Data Breach & Cyber Liability: If you use the internet, you’re at risk

Posted by Matt Simon on Nov 12, 2015

No matter what kind of business you run, if you use the internet, you’re at risk for a cyber attack. And when I say ‘use the internet,’ it could be something as simple as sending an email.

How could sending an email possible put you at risk for a cyber claim?

In reality, it’s very simple.  Have you ever received an email that included a virus?  You might think as long as you didn’t open your email, you’re safe.  Unfortunately, there are thousands of different viruses, and they’re becoming more advanced, more destructive, and sometimes you don’t even need to open the email for the virus to infiltrate your email network.

When a virus infects your email system, whether you host your own email or use a service such as Gmail, Yahoo or AOL, you run the risk of that virus being distributed to your entire network. And when that virus causes damage to other networks, guess who ends up paying?  It’s you!

The fact is, cyber criminals are on the lookout for information on your business, information on your customers, they’re finding ways to infiltrate and harvest that valuable data, and they’re even extorting businesses with the threat of releasing data or viruses that could cripple your business.

While computers have improved the speed and efficiency of how we work, they have also allowed thieves and con artists an easier avenue by which to steal from people and businesses. One of the ways these cyber criminals use computers to steal is through online fraud, one of the fastest-growing crimes today.

Types of online fraud

Your company’s intangible assets could be at risk if you or your employees are not mindful of online fraud attempts. Understanding and identifying different types of online fraud could save your company thousands, or even millions, of dollars in lost sales, damaged reputation, legal costs and more.

Social Engineering

This is the act of taking advantage of human behavior to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system—humans.

For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank—all while posing as an IT consultant from a well-known company.

Social engineers can be tough to spot because they are masters at blending in.

Phishing

When criminals attempt to acquire information such as usernames, passwords, credit card numbers and other sensitive information by pretending to be a trusted entity in an electronic communication, such as email.

One of the more common phishing scams is receiving an email that asks the user to verify his or her account information. A quick check of your email’s spam folder would likely result in a few examples of phishing.

Pagejacking & Pharming

This occurs when a computer user clicks on a link that brings them to an unexpected website. This can happen when a hacker steals part of a real website and uses it in the fake site, causing it to appear on search engines.

As a result, users could unknowingly enter personal information or credit card numbers into the fake site, making it easy for a hacker to commit online fraud.

Pharming is the name for a hacker’s attack intended to redirect a website’s traffic to a fake site.

Corporate identity theft

It doesn’t matter if you are a Fortune 500 company or a small family-owned business, cyber thieves are always looking for their next score.

It’s often assumed that smaller businesses are too small to attract attention from cyber crooks, but according to Verizon Communication’s 2013 Data Breach Investigations Report, about 40% of companies with a confirmed data breach employed 100 or fewer workers.

No company of any size is completely safe from cyber thieves.

There are many ways a cyber thief can steal a company’s identity, in addition to the various types of online fraud listed above:

  • Stealing credit history – A cyber thief could steal and use a company’s credit history for his or her own financial gain, and then use it to set up a dummy corporation, racking up huge debt for the real company.
  • Dumpster diving – All too often, papers with sensitive information are recklessly tossed in the garbage instead of being properly shredded and discarded.
  • Hacking – Having proper security measures in place for your computer system is essential to keep intangible assets safe. Make sure you’re using firewalls, routers and other security devices to protect your assets.

Curious about what you can do to prevent Cyber Crime?

ohio-cyber-crime-prevention

Prevent online fraud

Understanding and being able to identify potential online fraud techniques is the key to keeping your company safe.

Use the following tips to protect your intangible assets and ensure protection against a data breach:

  • Never give sensitive information like social security numbers or credit card numbers out over the phone unless you know the person on the other line.
  • Shred all credit reports and other sensitive data before disposal.
  • Educate employees about phishing and pharming scams and set rules about using the internet. Remind them not to click on anything that looks suspicious, or seems too good to be true.
  • If remote access to a network is a necessity, make sure it’s closely monitored, as it can be a security risk.
  • If your company doesn’t have an IT department, hire an outside company to set up the proper security measures for your computer network.
  • Implement a regular back-up procedure to safeguard your critical business data and set permissions and encryptions. 
  • Always monitor credit reports and other financial data for the company. If you see things that don’t belong, investigate.
  • Do not allow employees to write down passwords in the office.
  • Use strong passwords and be especially cautious about wireless networks.

If you are a victim

It's common to have an “it will never happen to us” philosophy when it comes to fraud. Unfortunately, that thinking can lead to lax security measures and carelessness when it comes to protecting intangible assets. If you become a victim of online fraud:

  • Act quickly. Report the fraud immediately to local law enforcement. Notify important suppliers, vendors and partners.
  • Alert your customers. If there is a data breach involving customers’ personal information, activate your plan to alert them. This information could be incredibly harmful to your customers, so alert them as soon as possible.
  • Do an investigation. If you do not have the resources to do an internal investigation, consult a third party. The quicker the breach can be dealt with, the fewer negative effects your company will endure.
  • Take measures to lessen the chance of a future breach. Fortunately, cases of online fraud can be good learning tools for your company. Analyze why the breach happened and take steps to make sure it doesn’t happen again.

For detailed information on how to deal with a breach, check out I’m a cyber-breach victim, now what?

If even the thought of a cyber attack or data breach leaves you wondering ‘how will I respond?’ or ‘will my business survive?’, relax… we can help.

The insurance market has responded to the proliferation of cyber and data breach exposures with comprehensive coverage forms that can respond to everything from notifying your customers of a the breach, investigating how it occurred, paying fines & penalties you’re hit with, and even reimbursing you for your loss of income because of the hit to your reputation.

Best of all, this coverage is extremely affordable, even for small businesses.  Depending on the size of business, and the coverage options selected, annual premiums can be as low as $400!

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk.  You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal and we’ll get to work for you.

Cyber & Data Liability Insurance eBook

Additional articles that may interest you:

Cyber Liability Claims Examples

I'm a cyber breach victim, now what?

A lesson from the Sony Data Breach

Category: Cyber Liability Insurance (1)