☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

Up to 100,000 Bell Customers Impacted by Data Breach

Posted on by

Bell Canada, one of the nation’s largest telecommunications companies, announced Tuesday, Jan. 23 that up to 100,000 customers were affected by a data breach. The company has said that hackers likely obtained sensitive customer information, including subscriber names, phone numbers, account names and email addresses. At this time, there is no indication that credit card numbers or other banking information was compromised.

The company is advising customers to change their passwords and security questions. Affected users should also be on the lookout for suspicious activity, as cyber criminals will likely use the lost email addresses and user profiles to carry out more harmful phishing and social engineering scams.

Bell is currently working with law enforcement and the Office of the Privacy Commissioner of Canada to investigate the event. Officials are looking to determine how the breach occurred, what Bell is doing to mitigate the situation and potential follow-up actions.

This latest breach comes just eight months after 1.9 million customer emails were stolen from Bell’s database by an anonymous hacker. High-profile cyber security events are becoming commonplace, and organizations must continue to conduct security audits, review their record retention polices and provide employee training if they are to prevent future breaches. While customers can’t prevent companies from being hacked, they can take the following steps to reduce the risk of losing personal information:

  • Encrypt data whenever possible.
  • Back up data.
  • Use anti-malware protection.
  • Update phones and computers regularly.
  • Secure wireless networks.
  • Use a firewall.
  • Make passwords complex and change them often.
  • Avoid clicking suspicious links or navigating to deceptive websites.

To read the official statement from Bell regarding its most recent data breach, click here.

© Zywave, Inc. All rights reserved

Critical Cyber Exploits Affect Nearly All Computers

Posted on by

Cyber security researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data. The flaws, referred to as Meltdown and Spectre, are both caused by design flaws found in nearly all modern processors. These vulnerabilities can be exploited to access all of the data found in personal computers, servers, cloud computing services and mobile devices.

Because Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks.

Researchers believe that Meltdown and Spectre may be limited to processors manufactured by different companies, but also warn that the design flaws that contribute to Meltdown and Spectre have been present for years. Here are some key details about each flaw:

  • Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access all of the device’s data. Meltdown can be used to access desktop, laptop, server and cloud computer systems, and can even be used to steal data from multiple users who share one device. Although researchers have only been able to verify that Meltdown affects processors made by Intel, other processors may also be affected. Many software developers have already released updates that prevent hackers from exploiting Meltdown.
  • Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos and documents, even if those applications adhere to regular security checks. Spectre affects almost every type of computer system, including computers, servers and smartphones. Additionally, researchers have confirmed that the design flaw that enables Spectre is present in Intel, AMD and ARM processors that are used by nearly every computer and mobile device. Software developers are currently working on a patch to prevent the exploitation of Spectre, but some experts believe that future processors may have to be redesigned in order to fix the vulnerability.

When Meltdown and Spectre were originally discovered in 2017, researchers immediately reported them to major hardware and software companies so work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple and Amazon have already been updated to help defend against the flaws. However, you shouldn’t rely solely on a software patch to protect against these vulnerabilities. Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre:

  • Update all of your devices immediately, and check for new updates regularly. You should also encourage your friends, family members and co-workers to do the same.
  • Contact any cloud service providers and third-party vendors you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
  • Install anti-virus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.

© Zywave, Inc. All rights reserved

5 Cyber Risk Questions Every Board Should Ask

Posted on by

When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.

To help oversee their organization’s cyber risk management, boards should ask the following questions:

  1. Does the organization utilize technology to prevent data breaches? Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are current and effective.
  2. Does the organization have a comprehensive cyber security program that includes specific policies and procedures? Boards should ensure that cyber security programs align with industry standards and are audited on a regular basis to ensure effectiveness and internal compliance.
  3. Has the management team provided adequate employee training to ensure sensitive data is handled correctly? Boards can help oversee the process of making training programs that foster cyber awareness.
  4. Has management taken appropriate steps to reduce cyber risks when working with third parties? Boards should work with the company’s management team to create a third-party agreement that identifies how the vendor will protect sensitive data, whether the vendor will subcontract services and how it will inform the organization of compromised data.
  5. Has the organization conducted a thorough risk assessment and considered purchasing cyber liability insurance? Boards, alongside the company’s management team, should conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.

Contact your insurance broker to learn more about cyber risk mitigation strategies that you can start using today to keep your business secure.

© Zywave, Inc. All rights reserved

Cyber Risks in the Construction Industry

Posted on by

While you may think construction firms are not an attractive target for cyber criminals, the truth is no business is safe from cyber crime.

Regardless of how big or small your construction firm is, chances are you store valuable information—information cyber criminals can use for personal gain. Additionally, hackers are just as interested in proprietary information, and construction firms could lose their competitive advantage with just one data breach.

In order to protect your business and customers, it’s imperative to learn about the common cyber risks in the construction industry.

Loss of Files and Personal Information

In order to make their business more streamlined, almost all construction firms store some type of personal information. Because of this, the files and data they keep on hand is particularly vulnerable and a common target for hackers.

The average contractor stores and transmits sensitive information such as employee records, customer lists, bid data and financial records. Criminals can easily use this information to steal identities and credit card information. They could even ransom these files against a firm, blocking your access and demanding large sums for their release.

In addition, contractors often have login credentials for systems outside of their immediate control. If these contractors are hacked or decide to use their credentials for malicious purposes, your firm could be held liable.

Loss of Proprietary Data

One of the greatest assets a construction firm has is proprietary corporate data. At any given time, your organization could be holding valuable information related to privileged contracts, architectural designs and intellectual property.

In some cases, you could lose this information to cyber criminals without a breach ever occurring. This type of theft can occur through social engineering and phishing schemes, which are strategies criminals use to entice employees into transferring corporate funds or assets.

Infrastructure Exposures

As technology advances, buildings are becoming more connected. Smart technologies allow businesses and homeowners to automate processes that control a variety of systems, including heating, ventilation, air conditioning, lighting and security.

While these new advancements are a major leap forward and provide your clients with opportunities to lower their costs and increase their efficiency, they also create cyber exposures. When hackers gain control of a connected building, they can access things like IP addresses, security codes, automated building processes and camera footage.

In some cases, construction firms that provide smart technologies to their clients may be liable for any damage done by cyber criminals long after work is completed. At the very least, organizations that install products that negatively impact the privacy and security of customers could face serious reputational damage.

Be Proactive in Reducing Your Cyber Risk

In addition to the unique risks listed above, construction firms are subject to the same cyber exposures as the average business. Financial loss, business interruption and third-party liability are very real after-effects of a data breach, and your firm needs to be ready.

The best way to protect your firm from cyber exposures is with cyber liability insurance. These policies can and should be customized to meet your specific needs. Contact your broker today to learn more about cyber risks and what types of protection are available to you.

© Zywave, Inc. All rights reserved

What to Expect When Applying for Cyber Insurance

Posted on by

Every insurance policy starts with an application, and cyber liability insurance is no different. While the underwriting process in long-established insurance lines is streamlined, this is not the case for cyber liability insurance. Currently, application forms for cyber insurance are not standard and can be complex—often consisting of dozens of pages.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. However, proper cyber liability insurance remains a vital risk-transfer tool for organizations of all sizes. To ensure your organization has the right level of insurance when it needs it most, it is critical to prepare for the application process itself.

What Type of Information is Reviewed?

An underwriter’s job is to assess risk and determine limits and pricing. Insurers depend on the detail contained in an organization’s application, and any vagueness or incorrect information can create issues if and when you file a claim. In order to properly determine your organization’s cyber risks, insurers will review information related to the following:

  • The basics. Insurers will want to know what industry your organization operates in, as well as how much and what types of information your organization stores, processes and transmits. In addition, underwriters will look to see how you manage data security and who is in charge of overseeing cyber-related matters.
  • Information security. When it comes to on-site security, underwriters want to know if you have a formal program in place to test and audit security controls. In addition, underwriters typically look to see if you have basic controls in place, including firewall technology, anti-virus software and intrusion detection software.
  • Breach history. During the application process, underwriters will take a closer look at your breach history. In general, they want to know if the data you house is particularly vulnerable and how effective your data security techniques are.
  • Data backup. Knowing how your organization handles data backup helps insurers better understand your level of data loss risk. Underwriters will want to know if you back up all of your valuable data on a regular basis, if you utilize a redundant network and if you have a disaster recovery plan in place.
  • Company policies and procedures. Communication is important when it comes to reducing your organization’s cyber risk. That’s why, during the underwriting process, insurers want to know what types of cyber security and incident response policies you have in place. In addition, it’s likely you will be asked how you handle password updates, the use of personal devices and revoking network access to former employees.
  • Compliance with legal and industry standards. Failing to comply with cyber-related legislation can be incredibly costly, and insurers will want to know how you handle compliance. Specifically, they will review whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.

The more detailed and specific an organization can be during an initial underwriter review, the more likely it is that the organization will receive the proper amount of coverage and good terms.

Tips for Applying

For cyber coverage to be effective, it requires a high level of due diligence on the part of prospective policyholders. To get the most out of your policy, you will want to consider the following best practices when applying for cyber insurance:

  1. Gather accurate data. Before the application process, it’s critical to speak with your information technology (IT) management team and any vendors you utilize in order to collect accurate data. It’s important to quantify the data on your network. Above all, get a solid estimate on how much personally identifiable information you have, including employee data.
  2. Be honest. To complete the application process properly and get the best possible policy, honesty is important. When working with your insurer, be clear about your organizational setup, security protocols and breach history. Not only will this help in securing adequate coverage, but it will also reduce the risk of your policy being voided if carriers find out you were dishonest during the underwriting process.
  3. Don’t wait. Even if your organization hasn’t taken the appropriate steps to reduce its cyber risk, going through the cyber insurance application process can help identify exposures. Your insurer can work with you to get the best coverage possible today, leaving room to negotiate down the line when your data security methods are stronger.
  4. Involve the right people. The application process for cyber insurance can be complicated, and it’s important to have key personnel help you. In order to complete a cyber liability insurance application, an organization may need to work with their risk managers, IT professionals, HR department, financial officers, board of directors, executives, privacy officers, marketing team and legal professionals.
  5. Work with experienced brokers. Because cyber insurance is relatively new, some brokers are more experienced in the underwriting process than others. To get the most out of your policy, work with a carrier who can accurately assess your exposures and offer your organization the best protection. More experienced brokers can even provide details on how similar companies in your industry handle cyber security.

Taking all the above into account will not only prepare you for the cyber insurance underwriting process, but it can also improve data security up front.

Don’t Go in Unprepared

The application process for cyber insurance is both detailed and exhaustive. However, taking the proper steps before the application process for cyber insurance should reduce your data breach risk, making your organization more attractive to insurers and reducing your insurance costs overall.

When applying for cyber insurance, be sure to scrutinize policy terms, premiums and underwriting programs. Doing so can put you in a better position to secure the right coverage. For assistance applying for cyber liability insurance, contact your broker today.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN