeping your organization cyber secure. Here are five potential risks
that industry experts believe businesses should heighten their awareness of in
2020:
Ransomware—Ransomware
attacks can be among the most expensive for your company to have to deal with.
Ransomware refers to a type of malware that can breach and encrypt the victim’s
files. The victim is then forced to make a ransom payment in order to regain
access to their data. In addition, some attackers may also extort your company,
and threaten to disclose or sell your data. Companies are advised to regularly
back up all critical data and keep the backups separate from the rest of your
network.
Phishing—Phishing
emails continue to be one of the most common causes of data breaches. This
threat refers to fraudulent emails that intend to trick employees into
revealing sensitive information. In 2020, phishing kit developers are expected
to make it even easier for potential attackers to launch phishing campaigns. Be
certain that employees are trained in anti-phishing practices and that training
is regularly updated.
Personal
device attacks—According to a 2019 Kaspersky report, approximately
half of all companies reported malware infections on employee-owned devices.
With businesses continuing to increase flexibility for employees to use
personal devices for work-related tasks, attackers may start targeting personal
devices more heavily as a means of bypassing corporate cyber defenses. Adequate
and up-to-date training is necessary for your employees. Companies should
review and update their policies as they pertain to personal devices as well.
Third-party
suppliers—According to a survey by One Identity, 94% of
organizations provide third-party suppliers with access to their network. What’s
more, 18% of organizations reported that a third party was to blame for a data
breach. With digital connections between businesses increasing, the risk of a
data breach occurring because of a mistake by someone outside of your company
is also on the rise. Establish a strict security policy for all third-parties
that access your network, and closely monitor that each user is only given the
permissions they need.
DDoS
attacks—While not as notorious, DDoS attacks are about as
common as ransomware incidents. Network speed increases, such as the wider
release of 5G, also mean that DDoS attacks can be more difficult to stop. Have
your IT department or contractor inspect devices for possible misconfigurations
or vulnerabilities, and be certain that your employees are following your cyber
security policies.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
High-profile cyber attacks on companies such as Target and Equifax have raised awareness of the growing threat of cyber crime. Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cyber security Alliance suggest that many small business owners are still operating under a false sense of cyber security. This is why cyber security for small businesses is so important.
The statistics of these studies are grim; the vast majority of U.S. small businesses lack a formal internet security policy for employees, and only about half have even rudimentary cyber security measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof, and nearly 40 percent do not have their data backed up in more than one location.
Don’t Equate Small with Safe
Despite significant cybersecurity exposures, 85 percent of small
business owners believe their company is safe from hackers, viruses, malware or
a data breach. This disconnect is largely due to the widespread, albeit
mistaken, belief that small businesses are unlikely targets for cyber attacks.
In reality, data thieves are simply looking for the path of least resistance. Symantec’s
study found that 43 percent of attacks are against organizations with fewer
than 250 employees.
Outside sources like hackers aren’t the only way your company can
be attacked—often, smaller companies have a family-like atmosphere and put too
much trust in their employees. This can lead to complacency, which is exactly
what a disgruntled or recently fired employee needs to execute an attack on the
business.
Attacks Could Destroy Your Business
As large companies continue to get serious about data security,
small businesses are becoming increasingly attractive targets—and the results
are often devastating for small business owners.
According to a 2017 study by the Ponemon Institute, the average annual
cost of cyber attacks for small and medium-sized businesses was over $2.2
million. Most small businesses don’t have that kind of money lying around, and
as a result, nearly 60 percent of the small businesses victimized by a cyber attack
close permanently within six months of the attack. Many of these businesses put
off making necessary improvements to their cyber security protocols until it
was too late because they feared the costs would be prohibitive.
10 Ways to Prevent Cyber Attacks
Even if you don’t currently have the resources to bring in an
outside expert to test your computer systems and make security recommendations,
there are simple, economical steps you can take to reduce your risk of falling
victim to a costly cyber attack:
Train employees in cyber security principles.
Install, use and regularly update antivirus and
antispyware software on every computer used in your business.
Use a firewall for your internet connection.
Download and install software updates for your
operating systems and applications as they become available.
Make backup copies of important business data
and information.
Control physical access to your computers and
network components.
Secure your Wi-Fi networks. If you have a Wi-Fi
network for your workplace make sure it is secure and hidden.
Require individual user accounts for each
employee.
Limit employee access to data and information,
and limit authority to install software.
Regularly change passwords.
In addition to the listed tips, the Federal Communications Commission (FCC) provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.
Your Emerging Technology Partner
A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales and/or damages. Contact GDI Insurance Agency, Inc. today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
Gone are the days when the most sensitive information on an employee’s phone was the names and phone numbers of their contacts. Now, a smartphone or tablet can be used to gain access to anything, including emails, stored passwords and even proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a traditional computer system. In order to protect your organization, there are a number of mobile device security measures to consider.
What Is Mobile Device Security?
Mobile device security refers to the measures taken to protect sensitive data stored on portable devices. It is also the ability to prevent unauthorized users from using mobile devices to access your business network. Examples of devices that require this type of protection include smartphones, laptops, tablets, wearables, and other portable devices.
Mobile devices can be hit with malicious mobile apps, phishing scams, data leakage, spyware, and unsecure WiFi networks. On top of that, businesses have to account for the possibility of the either the employee losing the mobile device or the device being stolen.
What Mobile Device Security Measures to Consider:
Establish
a mobile device policy—Before issuing mobile phones or tablets to your
employees, establish a device usage policy. Provide clear rules about what
constitutes acceptable use as well as what actions will be taken if employees
violate the policy. It is important that employees understand the security
risks inherent to mobile device use and how they can mitigate those risks. Well-informed,
responsible users are your first line of defense against cyber attacks.
Establish
a bring your own device (BYOD) policy—If you allow employees to use their
personal devices for company business, make sure you have a formal BYOD policy
in place. Your BYOD security plan should also include the following practices:
Installing
remote wiping software on any personal device used to store or access company
data.
Educating
and training employees on how to safeguard company data when they access it
from their own devices.
Informing
employees about the exact protocol they must follow if their device is lost or
stolen.
Keep the
devices updated with the most current software and anti-virus program—Software
updates to mobile devices often include patches for various security holes, so
it’s best practice to install the updates as soon as they’re available. There
are many options to choose from when it comes to anti-virus software for mobile
devices, so it comes down to preference. Some are free to use, while others
charge a monthly or annual fee and often come with better support.
Back up
device content regularly—Just like your computer data should be backed up
regularly, so should the data on your company’s mobile devices. If a device is
lost or stolen, you’ll have peace of mind knowing your valuable data is safe.
Mobile Device Usage
The number of mobile phone users around the world is projected to exceed the five billion mark by 2019. This rapid increase, unfortunately, sees cyber criminals adapting and changing their methods to profit from this growing number of potential victims.
Because of their convenience, smartphones and tablet devices
have become a universal presence in the modern business world. As usage soars,
it becomes increasingly important to take steps to protect your company from
mobile threats, both new and old.
For more cyber security strategies you can use to protect your businesses, contact GDI Insurance Agency, Inc. today at 209-634-2929.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
Can Digital Assistants Record Sensitive Information?
Many hardware and software developers have started to integrate digital assistants into their products, such as Amazon’s Alexa, Google’s Assistant and Apple’s Siri. These assistants offer a number of services and benefits, and can even be activated remotely using voice commands. However, because these platforms rely on connecting to a remote server, they run the risk of sending your recorded conversations or even personal information to others without your knowledge.
What Is A Digital Assistant?
Sometimes referred to as a virtual digital assistance, a digital assistant is a computer program designed to assist a user by answering questions and performing basic tasks.
How Digital Assistants Work
Every
digital assistant uses the same underlying technology to answer questions and
fulfill requests. Here’s an overview of how assistants record audio, send data
to remote servers and analyze requests in order to respond:
Devices that activate with voice commands use a
series of microphones to constantly take short recordings and listen for a word
or short phrase that indicates someone’s making a request. If the device
doesn’t detect the phrase, these short recordings are deleted without being
sent to a remote server.
Some digital assistants also start recording a
request after a button press or other prompt on the device.
Once the device detects that a request is finished, a
recording is sent to one of the manufacturer’s servers. Advanced software
programs then analyze it and send a response the device.
Most manufacturers claim that all recordings and
other personal data is encrypted and inaccessible to outsiders. However, many
manufacturers also have internal teams analyze recordings in order to upgrade
their digital assistants.
Protecting Your Information
No
technology is perfect, and it’s possible for smart devices to take unintended
recordings for a number of reasons, such as a misinterpreted phrase, background
noise, a damaged microphone or tampering. And, because the process of sending
recordings to servers happens in seconds, you may not have a chance to prevent
your information from being sent elsewhere.
Here are some tips you can use to control when your devices take recordings and protect your data:
Check your devices to see if there’s an option to configure the digital assistant’s settings. Depending on your device, you may be able to disable continuous recordings, require a physical button press or turn the digital assistant off altogether.
Read through and delete your conversation history. Some manufacturers let users view transcripts of recordings using a digital assistant’s mobile app. This option lets you see if any sensitive information was recorded and erase anything you don’t want outsiders to see.
Check the manufacturer’s policy to see if you can opt out of
the process that allows their employees to analyze recordings remotely in order
to improve digital assistants.
Go into the settings on your smartphone and other mobile
devices to see what apps can access your microphone. It’s possible for some
services to access microphones without consent, and they may have made
recordings without your knowledge.
Regularly change the passwords of any accounts associated
with digital assistants to protect both your settings and transcripts of
recordings.
Think about the best area to place smart speakers and other
devices with digital assistants. For example, you may not want to place these
devices in an area where you frequently speak about work-related activities or
other sensitive information.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive business insurance quote!
Is Your Strong Password Enough To Keep You Safe Online?
It may seem like a constant battle to create and remember passwords for your computer, bank accounts, social media and any programs you use. Not only is it important to use strong passwords, but also to not use the same password for multiple accounts. Say what? It seems like a daunting task, but it is also a necessity due to a constant threat of cybercrime.
If and when you get hacked, it’s easy to think cyber criminals used some high-tech program or code to gain access to your accounts. The truth is, however, that data breaches aren’t always this sophisticated, and all malicious parties need is a little trial and error to steal your personally identifiable information. This tactic is known as credential stuffing, and it’s becoming a common tool for cyber criminals of all kinds.
Simply put, credential stuffing attacks are when a malicious party takes a stolen username and password and tries it on a variety of different websites. For example, a hacker may have purchased your Google username and password from the dark web. Assuming that you use the same password for multiple accounts, the hacker would test these credentials on other platforms (e.g., banking or social media websites) using botnets (groups of computers tasked with various commands). Essentially, by using information from one account, criminals can potentially access data from a variety of platforms, draining bank accounts or gathering information they can sell to other malicious parties.
Credential stuffing can affect everyone, from individual users to the biggest companies. In fact, a Yahoo breach that impacted approximately 500 million users was largely carried out using credential stuffing.
What Can You Do To Create Truly Strong Passwords?
Because credential stuffing relies on victims having the same password for multiple accounts, there are some simple ways to protect yourself:
Avoid using the same password for multiple accounts—Credential stuffing works because many users use the same password for multiple accounts. To avoid becoming a victim, it’s important to change your passwords often and never use the same password.
Use two-factor authentication—While complex passwords can deter cyber criminals, they can still be cracked. To prevent cyber criminals from gaining access to your accounts, two-factor authentication is key. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate or personal applications, networks and servers. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand.
Create strong password policies—For employers, ongoing password management can help prevent attackers from compromising your organization’s password-protected information. You’ll want to create a password policy that requires employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters. Long passphrases are becoming increasingly popular as well, and may be a good option for your organization.
Provide security training—Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond. Your employees should also know your cyber security policies and know how to report suspicious activity.
Password Generators: Password generators can help create a very strong password. Sites like Norton Password Generator. These strong passwords may not be easy to remember, but by keeping a separate document or password manager can help you track your user name and passwords.
Make Your Password Unique: Do not use common words, be sure to use numbers, letters and symbols.
Stored Passwords: Keep written passwords hidden or a password spreadsheet secure with a separate password. Don’t forget to update your password list up to date.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
The Real Life Benefits of Cyber Liability Insurance
As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses. The real life benefits of cyber liability insurance can protect your California business from costly cyber attacks.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their business general liability insurance policies.
Outsourcing Gone Wrong
The company: A national construction company that
outsources some of its cyber security protections
The challenge: A construction firm partnered with a
third-party cloud service provider in order to store customer information.
While this service helped the company save on server costs, the third-party
firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage. What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Pardon the Interruption
The company: An online retail store that relies heavily on
e-commerce
The challenge: A small-sized, online retailer partnered with a data center to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfill orders on-site.
Unfortunately, the data center was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many
weapons cyber criminals use to infiltrate and disrupt businesses. These attacks
can impact any organization that owns a website, regardless of where it’s
hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Download Our Cyber Security Planning Guide
There are many things you can do to protect your business from cyber attacks. You can download our Cyber Security Planning Guide to start protecting your business today!
Benefits of Cyber Liability Insurance
Data breach coverage—In the event of a breach, organizations
are required by law to notify affected parties. This can add to overall data
breach costs, particularly as they relate to security fixes, identity theft
protection for those impacted by the breach and protection from possible legal
action. Cyber liability policies include coverage for these exposures, thus safeguarding
your data from cyber criminals.
Business interruption loss reimbursement—A cyber attack can lead to an IT failure
that disrupts business operations, costing your organization both time and
money. Cyber liability policies may cover your loss of income during these
interruptions. What’s more, increased costs to your business operations in the
aftermath of a cyber attack may also be covered.
Cyber extortion defence—Ransomware and similar malicious software
are designed to steal and withhold key data from organizations until a steep
fee is paid. As these types of attacks increase in frequency and severity, it’s
critical that organizations seek cyber liability insurance, which can help
recoup losses related to cyber extortion.
Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
Learn More About The Benefits of Cyber Liability Insurance
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact GDI Insurance Agency, Inc. today.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
We use cookies to optimize our website and our service.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
