Cyber insurance What’s the cost and what does it cover

,

Cyber insurance covers a range of elements, the most basic being the legal expenses incurred as a result of falling victim to cybercrime. This includes legal fees, expenses, and even any fines that you may have to pay or financial settlements that have to make with your customers or third parties who have been affected as a result of the incident. Apart from this, depending on the coverage you opt for, your cyber insurance may cover the following.

Notification costs

In the event of a data breach, the business is required to inform all affected parties of the breach. This involves reaching out to them individually and also through the press. Cyber insurance may cover the costs related to this process.

Restoration costs

After a cybercriminal attacks your IT infrastructure, you will have to spend money restoring it. There will be considerable expense in terms of recovering the lost data and repairing or replacing affected IT systems.

Analysis costs

In the event of a data breach, you will have to conduct a forensic analysis to identify the root cause of the breach and figure out how to prevent further occurrences. Cyber insurance may cover the costs of such an investigation.

Downtime costs

When your business operations shut down, even temporarily, due to IT issues, you lose revenue. You could get a cyber insurance policy to cover such downtime costs.

Extortion money

In some cases of data theft like a ransomware attack, cybercriminals usually demand a certain amount of money as ransom or extortion to let you access it again. Considering how rampant ransomware attacks are these days, it may make sense to opt for a policy that covers this angle as well.

How much does cyber insurance typically cost

Depending on the coverage and risk, annual cyber insurance costs range anywhere from $1000 a month to about a million dollars. But, what you need to ask yourself is, how much can it cost you if you ignored cyber insurance? The answer is, it could cost you your business, your customers and your brand reputation. With cybercrimes rising at alarming rates, cyber insurance is not a luxury that only the big players should invest in. It is the need of the hour for any business, irrespective of its industry or size.

/by

Cyber insurance 101

,

What is cyber insurance

With cybercrime becoming a major threat to businesses across the world, irrespective of their size, cyber insurance is fast becoming a necessity more of a necessity than a choice. However, the concept of cyber insurance is still fairly new and not many SMBs are aware of its benefits. Cyber insurance is an insurance that covers your liability in the event of your business becoming a victim of cybercrime. For example, a data breach puts you at risk of lawsuits, makes you liable to your customers/other parties whose data has been compromised because of/via your organization. Cyber insurance covers the financial aspect of such liabilities, making it easier for you to deal with them.

Why do you need cyber insurance

Many organizations think of cyber insurance as an added cost. They believe they don’t need it for various reasons.

Bigger organizations think their IT security measures are watertight and they won’t fall victim to cybercrime, and they also tend to believe that even if they are affected in a one-off case of cybercrime, they are solid enough to discharge their liabilities and come out of the incident with their brand value intact.

SMBs, on the other hand, think cybercriminals are most likely to target the bigger players and they don’t need cyber insurance. But, in reality, it is the smaller businesses that are at a greater threat–primarily, because

  1. They lack the resources to strengthen their IT infrastructure and their staff is less likely to be trained in identifying cyber threats, making them more vulnerable
  2. They are less likely to recover from the damage to their financial and brand health as a result of falling victim to cybercrime

The bottom line is, every organization–big or small, needs cyber insurance today. Cyber insurance, however, is not a replacement for cybersecurity. Having cyber insurance doesn’t mean you can be lax about cybersecurity. It is meant as a buffer, to help.your business survive when something slips through the cracks. An MSP can help you tighten your cybersecurity and prevent data breaches and other untoward incidents. Also, being well versed with the IT industry, your MSP can help you understand the IT risks that you need to get covered for. They can also help you pick out the right cyber insurance policies, in some cases, some of them even being insurance advisors or agents.

/by

Four Basics to follow for Everyday Data Security

,

One of the biggest questions we get from clients and prospects is “What can we do to protect ourselves from cyber attacks?” It is a sensible concern. A cyber attack that freezes operations or seizes data can ultimately shut a company down for good. There are some basic, simple things you can do to protect your company and there are more sophisticated tools available. In this blog, we look over a spectrum of 4 things you can do to improve your data security, from the simple to the high tech.

  1. Employee training – It may seem so simple, but training your employees on an ongoing basis about their role in cyber security may be the best thing you can do. Why? Because well-meaning people do things when they get near a computer that can be very risky.

Simple things like forbidding the use of external storage devices being brought to the workplace. One of the more notorious data breaches occurred because a subcontractor employee–who had access to a large corporation’s IT infrastructure–found a thumb drive in the parking lot and plugged it in to see what was on it. Beyond that, simple phishing scams are still very effective at tricking people into opening nefarious websites. Ask your MSP for guidance on creating ongoing training programs that explain phishing scams and similar tricks and instruct everyone how to avoid them. Do it on a regular basis. It is easy to forget and let your guard down.

  1. Software updates – This one is also basic, but it carries a lot of value. Each time you receive a notice about a software update, stop and do it then. Don’t put it off until tomorrow. These updates not only provide new, improved features. They often provide fixes to vulnerabilities in the software or address threats and viruses that have developed.
  1. Zero day alerts – Zero Day alerts are kind of like a neighborhood crime alert.
    You are busy running your own company and your time is not spent tracking the latest threats developing out there in the cyber world. Your MSP may offer text or email alerts about new threats and how to protect yourself from them.
  1. Finally, there is a more complex, after the fact, security precaution you can take. Cyber insurance. Cyber insurance may be able to cover some or most of the losses incurred as a result of a security breach. It won’t defend your data proactively, but, should the worst happen, it may provide protection against loss revenue and damages. Standard commercial property insurance policies do not generally include provisions for the damages from cybercrime. In a growing number of commercial policies, they are specifically excluded. As a result, executives who recognize the catastrophic damage that a cyberattack can inflict on their business are looking at cyber insurance to transfer the financial losses to a third party. However, there are some pretty deep weeds to get into when looking for a cyber insurance policy. Just for one example, some policies may create requirements and security standards you must meet before an event will be considered a covered loss. A Managed Service Provider can offer guidance into whether this is an avenue to explore.So there you have it. You have to protect your organization from the threats and consequences of data losses due to a security breach.
/by

AI: Marketing and other sample uses- A quick introduction

,

As you are likely very aware, Artificial Intelligence has become a real attention getter in the business world, as well as public media. One cannot be looking at the news everyday without coming across some article discussing AI. However, just because something is a fad, doesn’t mean that it is either new or something everyone needs. AI has been around for a long time. Anyone who has purchased something from a website is well aware of the “ others who bought “X”, have also been interested in …” feature. That feature has been around for decades. That feature is an example of AI. A simple but helpful understanding of AI is that it is able to attempt to find patterns and suggest predictions by sifting through enormous quantities of data. Quantities of data that would make seeing patterns an insurmountable human task.

Just to get a general understanding how AI is being used to meet organizational objectives, improve processes, marketing, recruiting, and even worker safety, let’s look at a few diverse examples.

Worker Safety: AI can sift through data to notice patterns of worker injury to identify safety problems in a manufacturing sector business. Simple aggregate statistics ( 5 injuries per day ) doesn’t help identify where the risks actually are, and certainly doesn’t identify key areas of risk) Where are things going wrong? Maybe patterns in time suggest worker fatigue. Maybe it identifies a certain activity that presents safety issues.

Demand Forecasting in Retail: Determining how much to stock of what item for a coming sales season can be as much an art as a quantifiable skill. As a result, companies can see real hits to the bottom line when they make a mistake. Just observing how much sold this month last year isn’t a sufficient predictor for the coming period. What about the weather? Bad economic news. Construction on a nearby road that is now finished this year. The endless factors that may influence buying decisions can be used to forecast demand more accurately.

Disease Screening in Healthcare: AI has the capacity to potentially use data to identify or eliminate certain diagnoses that an individual medical professional whose experience is necessarily finite, might be able to do. Like much else, there are ethical issues that can make AI a complex tool, but there is much potential.

Disease Tracking: The pandemic was practically an instructional video on the value of AI. Tools that could identify all of those who had likely contracted with someone who tested positive for Covid -19? That was AI at work.

Just in Time Inventory: Just in time inventory means that manufacturers avoid the costs associated with inventory that sit unused until needed. Identifying along a very long supply chain how inventory can be built and shipped to arrive just in time is no simple task. AI is a key component of that inventory model.

Customer Retention: Like other areas, you probably can collect more information about your customers than you can make sense of. So, why did they leave? You may have the answer, but it may actually be a calculus of many factors. AI can help identify all of the issues that may have led a customer to leave. Without AI, you may incorrectly attribute it to one single factor.

AI and Marketing: Why are marketers so interested?

AI has potential applications in the marketing end of any business, large or small. AI may offer you some new tools to more effectively market without expanding your present marketing resources. Marketers, in particular, may find AI useful in these three general categories-

Collecting Data about Prospective Customers– Even small businesses can collect a significant amount of data. AI can allow you to analyze that data. No matter how much data you collect, it is useless unless you can synthesize it, see patterns, etc. The human capacity to make sense of the massive amount of data we collect is limited.

Using Data to Market More Effectively– Even the most novice marketer knows that the more you know about each prospect the easier it will be to target them. The more you know their needs, the more you can explain how your product or service meets those needs. AI allows you to do more with the data you collect- to make sense of it so you can use it.

Generating the RIght Message– AI may be also able, to a certain degree, assist you in creating the messaging to reach your target. However, it is important to recognize that AI is not a silver bullet.

/by

Marketing and AI

,

Suddenly, everyone is talking about artificial intelligence (AI). It is constantly in the news now. It suddenly is looming like some intimidating Terminator. However, AI is not a toggle switch that was suddenly turned on one day this year. AI is everywhere and has been around for far longer than most of us are aware. We just didn’t realize it.

Ever think about how Instagram shows you reels based on your past views? Youtube does the same. Amazon makes recommendations based on your browsing and purchase history. By the newest standard, that is old hat AI, but it is AI. Lately, significant advances have been made that increased the power of these learning algorithms exponentially. The new tools Chat GPT, BARD, Well-said are examples very widely covered in the media.

Why are businesses so interested?

There are a wide variety of uses for AI in the business space, from project management to customer service.
A bit of background, it might be helpful to take a quick survey of places where AI is being deployed.

Before looking at examples, let’s discuss why use AI in any area at all?

Given technology, any organization has the capacity to collect–from the perspective of a human–an incomprehensibly large amount of data on almost any subject. This data can be used to do many things, but there is so much of it, we have a limited capacity to see patterns and synthesize. AI has the capacity to do that.

Three examples:

Demand forecasting in retail: Who doesn’t want the magic bullet to decide how much to stock for each season? However, just observing how much sold this month last year isn’t a sufficient predictor. What about the weather? Bad economic news. Construction on a nearby road that is now finished this year. The endless factors that may influence buying decisions can be used to forecast demand more accurately.

Disease screening in healthcare: AI has the capacity to potentially use data to identify or eliminate certain diagnoses that an individual medical professional whose experience is necessarily finite, might be able to do. Like much else, there are ethical issues that can make AI a complex tool, but there is much potential.

Customer retention: Like other areas, you probably can collect more information about your customers than you can make sense of. So, why did they leave? You may have the answer, but it may actually be a calculus of many factors. AI can help identify all of the issues that may have led a customer to leave. Without AI, you may incorrectly attribute it to one single factor.

Why are marketers so interested?

AI has potential applications in the marketing end of any business, large or small. Marketers, in particular, may find AI useful in these three general categories-

Collecting Data about prospective customers – Even small businesses can collect a significant amount of data. AI can allow you to analyze that data. No matter how much data you collect, it is useless unless you can synthesize it, see patterns, etc. The human capacity to make sense of the massive amount of data we collect is limited.

Using data to market more effectively – Even the most novice marketer knows that the more you know about each prospect the easier it will be to target them. The more you know their needs, the more you can explain how your product or service meets those needs. AI allows you to do more with the data you collect- to make sense of it so you can use it.

Generating the right message – AI may be also able, to a certain degree, assist you in creating the messaging to reach your target. However, it is important to recognize that AI is not a silver bullet.

In short, AI may offer you some new tools to more effectively market without expanding your present marketing resources.

/by

Protecting Your Business: Safeguarding Against Ransomware Attacks

,

In today’s digital age, businesses face an ever-increasing threat from cybercriminals, and one of the most prevalent and damaging forms of cyberattack is ransomware. Ransomware attacks can cripple an organization, leading to data breaches, financial losses, and reputational damage. However, by implementing robust cybersecurity measures and adopting best practices, businesses can significantly reduce the risk of falling victim to ransomware attacks. In this blog post, we will explore effective strategies to safeguard your business against ransomware and ensure business continuity.

    • Employee Education and Awareness:
  • A well-informed and security-conscious workforce is the first line of defense against ransomware attacks. Regularly educate your employees about cybersecurity best practices, such as recognizing phishing emails, avoiding suspicious downloads, and practicing strong password hygiene. Conduct training sessions, share informative resources, and encourage employees to report any potential security threats promptly.
    • Implement a Multi-Layered Security Approach:
  • Having a comprehensive cybersecurity strategy is crucial to protect your business against ransomware. Adopt a multi-layered security approach that includes the following elements:
    1. Endpoint Protection: Install reliable and up-to-date antivirus and anti-malware software on all devices within your network. Enable real-time scanning and automatic updates to detect and block potential threats.
    2. Firewall and Intrusion Detection Systems: Deploy robust firewalls and intrusion detection systems (IDS) to monitor network traffic and prevent unauthorized access. Regularly update and patch these systems to address any vulnerabilities.
    3. Secure Backup and Disaster Recovery: Regularly back up your critical data and ensure backups are stored securely, preferably offline or in a separate, isolated network. Test data restoration processes periodically to ensure backups are viable.
    4. Network Segmentation: Divide your network into smaller segments to limit the spread of ransomware. Implement strict access controls and ensure sensitive data is only accessible to authorized individuals.
    • Keep Software and Systems Updated:
  • Outdated software and operating systems are common entry points for ransomware attacks. Regularly update all software applications, including web browsers, email clients, and operating systems. Enable automatic updates whenever possible to ensure prompt installation of security patches and bug fixes.
    • Email Security Measures:
  • Email remains one of the primary vectors for ransomware distribution. Implement robust email security measures, including:
    1. Spam Filters: Utilize advanced spam filters to block suspicious emails and prevent phishing attempts from reaching employee inboxes.
    2. Email Authentication: Implement email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to prevent email spoofing.
    3. User Awareness: Educate employees about email security best practices, including verifying sender addresses, avoiding clicking on suspicious links or downloading attachments from unknown sources, and reporting any suspicious emails promptly.
    • Regular Data Backups and Testing:
  • Frequent data backups are essential to mitigate the impact of a ransomware attack. Implement a robust backup strategy that includes automated backups and periodic testing of data restoration processes. Ensure backups are stored securely and kept separate from the main network to prevent ransomware from infecting them.
    • Incident Response and Business Continuity Plan:
  • Develop a comprehensive incident response plan that outlines the steps to be taken in the event of a ransomware attack. The plan should include procedures for isolating affected systems, notifying stakeholders, engaging law enforcement, and restoring operations. Regularly review and update the plan to reflect changes in technology and emerging threats.
    • Regular Security Audits and Penetration Testing:
  • Periodically conduct security audits and penetration testing to identify vulnerabilities in your network infrastructure and applications. Engage with ethical hackers to simulate real-world attack scenarios and identify potential weaknesses.
/by

Passwords: boring but they matter

,

Passwords are something that you and every employee can use to protect your data and maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Watch out for re-use and multiple use.

Rotating passwords isn’t a good idea. You may notice some sites that you use may not even permit you to use the passwords you have used previously. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites.

Avoid writing down passwords

This one can be a little outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet or handbag isn’t an especially good idea.

Don’t share password

One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.

Phishing tricks

Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this is other e-guides but it bears repeating because it seems to work against even the most savvy digital users.

Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL [email protected] will take you to mysite.net and not to the actual Bank of America website.

In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time

/by

Four easy ways to thwart cyber criminals

,

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)

/by

Password Hygiene Best Practices

,

According to a report by Verizon, 80% of data breaches are caused by weak or stolen passwords. In addition, the report found that 60% of users reuse the same password across multiple accounts, making it easier for hackers to access multiple accounts with a single stolen password.

Maintaining good password hygiene is essential to protect against these threats and keep your accounts secure.

Weak or compromised passwords can be easily cracked, allowing cybercriminals to gain access to our data and steal our information. Here are a few password hygiene best practices to consider,

Use Strong Passwords

Using strong passwords is one of the most crucial steps in maintaining good password hygiene. A strong password is one that is long and complex, using a combination of letters, numbers, and symbols. Avoid using easily guessable passwords, such as “password” or “123456,” and avoid using personal information, such as birth dates or names.

Update passwords or revoke access when employees leave the organization

Changing passwords regularly is another essential step in maintaining good password hygiene. It is recommended to change passwords every 90 days or sooner, depending on the level of security required. Passwords need to be updated regularly and access to data has to be revoked when employees are no longer authorized to access it. However, this important step is often overlooked. This is especially an issue in SMBs where the staff is pretty busy and turnover is high. They are too busy to remember to change the passwords once a staff member quits, leaving their data vulnerable. So, next time the new intern finishes their stint with you, make sure you change the password and revoke their access.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your accounts. It requires you to provide a second form of identification, such as a code sent to your phone, in addition to your password. Two-factor authentication makes it harder for hackers to gain access to your accounts, even if they have your password.

Don’t Reuse Passwords

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. Using the same password for multiple accounts is a common mistake that can compromise the security of all your accounts. If one account is compromised, all accounts using the same password are also at risk. Using a unique password for each account decreases the amount of damage that can be inflicted in the event that one password is compromised.

Avoid Writing Down Passwords

Writing down passwords is a risky practice. It is easy to misplace or lose the paper where you wrote down your passwords. Avoid writing down passwords, and if you must write them down, keep them in a secure place, such as a locked cabinet. This applies primarily to an office environment, where desks, files and notepads are in open view and available to all.

Don’t share your passwords

Never share your password. If you need to give data access to multiple people, make sure each one of them has their own access credentials. This creates an audit trail and helps trace the data breach back to its origin if it occurs.

Be Wary of Phishing Scams

Phishing scams are a common way for hackers to gain access to passwords. Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine

/by

7 Cybersecurity basics to never forget

,

No matter how much people hear “data safety,” they still can get sloppy about their cybersecurity. One of the reasons is that there are so many constant reminders that the warnings just become that much more background noise. Today, let’s do a quick review of the one you hear most about ( and most likely to forget about) Passwords.

Passwords

As annoying as they are (and who doesn’t doest curse them sometimes) passwords are a basic and necessary evil to protect access to your data. One of the root innovations that helps sidestep the tedium of entering ( and remembering ) passwords are facial recognition and fingerprint security measures. These can be a real timesaver, but they aren’t readily available across every site and device. So that leaves us with the question, what are the best practices for maintaining strong passwords and defending multiple sites, programs or devices (also known as “ good password hygiene’’)?

Maintaining password best practices

Simple passwords, with nothing but regular vocabulary words (even in other languages) are easily cracked. Most sites generally require mixed case, alphanumeric and a symbol or two for it to be an approved password. Here are a few things to remember.

    • Avoid using the same password across multiple sites or devices.
    • Don’t share your passwords with co-workers, no matter how convenient or timesaving it may be
    • Don’t send passwords ( or any critical personal data, for that matter) via text or email.
    • Don’t save them on a device in an unencrypted file
    • Remember to change them periodically
    • Be sure that access to files is removed immediately when an employee leaves an organization or no longer has need to access particular programs, data or machines

Multi-factor authentication

Related to the password method of maintaining data security, multi-factor authentication is becoming increasingly popular and is often required by some organizations. Basically, this takes the password idea and adds another layer to ensure that the correct user is entering the password. Your ATM is an example of MFA. Just a password isn’t enough at the ATM–you have to have your ATM card also. Most of us know MFA through the request to enter a one time code that is sent to us, on a different platform, after we enter our usual password. Again the idea here is that even if a password is stolen, a second form of identification is required to ensure the correct person is gaining access. NOTE: A common form of MFA is to send a text message to your phone. Be aware that if you leave the country and don’t buy a text package for your phone, you may not be able to access some sites that use this form of MFA.

In short, we hear most about password safety, but because it can be such a pain to change them, we open ourselves and our business to data vulnerability. Contact Direct One for ideas to improve your data security.

/by