☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

What Should Canadians Affected by Equifax Data Breach Do?

Posted on by

Equifax, one of the largest credit reporting agencies in the United States, was recently the victim of a massive cyber attack—an attack that may have compromised the personal information of 143 million people.

Impacted individuals were not simply limited to the United States either, as the hackers gained unauthorized access to personal information of certain Canadian and U.K. residents. Initial reports suggest 209,000 credit card numbers were stolen in the attack, some of which may belong to international customers.

The breach itself occurred between mid-May and July 2017 when cyber criminals gained access to sensitive data by exploiting a weak point in website software. In the United States, sensitive information like Social Security numbers, birthdays, addresses and driver’s licence numbers were compromised.

The recent attack on Equifax is the third major cyber security threat the organization has experienced since 2015 and one of the largest risks to personally sensitive information in recent years. The attack is so severe, in fact, it’s likely that anyone with a credit report was affected.

If you are concerned that you may have been impacted by the breach, Equifax has set up a website to help individuals determine if any of their personal information may have been stolen.

It should be noted that it may not be obvious that you are a customer of Equifax, as the company gets its data from credit card companies, banks and lenders that report on credit activity. As such, it’s important to follow the appropriate steps and check to see if your information was compromised.

Additionally, you should review your online bank and credit card statements on a weekly basis. This will help you monitor any suspicious activity.

Equifax will work with regulators in Canada and the United Kingdom to determine appropriate next steps.

© Zywave, Inc. All rights reserved

3 Business Lessons from the HBO Hack

Posted on by

HBO, an American premium cable and satellite television network, was the victim of a data breach. On July 31, 2017, HBO revealed that a group of hackers had stolen 1.5 terabytes of data from the network. Following the breach, the cyber criminals were systematically leaking spoilers and unaired episodes of “Game of Thrones,” one of HBO’s flagship shows.

This hack demonstrates that intellectual property can be just as valuable to cyber criminals as personal identifiable information. To avoid falling victim to a similar cyber attack, organizations should keep in mind the following business lessons learned from the HBO hack:

  1. Having a communications plan in place is critical. Following the breach, HBO was quick to ease the concerns of stakeholders, assuring the public that no internal emails had been stolen. However, this turned out not to be the case, and HBO publicized misinformation. This can be damaging to a brand, as balancing transparency and authenticity following a cyber event is crucial. Having a formal communications strategy can help organizations map out what information is shared to the public and at what time.
  2. Cyber attacks can be damaging to an organization’s reputation. Even if the financial impact of the HBO breach ends up being minimal, the reputational damage has been done. The breach jeopardizes HBO’s image and undermines customer loyalty and trust that took years to build up.
  3. To protect your business from a cyber attack, you need to understand your vulnerabilities. It’s been reported that the HBO hackers used multiple points of entry to get into the company’s system and steal data. Organizations should understand their vulnerabilities to protect against attacks. Entry points can differ depending on the business, but often include employees connecting to networks, online printers and employees using a virtual private network while working remotely.

While you can never predict when a data breach will occur, keeping in mind the lessons above will ensure that your organization is adequately prepared.

© Zywave, Inc. All rights reserved

Manufacturing is a Top Target for Cyber Criminals

Posted on by

Cyber security is a top-of-mind risk for organizations of all sizes and across all industries. This is especially true for manufacturers, as it is an industry norm for organizations to quickly adopt new, more efficient technologies—technologies that are often a target of cyber criminals.

In fact, according to the Insurance Institute of Canada, manufacturing is one of the top industries targeted by cyber criminals. While specific cyber exposures for manufacturers vary, they typically relate to the categories outlined in this article.

Data and Intellectual Property Loss

Almost every business stores sensitive information. For manufacturers, this typically includes personally identifiable information of employees and customers. Items like names, addresses and credit card information are all at risk in the event of a data breach.

A data breach can occur as the result of a number of incidents, including hacking, the loss of a laptop and unauthorized employee access. Data breaches can be incredibly costly for manufacturers, and expenses related to forensics, notification costs, public relations, crisis management, and fines and penalties can add up quickly.

What’s more, the theft of intellectual property (IP) is a top concern among manufacturers. If IP is stolen during a data breach, organizations risk losing their competitive advantage. IP is often a manufacturer’s most valuable asset—an asset that needs constant protection.

Further complicating matters for manufacturers is that systems are becoming increasingly connected, and sophisticated spear phishing attacks, mobile device challenges and state-sponsored attacks have each elevated the risk of IP theft.

Employee Negligence

One of the most important aspects of any manufacturing operation is its people. However, due to constantly advancing technology and the frequency at which employees are permitted to bring their own devices to work, manufacturers are increasingly exposed to new and disruptive cyber threats.

Four of the top 10 cyber threats facing organizations can occur as the result of employee negligence. Phishing scams, the abuse of IT systems, errors and omissions, and the unsecure use of mobile devices can all occur if employees are improperly trained or wish to do an organization harm.

Industrial Control Systems and Connected Devices

​Industrial control systems are command network and system devices designed to monitor and control industrial processes. These systems are designed to promote efficiency and are often connected to the internet. While this connectivity is essential in modern manufacturing operations, it has created a new exposure for businesses to consider.

This type of exposure was demonstrated in late 2014, when hackers were able to take over the control systems at a German steel mill through the use of phishing emails. The hackers were then able to disrupt the control system to such a degree that a blast furnace could not be properly shut down, which, in turn, lead to an explosion and massive physical damage to the plant. This incident illustrates just how complex cyber exposures can be for manufacturers.

Additional Risks

In addition to the risks above, there are a number of cyber threats in the manufacturing industry that can negatively impact an organization’s bottom line without warning. The following are some risks to be aware of:

  1. Third-party damages. When connecting with customers and vendors online, third-party damages can occur. Third-party damages can take various forms, but often occur when a virus is transmitted to another company or customer. When this happens, your organization could be held liable for any damages.
  2. Business interruptions. Manufacturing businesses often require the use of computer systems, and a disaster can halt your ability to transmit data and lead to lost revenue. Time and resources that normally would have gone elsewhere will need to be directed toward the problem, which could result in further losses. This is especially important as denial-of-service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization’s server.
  3. Cyber extortion. Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. Because a variety of manufacturing projects are time sensitive, delays of any kind can wreak havoc on an organization’s bottom line.

Protecting Yourself with the Right Coverage

To protect your business, cyber liability insurance should be used as part of your overall risk management strategy so you can address a cyber breach quickly and reduce possible damages. The following are possible exposures that may be covered by a typical cyber liability policy:

  • Data breaches
  • Intellectual property rights
  • Damages to a third-party system
  • System failure
  • Cyber extortion
  • Business interruption

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage your business needs is based on your individual operations and your range of exposure. It is important to work with a broker who can identify your areas of risk so a policy can be tailored to fit your situation.

© Zywave, Inc. All rights reserved

Social Media Security Tips for Businesses

Posted on by

Social media is common tool for businesses and can be used to increase customer engagement, gain immediate market feedback, improve search engine visibility and increase sales. However, social media can create a number of security and privacy challenges for organizations and their employees.

In order to keep your business’s sensitive information safe, consider doing the following:

  1. Incorporate social media security strategies into an overall cyber security training program. Ensure that your employees are aware of your company’s overall social media strategy.
  2. Create secure passwords. Consider using numbers and uppercase and lowercase letters in your passwords. Avoid using the same password on multiple sites.
  3. Keep your anti-virus software up to date.
  4. Train employees on phishing scams and on how to protect their usernames and passwords from cyber criminals.
  5. Use lists and privacy settings. Many social networking sites allow businesses to limit social media access to certain user groups.
  6. Filter carefully. On most social networking sites, users have control over their posts but not over what others decide to share. Think carefully about the image you are trying to portray and whether other users’ postings help or hurt that image. Talk to your employees about the impact others’ postings may have on their image and how it could jeopardize their job.

© Zywave, Inc. All rights reserved

6 Considerations When Buying Cyber Insurance

Posted on by

As more and more companies have experienced data breaches in recent years, the market for cyber insurance has grown exponentially. However, unlike other forms of insurance, cyber insurance is not a one-size-fits-all approach.

Most cyber policies are offered a la carte, allowing policyholders to negotiate terms and conditions and purchase the coverage that fits their needs.

The level of coverage your business needs can vary depending on your range of exposure, and it’s important to work with a broker who can tailor a policy to match your business’s requirements.

The following are items to keep in mind when building the ideal coverage:

1.       Limits and sublimits

2.       Retroactive coverage

3.       Exclusions

4.       Panel provisions

5.       Consent provisions

6.       Vendor acts and omissions

Cyber insurance is a relatively new form of coverage—one that will continue to evolve alongside emerging cyber threats. As such, cyber insurance requires organizations to be proactive in assessing their risks and ensuring that their insurance coverages are in line with their specific business practices and exposures.

For more information on the items discussed above and how they may impact your policy, contact your insurance broker today.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN