Data Protection

Cybersecurity Awareness Month is a great time for businesses to review common cyberthreats, cyber liability insurance coverages and risk management training materials. As technology evolves and new trends in data security emerge, many industries are re-evaluating the way they treat sensitive personal information. As a decisionmaker, how do you determine the best policies, software and educational resources in which to invest?

First and foremost, companies should assess perceived risks based on existing cybersecurity procedures. Secondly, policyholders can take additional steps to secure company information and lower the cost of cyber liability insurance. Lastly, business leaders should ensure their team members are able to recognize common tactics used by cybercriminals and know how to respond to them. Here are some of the top cyberthreats businesses face today:

  1. Ransomware
  2. Security Software Issues
  3. Credential Compromise
  4. Social Engineering

There are additional risk factors companies should consider with advancements in technology and today’s cybersecurity trends. With more and more employees working outside of the office, it’s become increasingly difficult to prevent data breaches. In addition, new developments have made it easier for scammers to impersonate business executives. These tactics make identifying scams more difficult for clients, vendors and employees. There are certain steps businesses can take to protect sensitive information and avoid costly claims against the company.

How Does Business Travel and Remote Work Affect Cybersecurity Risks?

Cyberthreats pose an even higher risk to businesses with employees who work remotely or travel on a regular basis. Accessing company data from unsecured networks and using public Wi-Fi make these individuals prime targets for cybercriminals.

Business travelers often receive company devices to access corporate databases or networks attackers could infiltrate through stolen or compromised technology. Using multiple Wi-Fi networks can make that information more accessible to dangerous parties. Companies should arm these individuals with tools and resources to help them understand the role they play in cybersecurity and data protection.

How to Prevent Ransomware Attacks

Ransomware attacks target online systems using a form of malware to render them unusable. Typically, compromised databases or files will contain sensitive information or tools a company needs to conduct business. Cybercriminals will demand ransom in exchange for access, leaving operations at a standstill until the ransom is paid. Ransomware attacks are difficult to trace because hackers will only accept a specific form of digital currency, which can put companies in a bind for the duration of the attack.

Small and medium-sized businesses are especially vulnerable to ransomware attacks for a few reasons. Cyber extortion can lead to costly expenses, especially when ransomware isn’t covered in the company’s insurance policies. Advanced cybersecurity software may seem like a luxury for some businesses, but lacking proper security can make databases an easier target. Losing sensitive information can lead to further claims against the company which may not be covered under the general liability policy.

In addition, paying the ransom can be detrimental to a company, especially if the attack leads to prolonged business interruption. Employee education efforts and updated safety protocols can help you avoid such attacks.
BCH Tip: Here are a few ransomware tips you can use to avoid an attack.

Avoiding Software Security Issues and Credential Compromises

One of the leading causes of data breaches is failure to update cybersecurity software and maintain a strict password protocol. Security software protects your online information from theft and damage. Without effective or up-to-date software, your business becomes an easy target for hackers and cybercriminals. Of course, lack of data security leaves your client and employee information vulnerable to attacks. Stolen or compromised sensitive personal information can lead to negligence claims against the company and result in even costlier expenses without the right liability coverage.
BCH Tip: Download our Password Protection Guide for tips on company credential security.

What Are Social Engineering Attacks?

Social engineering is a method attackers will use to manipulate their victims into performing an action or providing confidential information. Because social engineering tactics are difficult to identify, they are one of the most common cyberthreats businesses face today. Forbes predicts phishing and business email compromise (BEC) will continue to be the most commonly used tools for cyberattacks in 2022. BEC scams are a specialized type of phishing attack where cybercriminals use social engineering as a tool to impersonate senior executives within the organization. By using an email address or phone number that looks similar to an internal contact, scammers trick employees or vendors into sharing account details or transferring money to another bank.

Research shows that more than 70% of social engineering and phishing victims don’t identify scams until they are discovered by an external third party. In these instances, an outside entity identifies a scam that bypassed security tools. Attackers will use social engineering techniques such as BEC instead of malware or malicious URLs, which are typically caught by cybersecurity software. This places responsibility on the employee to be proactive in recognizing the message as a cyberthreat.

Without the proper security awareness or training, employees might overlook a slight difference in the contact number or address. When an employee is susceptible to criminal tactics, it makes the entire company more vulnerable to attacks. By implementing cybersecurity training and awareness programs, businesses can prepare employees and reduce the likelihood of compromising sensitive information.
BCH Tip: Download our Tips to Avoid Phishing Scams sheet for insights into avoiding email attacks.  

How to Protect Your Company from Cyberattacks

There are several steps companies can take to prevent cyberattacks. Here are the top five ways you can safeguard sensitive information and prepare your business against cyberthreats:

  1. Team Training — Every business should have a training program in place that educates employees at all levels of the company. Ensuring team members are aware of potential threats and how to prevent them will lessen the likelihood an attack will occur. Training should include the best way to handle attacks to reduce the risk of prolonged business interruptions.
  2. Cyber Risk Assessments — Businesses can conduct risk assessments, test employee knowledge and run regular security checks to prepare teams for cyberattacks. Some programs issue fake phishing scams to team members and send a report to leadership reviewing the individuals who passed or failed the test.
  3. Data Protection Policies — A good risk management plan includes data protection policies that teach employees how to send sensitive information, use secure networks and safeguard password credentials. If team members follow the outlined procedures, the company lowers the risk of a data breach or attack.
  4. Cybersecurity Software — Investing in the right software can save companies costly litigation fees and help them avoid business interruptions. When important information is compromised, you spend time and money to secure it again. It’s also important to update your security software to prevent cybercriminals from breaking through weaker defenses.
  5. Cyber Liability Insurance — Cyber insurance might be covered by commercial general liability (CGL) insurance, but it’s a good idea to review your policy before you renew. With advancements in technology and international cyberthreats, you’ll want to consider new and existing risk factors at least once a year. Insurance underwriters look at the company’s industry, sensitive and personal information on file, data security management systems, breach history, data backup procedures, company policies and overall compliance.

Cybersecurity Awareness Month reminds businesses to evaluate and update data protection policies and procedures. It’s also a good time to reference this year’s cyber liability insurance developments and trends to help avoid rate increases and coverage exclusions. If you’re looking to purchase cyber insurance, contact a risk advisor to review your policies and assess your current risk management strategy. BCH is here to help you keep your data secure and protect your bottom line when it matters.