01/10/2022

How a Cyber Attack Can Affect Your Business

What is a cyber attack?

With a click of your mouse, you can experience a cyber attack. Companies, large and small, can be attacked. Or perhaps you as an individual have experienced an attack on your own device. Canadian Anti-Fraud Centre reports that Canadians lost over $43 million to cybercrime last year! Electronic security breaches involving the personal or commercial information of clients, employees, volunteers, members, suppliers or stakeholders can cripple or ruin a business.

What is cyber insurance?

Cyber insurance protects a business against a wide range of cybercrimes and helps a company mitigate cybercrime risks. Suppose you are a small or medium-sized business (under 500 employees). In that case, you are in a large group with a growing risk of being a victim of a cyber attack because you have information that cybercriminals want. Typically, small to medium-sized businesses lack the security infrastructure of larger companies. The reality is that 60% of small businesses go out of business within six months of a cyber attack.

How do cybercriminals attack?

Ransomware: This type of malware prevents users from accessing their system or personal files. When you think of the word “ransom”, you may think of someone being held hostage until a ransom fee is paid to the criminal. Well, when we speak of ransomware, it does have a similar meaning. A hacker will block access to a company’s database or your personal files and demand a ransom payment to regain access. It is a significant problem and a scary prospect to have all of your files and data held hostage until you pay up.

How does ransomware get on my system?

Spam: They simply send an email with a malicious attachment to as many people as possible, seeing who opens the attachment and “takes the bait,” so to speak. And now they have access to your system.

Malvertising: The use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalogue details about victim computers and their locations.

Spear Phishing: An example would be sending emails to employees claiming that the CEO is asking you to take a critical employee survey, or the HR department requires you to download and read a new policy manual.

Social engineering: Cybercriminals pose as one of your friends or a trusted source such as the CRA, scaring users into paying them for income tax returns or helping your friend out that just lost their job, requesting you to send money ASAP!

Types of ransomware:

Scareware: This type of attack tricks victims into thinking their computer or device is infected with a virus. Just like legitimate antivirus products, it displays pop-up messages telling the victim that their computer or device is infected. Generally, a legit cybersecurity software program would NOT solicit customers in this manner. If you DO NOT already have this company’s software on your computer, then they would not be monitoring you for ransomware infection.

Screen lockers: When lock-screen ransomware gets on your computer, it means you are frozen out of your computer entirely. Upon starting your computer, a full-size window will appear, often accompanied by an official-looking legal department such as the Ontario Courts saying illegal activity has been detected on your computer and you must pay a fine. However, if we stop and think about this, we know the Courts would not do that. Someone would be knocking on your front door with the police in tow if that were the case!

Encrypting ransomware: This one is particularly awful! They snatch up your files and encrypt them, demanding payment for the attacker to decrypt and redeliver them to you.

For example - Back in September, a close colleague of our President, Scott Maskell fell victim to a cyber attack. The hackers gained access to their business data, including customers’ emails, credit information and business bank accounts. Their IT provider advised the business not to disconnect their computers from the server, which would encrypt their information and prevent them from using it. While the insurance company’s adjuster negotiated the ransom payment from the hacker, they agreed on a settlement to be paid. During this time, the business suffered a loss of income and trust from their customers. With support from their cyber insurance policy, the client was able to recover and will continue to remain in business.

How you can protect your business:

Cyber insurance: You may need help after a cybercrime to mitigate costs such as business interruption, loss of income, equipment damage, legal fees, public relations expenses and forensic analysis.

Education: Educate employees about common cyber scams that can be in the form of emails or texts. Advise against the danger of browsing unsafe websites and using business computers to access personal accounts.

Inform IT: Report suspicious emails, texts or other likely cyber attacks to your IT team right away.

Security: Install firewalls, antivirus systems and software and keep it updated and patched for security. In addition to the standard external firewall, many companies install their own internal firewalls to provide additional protection.

Passwords: Have your staff create passwords with strong strategic alliances. The ample bandwidth and computational processing power these days make it easy for hackers to launch dictionary attacks that can easily guess passwords.

Third-party IT: Consulting and hiring a third-party IT department can provide security by monitoring your organization’s data, storing your data to the cloud, creating protocols for accessing sensitive information, and helping to protect you from scams.

Backup your data: The best protection against ransomware attacks is to keep reliable data backups. Instead of making ransom payments, victims can simply wipe their hard drives and recover from a backup. Your IT provider can help you set this up to run automatically and by the minute, hour, day, depending on your organization’s transactions within a 24 hour period.

Contact list: Create a list of vendors you may need to contact after an attack, such as investigators, legal counsel, PR, and your insurance broker.

Create a cybersecurity plan: Create a plan and be prepared to prevent and respond to an incident.

A cyber attack can be a scary and costly experience for a business. Having cyber insurance can be immensely beneficial when a business is compromised. Let Erion be your trusted companion, ensuring you have the right cyber insurance in place; contact us!