CFC sent us the advisory below to share regarding a new multi-factor authentication (MFA) vulnerability. Whether you have your cyber policy with CFC or elsewhere, please review and take steps to minimize your exposure.
CFC has become aware of a significant new security vulnerability that can be easily exploited to bypass multi-factor authentication (MFA). MFA is commonly used to protect against phishing attacks and compromised passwords, which are two of the most common root causes of cyber claims seen by our incident response team. Even worse, we’ve become aware of tools available on the dark web that exploit this vulnerability and expect substantial use of the tool to compromise previously protected environments.
How it works
A new penetration testing tool has been published by a security researcher that automates phishing attacks against multi-factor authentication protected websites. This tool, dubbed Modlishka, sits between a user and a target website such as Outlook 365 or Gmail.
The victim receives authentic content from the legitimate site but all traffic and all the victim’s interactions with the legitimate site pass through and are recorded on the Modlishka server. Any passwords a user may enter are automatically logged on this server, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.
If attackers are on hand to collect these tokens in real-time, they can use them to log into victims’ accounts and establish new and legitimate sessions. We have seen a similar method used to intercept other web services such as Citrix Web Access.
You can find more information here.
Steps to take
Cyber security attacks continue to increase in both size and severity. In order to truly protect themselves, businesses must remain informed on the latest cyber security trends. While it can be difficult to predict the emergence of new risks, the following is a list of major threats experts have identified for 2019 and ways to protect your business:
For more information on network security threats and prevention strategies, contact your insurance broker today.
© Zywave, Inc. All rights reserved
Just one brief business interruption can be incredibly costly for an organization, often leading to serious reputational damages or long-term closures. Standard business interruption policies are vital in these instances, providing protection against a variety of common interruptions, including natural disasters, equipment damage and vandalism.
But what happens when one of your suppliers or customers experiences an interruption that derails your operations? To help address this concern, contingent business interruption (CBI) insurance is crucial.
What is CBI Insurance?
Unlike traditional business interruption insurance that compensates the policyholder for a loss resulting from damage to its own property, CBI insurance lets businesses transfer the risk of certain losses to the property of a third party. CBI insurance is an optional extension of business interruption insurance that reimburses lost profits and extra expenses resulting from an interruption of business at the premises of a customer or supplier. Coverage is typically triggered by physical damage to a customer’s or supplier’s property, or to property on which the insured company depends.
In the policy itself, the covered third party property may be specifically named, or the coverage may simply blanket all customers and suppliers. There are a variety of scenarios where this type of coverage is useful:
When in place, CBI insurance can help employers cover ongoing expenses—like payroll and rent—should the insured’s revenue stream be impacted by interruptions at a third party. In many cases, it is not necessary that the customer’s or supplier’s property be totally shut down to trigger CBI insurance.
CBI coverage is provided for a covered loss during the “period of restoration.” This is a time frame specified by the insurer and relates to the reasonable amount of time it should take for the affected property to repair any damages and resume normal operations.
Evaluating Your CBI Needs
To truly understand your CBI insurance needs, it’s important to assess your exposures. CBI exposures will differ depending on the industry you operate in, but are most common in manufacturing, retail, hospitality and professional services.
Prior to meeting with your insurance broker and securing coverage, ask yourself the following:
To get started or to learn more about CBI insurance, contact your insurance broker today.
© Zywave, Inc. All rights reserved
Businesses host parties for a variety of reasons, including the holidays and organizational accomplishments. While these events are fun, team-building opportunities, they can create a number of risks for the hosting company. In fact, in the event that an employee is injured at the party or causes property damage, the employer is usually the one held responsible. This can lead to costly litigation and reputational harm that can affect a company for years.
To avoid major losses, it’s not only important for employers to secure the right insurance coverage for every individual risk, but to also have a thorough understanding of common holiday party exposures.
Alcohol
Anytime you provide alcohol to individuals in a non-commercial manner, you are considered a social host. This is important to note, as a social host may be responsible for the acts of their guests should their conduct create harm. These risks are compounded when alcohol is served, and employers may be liable for damages following a drunken driving accident or similar incident.
While the best way to reduce alcohol liability risks is to avoid serving it altogether, this isn’t always feasible. To promote the safety of your employees and guests at company-sponsored events, consider the following:
Marijuana Consumption
Similar to alcohol use, marijuana and other drug consumption can directly affect the safety of your party guests. In fact, according to the most recent data from the Canadian Centre on Substance Abuse, approximately 34 per cent of vehicle crash deaths can be linked to drug-impaired driving, which is nearly as many as those related to alcohol.
Marijuana contains hundreds of chemicals, many of which act directly on the body and brain. Individual sensitivity to marijuana can vary, but the general effects include the following:
These health effects can last long after an employee smoked, increasing the potential for accidents or major health concerns. In addition, federal, provincial and local laws may prohibit marijuana use in certain areas, making it all the more important to educate employees on behaviour expectations.
To keep your party guests safe and avoid any liability concerns, consider making clear rules for marijuana use at your party. Remind employees that even though they are at a social event, they are still attending a work function and workplace policies on the use of marijuana still apply.
Workplace Harassment and Discrimination
Even when holding company-sponsored events off-site, employers are expected to enforce their workplace policies and safeguard their employees. In particular, employers must pay extra care to prevent issues of harassment and discrimination at their events, as they can lead to employment claims and costly litigation.
To help keep employees safe at company parties, employers should ensure all of their policies related to harassment, violence, discrimination and code of conduct are up to date and account for company-sponsored events. Policies should be specific as to what is and is not tolerated, and redistributed them as thoroughly as possible.
In addition, employers should:
Food Exposures
Food is a staple of many company-sponsored events, and can actually be a useful way to keep party guest sober and limit alcohol-related liability (starchy foods can help reduce the absorption of alcohol). However, when serving food, there are a number of risks employers should consider.
For instance, employers need to be wary of potential food allergies. In the event that a guest gets sick from the food, they could sue the employer for negligence.
To help protect against this, employers should ask party guests to disclose any of their allergies, either in their RSVP or by contacting the event coordinator directly. In addition, you should specify what ingredients are in every food item, both on the menu and on display cards near the food itself.
For added protection against illnesses, it’s critical that employers promote safe food preparation and handling practices. Moreover, when working with a third-party provider, employers should do their due diligence to ensure they are securing reputable vendors.
Property Damage
Property damage can occur at just about any kind of party, even small, company-sponsored events. As the host, it’s your job to ensure your guests remain safe, behave appropriately and respect the venue and its contents.
To do so, employers should:
Secure the Coverage You Need in Advance
Even if you take all the appropriate precautions, incidents can still occur. As such, it’s important for all organizations to secure adequate insurance.
Each business is different, and may require additional policies to account for all of their exposures. Contact your insurance broker to learn about your coverage options when it comes to hosting a party.
© Zywave, Inc. All rights reserved