Cybersecurity and Coronavirus

Fran
Fran Majidi
March 27, 2020

Coronavirus has not only killed thousands of people on every continent except Antarctica, it has affected 20% of households with the loss of work hours and jobs. Those of us who are fortunate enough to still have jobs are telecommuting from home. Unfortunately, inadequate childcare is not the only challenge employees face. Many employees are creating home office environments with minimal cybersecurity protections in place.

As many experts predicted, hackers have seized the opportunity to tap into some sensitive data because so many people are working remotely due to coronavirus preventive measures. Their incentive to attack now is simple: Most people do not have the more sophisticated detection tools employers use in the workplace. With so many workers using personal computers, data has been compromised on a large scale.

Some attackers are using ransomware for a quick payout, others are penetrating networks and searching for bank account numbers and credit card information. Some groups are unraveling trade secrets or other forms of valuable business information.

On March 25, a group of 400 volunteer cybersecurity experts got together in San Francisco with a mission to fight the unprecedented incidents of hacking taking place since coronavirus quarantines went into effect. However, even experts cannot undo the damage that’s already been done. It’s predicted that most businesses won’t feel the fallout of the cybersecurity breaches for months to come.

The Cybersecurity and Infrastructure Agency at the Department of Homeland Security has informed workers to patch their systems and to be on the lookout for unusual activity. They’ve also urged the public to configure firewalls to protect their information.

Most often, attackers are looking to seize remote login credentials to an organization’s data and resources. It’s easier than ever for a hacker to maliciously log in without being detected by the organization’s IT and security team(s). It’s important to alert employees to the fact that hackers are hunting for user credentials in greater numbers than ever before.

Protecting Yourself Against Ransomware

Ransomware is a type of malware used to infect computers and encrypt computer files until a ransom is paid. Once infected, the ransomware will spread to connected systems, shared drives and other accessible computers. It may lock files and worse. Even after the ransom is paid, the hackers may still refuse to restore a victim’s access and demand additional payments. The Federal Government advises against paying ransomware hackers.

How Is Ransomware Delivered?

Typically ransomware is delivered through phishing emails or drive-by downloads which can automatically download from the internet without your knowledge or consent. Once a link is clicked in the phishing or email or if a ransomware program downloads automatically, the computer is infected with ransomware.

What Should I Do if My Computer Is Infected with Ransomware?

It’s important to isolate the infected system(s). First, remove the infected system from all networks. Disable the computer’s wireless, Bluetooth and other networking capabilities. Disconnect all shared and networked drives.

Contact your team lead if this happens. Your team lead should contact the local FBI office or local U.S. Secret Service office immediately.

Next, you and your team lead should segregate any other computers or devices that were sharing a network with the infected computer. Label any computers that have been encrypted. Bring the computers to a specialist for recovery of partially encrypted files.

Make sure your backup is offline and secure. Scan this data with an antivirus program to ensure that it’s free of malware.

After ransomware has been removed, change all system passwords.

Your Emails Are Dangerous Too

Emails are also a common tool for hackers because they can also be forwarded so as to infect several computers or devices at once. Some programs automatically download email attachments riddled with viruses, not giving you any chance to prevent an attack. All you have to do is open these emails and you’ll be infecting your machine and possibly others on a shared network.

What Can I Do to Protect Myself Against an Email Attack?

Be aware that hackers are sophisticated and will try to create messages that seem as if they were sent from people or organizations you know and work with. It’s a good idea to check with the person who supposedly sent you a suspicious message before opening any attachments.

What’s most troubling is that attackers are taking advantage of misinformation to get you when you least expect it. Be especially careful of opening any emails with attachments that claim to be from your internet service provider (ISP) or a software vendor wanting to help you with patches or antivirus software. ISPs and software vendors do not send these materials in emails.

Get the right Business Insurance. If you heard about cyber insurance but thought it was not something you need to protect your business, consider it again, especially now that you’ve witnessed a crisis send workforces home en masse.

What Else Can I Do to Prevent an Attack?

Although most people are no longer doing their work in coffee shops during the pandemic, you may still on occasion have access to public Wi-Fi. Avoid using it because it may allow an attacker to intercept your device and gain access to your personal data.

What Is Cyber Insurance?

Does you business conduct transactions over the Internet? How do technology, emails and social media leave you exposed to risk? These are questions every business should ask itself because there are many gateways to cyber attacks. Cyber insurance is simply a way of transferring risk should an attack happen to your business or organization.

Cyber risk insurance (or cyber liability insurance coverage, CLIC) offsets the costs involved in recovering after a cyber-related security breach or data breach. It first took shape in errors and omissions insurance (E&O), and has since grown to reach 7.5 billion in premiums by 2020. Roughly ⅓ of American companies currently purchase some form of this insurance.

Cyber insurance covers expenses related to first parties (your business) and third parties (any customers who may be affected by hacking). The following are some commonly reimbursable costs related to cyber insurance:

Investigation. An investigation needs to happen in order to determine what happened and to find out who conducted the hacking. Most hackers leave behind a trail, but it costs money to find out who they are. That’s why it’s important to involve the services of law enforcement and the FBI along with the services of a security firm who will be able to track IPs and the like. Your cyber insurance will cover costs.

Business Losses. A cyber attack may interrupt business. You may also experience data loss, which will create a crisis for your business (also costly). There may be reputation damage involved, too, depending on the type of cyber attack. All of these consequences would be covered by cyber insurance.

Theft and Fraud. This protection covers loss of the policyholder’s data as well as the transfer of funds/theft. Privacy and notification. Whenever there is a data breach, notifications must be sent to customers and/or affected parties according to federal law. Credit monitoring for those customers may also be required. A data breach doesn’t come cheap.

Lawsuits and extortion. There are legal expenses associated with the release of confidential information and intellectual property. Your business may also be extorted using ransomware and the like. Media Liability. Provides coverage for copyright, trademark or service mark infringement.

What Should Be Included in My Cyber Insurance Coverage?

Most of the bigger insurance companies that sell commercial insurance (Chubb, Travelers, etc.) are already offering cyber insurance to clients. Some people speculate that cyber coverage will one day be included in a standard general liability policy, but it’s important to note that as of now it’s not included.

Here are some valuable tips about cyber insurance:

  • A standalone policy is usually more comprehensive than one that is offered as an extension to an existing policy.
  • Look at the deductibles to make sure they are manageable.
  • Does the coverage apply to third-party service providers? Is this something you need?
  • Does the policy cover all attacks to the company or targeted attacks only?
  • Does the policy cover social engineering: phishing, spear phishing and advanced persistent threats (APTs), which can take months to years?

A Business Has Responsibilities Too

How vulnerable a business is and whether or not they follow best practices defensively are factors insurance companies take into consideration when considering coverage. Employee education for phishing and other types of social engineering are also important too. There are vulnerability assessment tools out there which can help. Sometimes, it’s helpful for a business to hire a network defense specialist to improve the security of the overall organization. Down the line, when cyber insurance becomes more commonplace, it will likely be a requirement for clients to provide an audit of the company’s defensive processes.

Does My Business Really Need Cyber Insurance?

Not only is the threat of a cyber-attack not hyped up, but attacks against businesses are also increasing as more people gain cyber sophistication. According to a report by the security software, Symantec, over 30% of cyber attacks were launched against businesses with less than 250 employees, with the remaining 70% of cyber attacks aimed at larger organizations.

So, if your question is do cyber attacks really happen, the answer is a resounding yes. Get protection by visiting here.

Tips to Share with Employees Working Remotely

  • Patch your devices using a strong password and multifactor authentication.
  • Stay away from phishing emails.
  • Lock devices if you’re not using them.
  • Avoid suspicious links in emails.
  • Be alert to cyber attacks happening outside of work hours.
  • Be aware of fake emails from managers and HR personnel asking for your password.
  • Beware of entry points to corporate assets via smart speakers, smart televisions and other smart home systems.
  • Back up your computer.
  • Store Your backups separately.
  • Train all employees how to protect themselves.
  • Open emails with extreme caution and only click on links you know are safe.
  • Use and maintain preventive software programs like Malwarebytes, which is extremely affordable.
  • Keep your personal information safe by checking a website’s veracity and security to make sure your information is encrypted before you provide it.
  • Disconnect devices from shared network(s) and power them off if you suspect they are infected with malware.
  • Turn off option for automatic download of attachments.
  • Manually scan files using your antivirus software before opening them.
  • Create a separate account on your computer with restricted privileges. Read emails on an account with these restricted privileges.
  • Trust your instincts. If for whatever reason, your gut tells you there’s something wrong, there probably is. If you’re unsure about opening an email, don’t do it.
  • Block pop-up advertisements.
  • Keep software updated and enable automatic updates when available.
  • Install or enable a firewall to prevent infection by blocking malicious traffic before it enters your computer.
  • Use anti-spyware tools, which can identify and remove spyware. Most antivirus software includes an antispyware option so make sure to enable it.
  • Contact your IT department as soon as you suspect a computer has been attacked. The sooner they can investigate and “clean” the device, the less likely it will infect others on the network.
  • Beware of look-alike domains that are phony websites looking to lure you into clicking so as to infect your computer.

Get a Free Commercial Insurance Quote.

Related Articles

Commercial Insurance What Is Excess Liability Insurance?

Excess liability insurance is a type of insurance policy that provides higher coverage limits when placed on top of an original, primary policy. The purpose of excess liability insurance is to close any gaps in coverage and provide an extra layer of protection.

Commercial Insurance How Insurers Calculate Commercial General Liability Insurance Rates

One way that companies can protect themselves against these suits is by purchasing Commercial General Liability Insurance. But do insurers calculate premium rates, and what can small businesses do to get the lowest rates?

Looking for Commercial Insurance?

Compare rates from dozens of companies in less than 3 minutes.