Regardless of how up-to-date your IT systems are, we are advising businesses to consider purchasing Cyber Liability Insurance as a matter of urgency and can provide a free quotation within 30 minutes – please call 020 8909 2899 today.
WannaCry exploits a vulnerability in Microsoft, who released a software patch to fix it in March, however many users fail to install updates and patches on their computers meaning vulnerabilities can remain open a lot longer and make it easier to exploit. If you have been affected, the National Cyber Security Centre has advice on steps to take: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware
What is Ransomware?
There are two main types of ransomware – lock screen ransomware, where screens are locked to bar access, and encryption ransomware, where files are altered and opening prevented until an encryption key is applied. Either way, a ransom – usually payable in Bitcoins – is demanded, and which affected organisations must pay, or lose critical data. As cyber criminals become ever more sophisticated, businesses can be infected by ransomware via a number of routes but typically email, through accessing malicious websites or due to flaws in installed software (and omitting to apply patches).
Top tips to protect your business
Here are some of the top measures IT professionals believe are essential for protecting businesses from cyber crime:
1. Install anti-virus, web filtering and firewalls
The best way to secure against a cyber attack is to prevent malware entering the business in the first place. Implementing anti-virus, web filtering and firewalls are a must – and ensuring they are always up-to-date.
2. Keep software updates patches applied
Malware can often enter via bugs in software and applications. Protection can be advanced through ensuring software updates are implemented and patches applied as soon as they’re released. WannaCry is believed to be exploiting a Windows issue for which Microsoft released a patch in March, but many organisations did not update their systems.
3. Backup your files and data
Whereas encryption ransomware will result in live data being affected, backup data will not have been maliciously encrypted. Once infected devices have been cleared backup data can be restored and your business can be swiftly back up and running!
4. Keep your employees trained – Be careful what you click on! It’s essential to keep reminding employees of these potential ransomware threats. (The malware of this attack was distributed by phishing emails)
Cyber crime originating through email is common, often sent as mass random communications. Therefore, it’s worth ensuring employees receive regular training to remind them of potential hazards. Emails incorporating malicious links still create issues for many businesses. Some signs to look for include:
5. Is it really the CEO emailing?
A common and growing form of cyber attack visited through email is that of spear-phishing, where an attacker poses as a company official to exploit a specific function – such as a ‘CEO’ requesting finance transfer funds. These types of email can also claim to come from official organisations – a bank, government department, or even the police, for example.
6. Formalise security policiesDefine in writing formal protection policies and processes, and work with an IT partner to roll out these policies on every machine, to provide as much protection as possible for each individual user.
7. Instigate a robust password policy
It goes without saying that the more robust a password requirements policy, the harder it is for cybercriminals to infiltrate. But many businesses still employ an ineffective/weak set of regulations – if any. Insisting on unique ‘strong’ passwords for individual accounts will help reduce potential risk, as will implementing single-sign on solutions. With multi-factor authentication, access is gained only after successful submission of various pieces of requested information, such as a numeric code texted to a mobile device, as an additional layer on top of password control.
8. Turn off immediately if suspicious activity is detected
At an early stage of an attack disconnecting from the web could prevent the malware establishing itself, but doing so may also prevent ransomware spreading to other areas of the business.
We are advising businesses to consider purchasing Cyber Liability insurance – to find out more about this cover or for a free quotation please call 020 8909 2899
Crowded places are – and will remain – attractive targets for international and “home-grown” terrorists and so an important element of any counter-terrorist strategy is to create safer places and buildings that are less vulnerable to a terrorist attack. This is especially so for leisure, hospitality, retail industries.
Cost of terrorism
Companies still significantly underestimate their potential exposure to the related risks and losses, especially to the increasing indirect risks from terrorism elsewhere. For example, the Paris attacks in November 2015 paralysed Brussels’ tourism and retail sectors some 320 kilometres away and had a lasting impact on the city’s commerce.
Many UK companies are unaware – or have underestimated – the financial losses that could occur if a key supplier or business partner (in the UK or internationally) were unable to operate for a significant period of time.
The human and financial cost of terrorism is growing rapidly. The Institute of Economics and Peace has estimated that the direct cost of terrorism to the global economy in 2014 was $52.9 billion – a ten-fold increase since 2000 – and the indirect costs at $105 billion.
Companies can’t predict all possible threats to their business. However, by working through a range of potential scenarios and consequences it is possible to make informed judgements and set appropriate priorities.
The following process is an effective way for companies to think about improving the management of these risks:
Step one: identify the threats.Understanding terrorists’ intentions and capabilities, what they might do and how they might act, is a crucial first step to assessing potential threats.
Step two: decide what you need to do to.Priorities should fall under the following categories: people, physical assets, information and process (supply chains and the operational process required to support the business).
Step three: identify measures to reduce risk.Companies should introduce new proportionate measures that: deter would-be terrorists; aid detection of intrusion; and delay any attempts at intrusion.
Step four: continually review your security measures.Security and contingency plans should be rehearsed and reviewed on a regular basis to ensure they remain accurate, workable and up-to-date.
Since the IRA attack on the Baltic Exchange in London in 1993, the UK established a mutual government reinsurer, Pool Re, to provide a backstop to insurers that offer terrorism cover on business property and business interruption policies. This has worked well and despite £600 million of claims from 13 separate incidents there has been no use of public money.
However, the increasingly interconnected nature of global commerce means that UK organisations are not only exposed to events in the domestic market but many also have international exposures through the global reach of their business activities. Companies can also be impacted via a change in consumer behaviour in the aftermath of a terrorist attack.
New threats and new risks require new insurance solutions and one insurer is now offering a contingent Loss of Attraction cover, for example.
As always if you have any questions regarding your business insurance please contact Forum Insurance on 020 8909 2899