Left Navigation Protect your organization from cyber crime A cyber attack is not just inconvenient and expensive, it can be an existential threat to an organization. For companies that sell products through e-commerce or maintain electronic data on their customers, a systems breach involving this information can cripple or ruin a business. Cyber attacks are organizational risks that businesses can be exposed to with just an errant click of a mouse.Whether your organization is a multinational corporation, a sole proprietorship operating out of your home or a non-profit that uses online tools to support fundraising activities, its operations are susceptible to online attacks from hackers and other criminals lurking online. A corporate website that does not meet best practices for information security could not only compromise proprietary data and information about the company’s clients, it could expose the organization to liability for not protecting its data. Simply publishing content that contains specific personal or organizational details online can open the door to a multitude of potential exposures such as:Electronic security breaches involving the personal and/or commercial information of clients, employees, volunteers, members, suppliers and/or stakeholders.Organizations should also take special care in securing mobile devices that contain client, employee, volunteer and/or member data. The use of stolen smartphones, laptops, USB flash drives and tablets can provide access to your network when in the wrong hands. Cyber InsuranceSpeciality insurance coverage for cyber risks is relatively new and continually evovling. However, the threats to organizations and the possibility of legal action against them is a reality that business owners should consider.We live in a time when many organizations do all of their activities electronically, and the majority of their assets are in the data they collect. There have been several high-profile personal information breaches that have compromised tens of millions of records and cost the affected companies millions of dollars. Organizations that rely on an online presence and use e-commerce as a distribution method or have employees who carry electronics that hold customers’ personal or commercial information should contact their insurance representatives, who can help them find coverage to best protect themselves. Six questions to consider when buying cyber insurance How many records containing personal information does your organization retain or have access to?How many records containing sensitive commercial information does your organization retain or have access to?What security controls can you put in place to reduce risk of having your system compromisedDo all portable media and computing devices need to be encrypted?What about unencrypted media in the care, custody or control of your third-party service providers?Could you make a claim if you were unable to detect an intrusion until several months or years had passed? Types of cyber attacksCriminal hackers are devising new techniques all the time to attack organizations. Here are a few of the most common methods.Denial of service attack: The hacker floods a website with more traffic than it was built to handle, making it impossible for legitimate visitors to access the site.Phishing: An attacker pretends to represent a trusted organization to trick a user into taking an action (such as opening a malicious attachment or clicking on a bogus link) that he or she would normally not take.Malware: Harmful software takes control of a machine, monitors user actions and keystrokes, and/or sends confidential data from the infected computer or network to the attacker’s home base.Ransomware: This software encrypts files to prevent users from accessing them and then demands payment for their safe recovery. These attacks can occur after clicking on a phishing link or visiting a compromised website.Spoofing: A cyber criminal impersonates another user or device to attack network hosts, steal information, spread malware or bypass access controls.Brute force: The attacker attempts to decode encrypted data by trying as many password combinations as possible, as quickly as possible.What can cyber insurance cover?Regulatory defence expenses: Civil fines incurred in responding to a regulatory proceeding resulting from a privacy or network security breachLegal and civil damages: The cost of legal representation and possible damages related to a privacy or network security breachSecurity breach remediation and notification expenses: The costs to notify affected parties and manage a privacy incidentCrisis management expenses: Public relations expenses to manage the damage to your organization’s reputationForensic investigations expenses: The costs of hiring a breach response firmComputer program and electronic data restoration expenses: Expenses to restore or recover damaged or corrupted data caused by a breach, denial-of-service attack or ransomwareE-commerce extortion and reward payments coverage: Pays for the cost of a professional negotiator and potential ransom payments to the person or organization extorting you or your organizationBusiness interruption and additional expenses: Income your business loses and the costs it incurs due to an interruption in services Facts About Cyber CrimeCyber crime typically involves an attack on an organization’s electronic infrastructure and/or gaining unauthorized access to data with the intent of stealing it. These attacks are not only inconvenient and expensive, they can present an existential threat to a business or organization. Related ServicesKnow your cyber risksWhen insuring assets, many companies still prioritize bricks and mortar over informational assets and data. Most medium- and small businesses that protect their data with a cyber insurance policy are underinsured.Canadian businesses are at riskA hack, or breach, against a smaller organization often doesn’t generate significant attention, but it can cripple or ruin a small or medium-sized business. Useful Links“Essentially every line of business can be impacted by the cyber peril”Cyber risk is already impacting many lines of business, from property to auto liability, and most industries, from the public sector and retail to financial services and manufacturing, the last of which was evidenced in the recent Norsk Hydro cyberattack.Deepfake videos – an emerging cyber threat for corporate clientsDeepfakes are fake videos or audio recordings that are made to look and sound authentic with the aid of artificial intelligence (AI) technology. Deepfake technology is readily available and is rapidly improving.Get Cyber SafeWhen it comes to cyber security, educating your employees is the first, best defense against most online dangers. And there are many ways to help them get the message, from internal newsletters and staff emails to seminars and lunch and learns.