☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Risk Management

5 Types of Cyber Attacks That Threaten Small Businesses

Posted on by

Because news surrounding data breaches often highlight major companies like Target or Yahoo, it’s easy to think of cyber attacks as a big business problem. However, small businesses are just as much at risk and could have to front $46,000 or more per cyber security event. As such, it’s important to be aware of the following five common cyber attacks that threaten small businesses:

  1. Denial-of-service attacks (DoS). A DoS attack occurs when a cyber criminal sends a large amount of data from multiple computers in order to overwhelm your system and shut it down. This attack can result in a direct loss in revenue, as your website could be down for extended periods of time.
  2. Inside attacks. Cyber attacks don’t always come from outside sources. In some cases, a disgruntled employee who has access to your system can hijack your critical data and hold it for ransom.
  3. Malware is any malicious software that can be used to gain access to your system and cause damage. Typically, malware refers to worms, viruses and ransomware.
  4. Password attacks. Password attacks are when hackers crack your password and gain access to your system. This type of attack can be difficult to defend against because it doesn’t always require a malicious code or software.
  5. Phishing is a cyber attack in which a hacker disguises him- or herself as a trusted source in order to acquire sensitive information. This can be accomplished via email or other direct forms of online contact.

To protect themselves from all types of cyber breaches, small businesses should consider evaluating their systems for exposures on a regular basis. In addition, it is important to train workers on cyber security and ensure that antivirus and other protective measures are up to date and operational.

© Zywave, Inc. All rights reserved

1 in 4 Internet Users Don’t Know How to Respond to a Ransomware Attack

Posted on by

The 2017 Centre for International Governance Innovation (CIGI)-Ipsos Global Study on Internet Security and Trust, which surveyed 24,255 users across multiple countries, recently found that 1 in 4 internet users would have no idea how to respond to a ransomware attack. In addition, the study found that just 16 per cent of users would know how to retrieve data from a backup while another 13 per cent wouldn’t even attempt to recover data if vital information was compromised.

This survey comes on the heels of the recent WannaCry ransomware attacks, which impacted over 200,000 users in at least 150 countries. Initial reports indicated that the WannaCry attack used ransomware to hijack computer systems and demand money in the form of bitcoin, a type of digital payment system.

The ransomware initially requested around $300 and, if no payment was made, it threatened to double the amount after three days and delete files within seven days. This type of cyber attack is common and can impact businesses of any size, so it’s important to know what steps to take in order to protect your business.

The WannaCry attacks illustrate the importance of ensuring that any and all software patches are up to date. For further protection, consider training every employee on cyber security, and instruct them to never click on suspicious emails or attachments.

Other ransomware precautions include the following:

  • Update your network if you haven’t yet and implement the appropriate software patches.
  • Turn on auto-updaters, if available.
  • Don’t click on links that you don’t recognize.
  • Don’t download files from people you don’t know.
  • Back up your documents regularly.

Following this attack, organizations are likely to be more proactive in adjusting security measures so malware can’t spread automatically. Taking these precautions into mind, your organization can avoid potentially costly ransomware attacks. As an added benefit, a higher focus on in-network security measures can make your organization more attractive to potential customers and other third parties.

© Zywave, Inc. All rights reserved

The Importance of Cyber Insurance for Manufacturers

Posted on by

While it’s commonly thought that cyber breaches are only a threat for large companies, small and mid-size businesses are just as much at risk. This is especially true for manufacturers, as it is an industry norm for them to quickly adopt new, more efficient technologies—technologies that are often a target of cyber criminals.

While specific cyber exposures for manufacturers are vast, they typically include the following:

  • Data breaches. Almost every business stores sensitive information. For manufacturers, this typically includes personally identifiable information of employees and customers. Items like names, addresses and credit card information are all at risk.
  • Third-party damages. When an email sent from your server has a virus and crashes the system of a customer, you could be held liable for the damages.
  • Business interruption. A natural disaster, malicious activity or fire can cause physical damages that could result in data or code loss. Manufacturing businesses often require the use of computer systems, and a disaster can halt your ability to transmit data and lead to lost revenue.
  • Cyber extortion. Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. Because a variety of manufacturing projects are time sensitive, delays of any kind can wreak havoc on an organization’s bottom line.

All of the above exposures apply to businesses of all sizes and industries. A critical cyber incident could result in financial loss or severe reputational damages. What’s more, without cyber insurance, businesses are not adequately protected from cyber exposures.

Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. To protect your business, speak with your broker about cyber insurance today.

© Zywave, Inc. All rights reserved

Is Your Organization Ready for Mandatory Data Breach Notifications?

Posted on by

Overview

On June 18, 2015, the Digital Privacy Act (DPA) received royal assent and became law. Among other things, the DPA amended the Personal Information Protection and Electronic Documents Act (PIPEDA) by revising consent requirements, introducing mandatory breach notification and record-keeping requirements, and adding significant fines for non-compliance.

While many of the measures introduced by the DPA have been in force since the bill was first enacted, the government held off on imposing mandatory breach reporting until the proper regulations were implemented.

Such regulations could be in place as early as fall 2017, and organizations will want to ensure that they know what is expected of them in order to remain compliant and avoid costly fines as high as $100,000.

Mandatory Data Breach Notifications

The DPA imposes reporting requirements for every organization in Canada that suffers a data breach, particularly if that data breach creates a real risk of significant harm to the personal information of one or more individuals. While the full extent of the reporting requirements will not be known until the corresponding regulations are published, the DPA defines significant harm broadly to include the following:

  • Bodily harm
  • Humiliation
  • Damage to reputations or relationships
  • Loss of employment, business or professional opportunities
  • Financial loss
  • Identity theft
  • Negative effects on credit records
  • Damage to or loss of property

Most often, the existence of “a real risk of significant harm” will be based on the sensitivity of the personal information involved in the breach, the probability that the personal information will be misused and additional factors that may be prescribed by the forthcoming regulations.

If a breach causing significant harm to one or more individuals occurs, the affected organization must do the following, as soon as feasible:

  • Report the incident to the Office of the Privacy Commissioner of Canada (Privacy Commissioner).
  • Notify affected individuals of the breach and provide them with information on how they may minimize the harm caused by the breach.
  • Inform other organizations and government entities of the breach, especially if they believe that doing so could reduce risks or mitigate harm.

Notices must contain enough information to help affected individuals fully understand the extent of harm caused by the breach. Additionally, notices must be conspicuous and provided directly to affected individuals. However, in limited circumstances, indirect notices may be permitted. Once again, more detail will be available to organizations once the forthcoming regulations are published.

Record-keeping Requirements

Another key change under the DPA will be the requirement that organizations keep records of all security breaches involving personal information. While it is still unclear the level of detail these records will need to contain, it is clear that the Privacy Commissioner will have the right to request and review these records at any time.

Penalties for Non-compliance

Under the DPA, fines up to $100,000 may be imposed against organizations that knowingly violate the mandatory breach notification requirements or breach record-keeping requirements. Until the regulations are finalized, it will remain unclear if a violation will include a single incident (for example, a single failure to notify all individuals impacted by a breach) or each incident (for example, each failure to notify each individual impacted by a breach). However, it is clear that the Privacy Commissioner now has the ability to impose significant fines for non-compliance.

What Does this Mean for Organizations?

Mandatory data breach notifications could impact any organization that is at risk of a cyber attack. Given the reach of the DPA and upcoming regulations, all organizations should consider doing the following:

  • Review and update existing protocols and policies to account for detecting, responding and reporting data breach incidents internally.
  • Assess the types of information—personal information, intellectual property, supplier data, etc.—they hold and how they would respond in the event of a breach.
  • Create a data breach incident response plan if one does not already exist. Such a plan should include methods for notifying the Privacy Commissioner and any impacted individuals.
  • Ensure that they have sufficient insurance in place and have taken the steps to mitigate any litigation exposures. Such steps often include requiring employee training, performing security audits and identifying cyber security vendors.

Organizations should review the DPA to ensure they are compliant with all aspects of the legislation.

© Zywave, Inc. All rights reserved

IT Security Is a Top Challenge for Firms around the World

Posted on by

A recent survey conducted by Protiviti and the Information Systems Audit and Control Association (ISACA), found that cyber security, privacy issues, infrastructure management and emerging technologies rank as the top IT challenges facing organizations today.

The annual survey—A Global Look at IT Audit Best Practices—gathered responses from over 1,000 IT audit professionals and focused on emerging technology, IT implementation, audits, risk assessments and hiring practices. Respondents were asked to name their greatest technology or business challenges.

The following were the top 10 responses:

  1. IT security, privacy and cyber security
  2. Infrastructure management
  3. Emerging technology and infrastructure changes
  4. Resource, staffing and skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing and virtualization
  8. Bridging IT and the business
  9. Project management and change management
  10. Third-party and vendor managementIn order to protect themselves and stay current on emerging risks, experts recommend that organizations continually review the IT risk landscape and adjust IT audit plans accordingly.

The survey also found that, while 90 per cent of large organizations conducted an IT audit risk assessment, only a little more than half of them did so on an annual basis.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN