Breaking down cyber attacks
In insurance we promote the importance of being protected from cyber attacks or social engineering. Insurance can help cover the costs should a serious threat jeopardize your business operations. But more important is to have a solid cyber protection plan in place for your business. Be proactive and protect your assets, your company and client’s private data. Although, we hear about it the news on a regular basis, many companies take the approach that they will not be a target. But stats and reality paint a very different picture. Any company large or small can be the victim of a cyber attack. In this series we will break down the main security threats that you may be exposed to and best practices to keep your digital and physical assets under lock and key.
Malware
Malware is a general term that describes viruses, worms, Trojan horses, spyware, adware, rootkits and other unwanted software or programs. Once a malware program has gained access to a device, it can disrupt normal computing operations, collect info and control system resources. Malware programs are being produced at an alarming rate and are always changing form and purpose, making detection and prevention harder for business owners.
Some of the top sources of malware programs are the most popular and widely used features of the Internet, including email, social networking, and search engines
Tips to protect against malware:
- Implement organization-wide computer protections such as blocking certain websites.
- Do not allow employees to have administrator rights to install programs. This would prevent employees from falling for fake anti-virus scams, which often display a pop-up window claiming that they must install a program or run a virus scan, which instead installs a virus program onto their computer.
- Employee communications should be used to inform workers of the potential dangers of malware.
- Install and keep updated trusted anti-virus and anti-spyware programs installed on company devices.
- Run regularly scheduled scans with anti-virus software.
- Keep all operating systems current.
- Educate employees on the latest malware scams, what to look for and to communicate with the IT or security department if they see something suspicious.
- All devices are susceptible, so monitor tablets, laptops and especially smartphones.
Hacking
Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. Unlawful activity by cybercriminals—are usually motivated by financial gain and not always about the data that is being compromised. But often it is the data that is “kidnapped”.
Historically, hacking was technical in nature, but has now moved to tactics referred to as social engineering; where hackers use psychology to trick a user into clicking on a malicious link, attachment or revealing personal information.
Injection of SQL
Structured Query Language (SQL) is a language used to view or change data in databases. It is one of the most frequently used tools for hackers to access sensitive data such as passwords, social insurance numbers, or credit card details. An SQL injection is a technique that attackers apply to insert SQL query into input fields to then be processed by the underlying SQL database. These weaknesses are then able to be ambushed. Securing databases is best left to the coders but the following can help keep data secure:
- Implement multi-level security protocols
- Encrypt data and passwords
- Use two-factor authentication for logins
- Use third-party authentication
- Implement secure and complex passwords
- Use challenge response questions such as captcha at log in screens
Cyber Insurance is more affordable than the alternative.
According to Symantec, the average cost of a cyber attack on a small or medium-sized business is nearly $200,000. Nearly 60% of the small businesses victimized by a cyber attack permanently close their doors within six months. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.
Denial of service attacks (DOS)
Ransomware is malicious software that infects a computer and denies access to the system or data, and demands a sum of money to restore the information. Presently, the most common forms of ransomware will encrypt data.
When a ransomware attack locks a companies critical data and prevents access to files data or prevents servicing its customers, the attack becomes a denial of service attack. Regardless of the type of ransomware, experts recommend against paying the ransom. After all, there is no guarantee that you will regain access to your computer, network or files after you pay. Furthermore, by paying the ransom, you could be encouraging future cyber crimes.
If your business is affected by ransomware, take the following steps:
- Do not do anything further on your computer systems. If possible, consult your IT department or an IT professional for assistance. Your back up protocols will become your key to fixing the problem.
- Immediately contact the Canadian Cyber Incident Response Centre (CCIRC) to report the incident. The CCIRC can assist your business to mitigate further damage.
- Open a criminal investigation into the matter by reporting the incident to your local police force or jurisdiction, and inform the CCIRC that you have done so.
- Report the incident to the Canadian Anti-fraud Centre.
Are you planning for the future?
Every business has to plan for the unexpected, and that includes the loss or theft of data from your business. Not only can data loss or theft hurt your business, brand and customer confidence, it can also expose you to significant legal actions.
That’s why it’s critical to understand exactly which data or security breach regulations affect your business and how prepared you are to respond to them. At the very least, all employees and contractors should understand that they must immediately report any loss or theft of information to the appropriate company officer.
Identifying your exposures will help determine how to protect your data. In addition to data security measures, insuring your data is crucial. For more information, contact Reliance Insurance Agencies, Ltd. today.
*Parts of this article have been produced and published by Zywave Inc