Recent research has revealed a rise in cyber crime and that hackers across the world are taking advantage of remote workers, mainly by using phishing scams.
Understanding Cyber Insurance
The scams, which typically appear as fraudulent e-mails purporting to be from trusted organisations such as Public Health England or the World Health Organisation, trick victims into clicking on malicious links – thus allowing hackers to infiltrate their devices and potentially access sensitive data. These attacks are increasing and are likely to continue to escalate for the foreseeable future.
Data is one of the most powerful commodities on earth and now more than ever, it is vital for your organisation to ensure adequate IT security resources, best practices are utilised, and employee vigilance and awareness is maintained.
A stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, donors, or staff.
Prepare your technology
At a glance these are some key elements:
- Utilise a virtual private network (VPN) for remote networking
- Deploy restricted access controls
- Enforce encryption capabilities
- Implement firewall protection – an effective firewall will help detect suspicious mail and prevent it reaching users in boxes or quarantine the mail
- Install antivirus and malware protection
- Locating servers and file storage off site can provide a safer, physically less accessible environment
Prepare your employees
- Induct new employees – ensure you have an IT Security Policy in place and that new starters are aware of and understand the content
- Set standards – ensure that employees do not write down or share passwords, ensure that passwords are of suitable strength and are changed regularly
- Educate employees – on how to conduct common practices such as video teleconferencing and in particular document sharing. Less experienced colleagues may require more supervision and refresher education
- Look after technology – ensure in a secure protected location and log off devices at end of working session. Avoid the use of USB drives
- Conduct regular software updates to ensure your equipment receives the latest updates – can employees update software updates themselves?
- Detecting the signs of phishing:
- e-mail requests a recipient to share sensitive or personal information
- e-mail claims to be from trusted contact but not from correct e-mail address
- e-mail contains glaring errors, wrong logo, typo’s, false information
- has links that direct you to the wrong website or asks you to log in
- claims to be urgent, demanding or threatening
Have you got an incident response plan?
Make sure all employees know how to report any concerns. Test your plan regularly for effectiveness and make updates, as necessary – and then ensure the updates are circulated. If an employee needs to report a serious incident, such as a cyber-attack, they should also know how to contact Action Fraud. Action Fraud is run by the UK police via the National Fraud and Cyber Crime Reporting centre – you can contact them on 0300 123 2040.
Purchase robust insurance cover – Cyber or Crime cover
A traditional commercial insurance policy is unlikely to protect against most cyber exposures. Traditional insurance policies have usually been written to insure against injury or physical loss and can offer little protection from electronic damages.
Possible exposure covered by a cyber policy include:
- Data breaches – responsibility on companies to protect client’s personal information
- Business and network interruption – incidents can impact operations and resources will have to be used resulting in further losses
- Intellectual property rights – can include libel, copy-right or trademark infringement
- Damages to a third-party system – a virus that could crash a system, resulting in loss to another organisation
- Cyber extortion – hackers can hijack websites, networks or stored data and demand money to restore systems. Leading to loss of revenue and rebuilding once the damage is done
- Pharming – redirection from a website to a fake site to collect credit card numbers
Depending on your organisation, the people you serve, or partner organisations may even require you to possess crime insurance cover.
Crime insurance is typically sold as a comprehensive policy, but doesn’t always include losses from computer and funds transfer fraud and other types of cyber-crime.
Comprehensive crime insurance protects against the loss of money and securities by way of external and internal theft, fraud, forgery, dishonesty, disappearance, or destruction while the property is in a premises or in the care of a messenger.
Computer and funds transfer fraud cover protects against the loss of money, securities, and other property via computer fraud.
Many costs that maybe related to a crime are not covered by crime policies such as data breaches, trade secrets such as customer lists, loss of income from business interruption or stolen property.
It is not uncommon to have a “it will never happen to us” philosophy. If you do become a victim – act quickly, alert customers, do an investigation and implement recommendations.
The level of insurance cover you need will vary depending on your range of exposure, appetite for risk and ability to absorb losses. It is extremely important to work with an insurance broker that can help identify your areas of risk so a policy can be matched to your needs and requirements.