Cyber Attacks, who needs to be protected?

We’ve all read about the large data breaches to companies like Target, Blue Cross, Blue Shield, Ashley Madison and many more. What we do not hear about are the thousands of small businesses that incur Cyber Attacks and how badly it hurts them.

If your business stores this kind of data, paper or electronic, your business is a target for cyber criminals to obtain:

Personally Identifiable Information

Protected Health Information

Credit Card Information

Other Proprietary Information

How do criminals obtain this information from a business?

There are a number of ways criminals can get into your computers. It can be as simple as a physical break-in at your business, or a paper purge. Cyber criminals can send you an email with a link that, if opened, may give them access to your entire system. If you are using wifi, you may be using a wifi provided by a criminal that allows them to see everything in your computer. You may get an email from someone that you know or work with now but has been hacked from their computer. You may get an email from an address that looks legitimate but is actually a little different (this is called “spoofing”). When any of these things happen, all your files are at risk.

This kind of crime happens more often than you think. I’ll give you an idea of how often: In our insurance business, we receive a lot of emails. This is why we pay for 2 separate email filters that try to eliminate spam and emails containing viruses. Here are actual statistics for emails sent to Van Beurden Insurance for the month of May:

VALID: 51,501

SPAM: 160,384

VIRUS: 255,308

TOTAL: 467,193

That is a quarter of a million emails containing viruses that were caught, just in the single month of May! What would happen if we didn’t screen our emails and we opened even one of them?

I’ll share with you an incident that just happened to me. A week ago, I received an email that was addressed from a dentist that I used to insure. It had an attachment and the email said it contained important business documents. I had not requested anything from this dentist, so before opening anything, I called the office. The receptionist said she had been receiving calls all morning from patients and vendors of the dentist. She said they didn’t send out the email and had no idea how it was sent out. Of course, it was sent out because someone in the dentist’s office must have opened an email that allowed a hacker access to the dentist’s computer and all their patient and vendor information. This is very common, and is now going to cost this dentist a lot of money, time and lost confidence before the problem goes away.

What can you do to protect your business?

The first step is securing insurance to protect your business from Cyber Attacks. In the case I shared about the dentist whose information was hacked, cyber attack insurance would pay for the 3 years of credit monitoring for all contacts in the dentist’s computer, which law requires. It would also pay for the cost of contacting all the individuals and businesses whose data was compromised, letting them know that their information may have been compromised. It would also pay for damages incurred as a result of the Cyber Attack such as Malware ransoms. As these attacks are becoming more and more common, I strongly suggest you ask for a quote for this coverage if you do not yet have it.

In addition to insurance to protect your business, I would also suggest education. Unfortunately, the weakest link in all of our systems is us. We can purchase the best blocking programs on the market but bad emails still get through. All of us need to understand what not to open, what not to send and what to do if something looks questionable. Our office has enlisted the help of an outside vendor to help train all our employees in an effort to minimize our exposure, which is a good idea. However, we still have insurance in the event that we make the simple mistake of opening something that looks fine, but is not.

Thanks for reading my blog and please contact me if you would like to discuss further.