Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Call: 604.255.4616

  • Or complete the form for a callback

Call: 604.255.4616

  • Or complete the form for a callback
All Articles Liability Risk Management Property Specialty Coverages Group Benefits Events Community

How to protect your company when cyber attacks happen from within an organization

Some of the most damaging cyber-attacks can come from within the business, in ways that many employers overlook when it comes to their cyber security. It’s an employer’s worst nightmare—an employee is dissatisfied with his or her job and decides to sabotage the company. Employees can also cause enormous damage by inadvertent errors. By recognizing signs of internal cyber risks and implementing practises to prevent it, you can fend off internal cyber situations.

Malicious insider

According to Info-Security Magazine, the concern about intentional data breaches has increased year-on-year, with 75% of IT leaders believing that employees have put data at risk intentionally. These are the employees who are dissatisfied with their jobs and see this as a way to “pay back” an organization for some contrived wrong. There are also reports of malicious insiders being purposely placed by cyber-criminals to get jobs in companies to steal information or to do conduct corporate espionage.

Of those employees that have accidentally leaked data, 41% said it was due to a phishing message, 31% said that this was due to information being sent to the wrong recipient and 29% said that they or a colleague had intentionally shared data against company policy in the last year. Dan Raywood Deputy Editor, Infosecurity Magazine

Ransom demands

Unfortunately, if you have to choose to pay for a ransom demand after a cyber security attack it is probably too late. However, if you have just experienced a “denial of service attack” you may be able to restore your systems from your back ups and moving to another server (link to the cyber blog #1). However, if your attackers have accessed sensitive data that will be released that is when you need to bring in the professionals: lawyers, insurance agents and IT professionals.

One of the most well-known, swift and board sweeping ransom ware attacks was WannaCry which crippled many large organizations around the world. What most cyber criminals want is cryptocurrency. They are after a pay-day. Once an organization has been infected it results in loss of business productivity, revenues, loss of sensitive data and paying does not always guarantee you will get your data back.

From an insurance perspective we cannot stress enough that prevention is worth every dollar you put into your IT security and protocols.

  • Here are a few things the ideal cyber security protocol should be designed to protect against ransomware threats:
  • Implement real-time protection to prevent or interfere with the activation of ransomware.
  • The defence should provide inline protection.
  • The protection needs to be updated frequently. Security systems that allow days or weeks between updates give cyber criminals more time to
  • target different systems with the same ransomware.
  • Email is the first line of intrusion and a strong email security system needs to be implemented.

Procedural errors

Prevention is the start of a good cyber security plan. Procedural errors are common when there are no standardized guidelines in an organization related to password management and sharing of company devices. It is important for each employee to understand the rules when it comes to digital security. The most common procedural errors are:

  • Poor password management
  • Letting unauthorized users access corporate devices
  • Poorly managed high privileged accounts
  • Misdelivery of information

Tips to combat procedural errors:

  • Implement mandatory rules from C-suite down to every employee
  • Educate your staff on best practices.
  • Implement password protocols that are mandatory
  • Utilize a password vault system
  • Implement password resets every six months.
  • Have a written rule about who and when access to company accounts can be shared.
  • Ensure off-boarding of employee’s digital accounts is immediate or prior to an employee leaving the organization.

Inadvertent employee or contractor error

We all make mistakes and unfortunately the stats show that 41% of employees have unintentionally invited a cyber security risk. Workforces today are taxed with working with multiple systems and platforms, coupled with strenuous workloads and demanding clients or timelines, it is easy to make a mistake. The most common inadvertent employee errors are:

  • Phishing messages or scams
  • Fake login web pages
  • Sending data to the wrong individual (bank transfers etc.)
  • Putting log in credentials into unsecure emails
  • Sharing password information

Employee education is the best way to combat inadvertent employee errors. Have regular check ins with staff to make sure they understand the key warning signs related to scams. Teach them and give real live examples of how smart scammers are. Get them to routinely do the following:

  • Think not once or twice but three times before clicking on a link
  • Watch for the return email addresses – often it is a subtle one-character difference from a real email address.
  • Follow up with people in person or by telephone if someone is requesting sensitive information or money transfers.
  • Be adamant not to share any passwords. And if they are shared it should only through a password manager vault where the actual password can be hidden.
  • Do not put any sensitive information in an email. You a secure in house or cloud program. Or better yet text a PW and a user login separately.
  • Review the URL of a page before clicking any links or putting in sensitive data.

Managing cyber security training can be daunting, but with practice and ongoing regular training this will become second nature to your workforce. For a cyber security checklist contact your Reliance advisor and get started today to a more secure digital way of doing business.

Related Articles

Enhancing safety for transport drivers

With ELD Tech on the horizon, common sense is still a critical component to transport driver safety Canadian transport companies are gearing up for big […]

The Jim Ball Awards have arrived

The Jim Ball Awards Have Arrived! In light of the 90th Academy Awards ceremony, the Producers at Reliance Insurance have decided to create The Jim […]

Cannabis in the workplace: duty and responsibility for employers and employees

The Canadian Senate has now passed the Cannabis Act and we are well on our way to legalized recreational marijuana use in Canada this October […]