Protect your organization from cyber crime A cyber attack is not just inconvenient and expensive, it can be an existential threat to an organization. For companies that sell products through e-commerce or maintain electronic data on their customers, a systems breach involving this information can cripple or ruin a business. Cyber attacks are organizational risks that businesses can be exposed to with just an errant click of a mouse.Whether your organization is a multinational corporation, a sole proprietorship operating out of your home or a non-profit that uses online tools to support fundraising activities, its operations are susceptible to online attacks from hackers and other criminals lurking online. A corporate website that does not meet best practices for information security could not only compromise proprietary data and information about the company's clients, it could expose the organization to liability for not protecting its data. Simply publishing content that contains specific personal or organizational details online can open the door to a multitude of potential exposures such as:Electronic security breaches involving the personal and/or commercial information of clients, employees, volunteers, members, suppliers and/or stakeholders.Organizations should also take special care in securing mobile devices that contain client, employee, volunteer and/or member data. The use of stolen smartphones, laptops, USB flash drives and tablets can provide access to your network when in the wrong hands.Cyber Insurance Speciality insurance coverage for cyber risks is relatively new and continually evolving. However, the threats to organizations and the possibility of legal action against them is a reality that business owners should consider.We live in a time when many organizations do all of their activities electronically, and the majority of their assets are in the data they collect. There have been several high-profile personal information breaches that have compromised tens of millions of records and cost the affected companies millions of dollars. Organizations that rely on an online presence and use e-commerce as a distribution method or have employees who carry electronics that hold customers' personal or commercial information should contact their insurance representatives, who can help them find coverage to best protect themselves. Six questions to consider when buying cyber insuranceHow many records containing personal information does your organization retain or have access to?How many records containing sensitive commercial information does your organization retain or have access to?What security controls can you put in place to reduce risk of having your system compromisedDo all portable media and computing devices need to be encrypted?What about unencrypted media in the care, custody or control of your third-party service providers?Could you make a claim if you were unable to detect an intrusion until several months or years had passed?Types of cyber attacksCriminal hackers are devising new techniques all the time to attack organizations. Here are a few of the most common methods.Denial of service attack: The hacker floods a website with more traffic than it was built to handle, making it impossible for legitimate visitors to access the site.Phishing: An attacker pretends to represent a trusted organization to trick a user into taking an action (such as opening a malicious attachment or clicking on a bogus link) that he or she would normally not take.Malware: Harmful software takes control of a machine, monitors user actions and keystrokes, and/or sends confidential data from the infected computer or network to the attacker's home base.Ransomware: This software encrypts files to prevent users from accessing them and then demands payment for their safe recovery. These attacks can occur after clicking on a phishing link or visiting a compromised website.Spoofing: A cyber criminal impersonates another user or device to attack network hosts, steal information, spread malware or bypass access controls.Brute force: The attacker attempts to decode encrypted data by trying as many password combinations as possible, as quickly as possible.What can cyber insurance cover?Regulatory defence expenses: Civil fines incurred in responding to a regulatory proceeding resulting from a privacy or network security breachLegal and civil damages: The cost of legal representation and possible damages related to a privacy or network security breachSecurity breach remediation and notification expenses: The costs to notify affected parties and manage a privacy incidentCrisis management expenses: Public relations expenses to manage the damage to your organization's reputationForensic investigations expenses: The costs of hiring a breach response firmComputer program and electronic data restoration expenses: Expenses to restore or recover damaged or corrupted data caused by a breach, denial-of-service attack or ransomwareE-commerce extortion and reward payments coverage: Pays for the cost of a professional negotiator and potential ransom payments to the person or organization extorting you or your organizationBusiness interruption and additional expenses: Income your business loses and the costs it incurs due to an interruption in services Facts About Cyber CrimeCyber crime typically involves an attack on an organization’s electronic infrastructure and/or gaining unauthorized access to data with the intent of stealing it. These attacks are not only inconvenient and expensive, they can present an existential threat to a business or organization. Related ServicesCyber Risks: An Increased Threat During COVID-19Cyber criminals are attempting to take advantage of the upheaval caused by the COVID-19 pandemicKnow your cyber risksWhen insuring assets, many companies still prioritize bricks and mortar over informational assets and data. Most medium- and small businesses that protect their data with a cyber insurance policy are underinsured.Canadian businesses are at riskA hack, or breach, against a smaller organization often doesn’t generate significant attention, but it can cripple or ruin a small or medium-sized business. Useful LinksConsumer Reports Security PlannerCut down on data collection and prevent hackers from invading your laptop, tablet and even your phone. Answer a few simple questions to get customized recommendations to help you: Safely backup files, Browse online without tracking, Avoid phishing scams & Prevent identity theftCyber Centre reminds Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activityAs geopolitical tensions continue to rise, Canada’s Cyber Centre is following the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure network operators, their operational and information technology (OT/IT).Top measures to enhance cyber security for small and medium organizationsLooking for steps you can take to protect your organization’s networks and information from cyber threats? To get you started, we have summarized the 13 security control categories that are identified in our Baseline Cyber Security Controls for Small and Medium Organizations and form the foundation for the CyberSecure Canada Certification program.Get Cyber SafeWhen it comes to cyber security, educating your employees is the first, best defense against most online dangers. And there are many ways to help them get the message, from internal newsletters and staff emails to seminars and lunch and learns.CyberSecure CanadaCyberSecure Canada is the federal government’s cybersecurity certification program for small and medium-sized organizations (SMOs).