cybercrime

by
iStock 869149492

It’s time to include Multi-Factor Authentication into your protection plan.

Many insurance carriers are starting to require strict safeguards that a company must have in place to even receive a quote on cyber insurance. One minimum requirement is Multi-Factor Authentication (MFA). Many carriers will consider it too risky to provide coverage if it’s not included in your network protection plan.

Here’s why you should consider MFA to protect your network.

  • It’s a mechanism that adds an additional layer of protection to your network.
  • It requires any user to provide multiple credentials to confirm his or her identity.
  • Most carriers now want to see MFA being implemented to authenticate remote networks, administrative access, and remote access to email.
  • Incorporating these controls will reduce the possibility of a network security breach by a compromised password, limit broader access to a hacked network, and lessens the potential for unauthorized access to company email accounts.

If you’re a small and/or medium-sized company MFA is a great way to reduce risk. Talk to your IT partners about how to implement MFA in your business to help ensure that your network stays safe and to qualify for cyber insurance coverage.

For any questions you have about cyber insurance coverage, please reach out to a Prewitt Group representative for additional information.

by
iStock 1208405529

Cyber security attacks continue to occur at an alarming rate. Do you have defensive steps in place to protect you and your business?

Recently, the White House warned American businesses to take urgent security measures to protect against ransomware attacks, as hackers shift their tactics from stealing data to disrupting critical infrastructure https://nyti.ms/3cGS2YE

This heightened warning follows a string of escalating ransomware attacks – from stealing data to disrupting operations. For example, we all witnessed the Colonial Pipeline event last month when they were hit with a ransomware attack. Their business records were frozen by a criminal group, forcing the company to suspend operations.

Without securing a dedicated cyber policy, most businesses likely do not have adequate insurance coverage following a data breach. Cyber insurance helps your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis, and costs associated with legally mandated notifications.

Our team of risk management specialists are in place to advise you on a cyber risk assessment. Please email Jack Prewitt, a risk management advisor specializing in cyber coverage, at jackprewitt@prewitt.group to discuss how we can put our power to mitigate risk to work for you.

by
Cybercriminals target municipalities blog

Ransomware attacks are on the rise and a concern for anyone on the internet, but especially municipalities, according to the FBI. Is your city covered?

Ransomware attacks lock up the victim’s files until a ransom is paid. CBS recently reported that “26 percent of cities and counties say they fend off an attack on their networks every hour.” In the article, the FBI’s Mike Christman emphasized that cybercriminals know governments are likely to pay because they can’t afford not to.

In fact, the city of Leeds, Alabama was hit with a ransomware attack in 2018 and forced to pay the hackers $12K to regain control of its computers. Mayor David Miller never suspected that his town of 12,000 people would be a target. Learn more about Mayor Miller’s experience by reading or watching this segment on 60 Minutes: How Cybercriminals Hold Data Hostage…And Why the Best Solution is Often Paying a Ransom

The Prewitt Group offers a comprehensive cyber liability program that is currently used by municipalities of all sizes across the state of Alabama. Because cyber attacks are becoming increasingly prevalent and threatening, it is important to be aware of and obtain cyber coverages before your city falls victim to these crimes.

If you’re interested in learning more or obtaining cyber coverage, contact a consultant at The Prewitt Group today!

by
Cybersecurity While Traveling

Traveling this summer? Whether it is for business or pleasure, traveling makes you a prime target for cybercriminals.

In fact, IBM Security reported that “the transportation industry has become a priority target for cybercriminals as the second-most attacked industry—up from tenth in 2017.” Plus, a new survey revealed that 70 percent of travelers are engaging in high-risk behaviors while on the road. These risky behaviors include connecting to public WiFi, using a public USB station to charge a device, or enabling auto-connect on your devices.

While our mobile devices provide convenience while traveling, they also expose travelers to cyber threats. So, it is up to travelers to be aware and protect themselves from cybercrime. As you travel this summer, keep these do’s and don’ts in mind:

Do:

  • Update your mobile software. Keep your operating system software and apps updated to improve your device’s ability to defend against malware.
  • Back up your information. Back up your contacts, photos, videos and other data with another device or cloud service before traveling.
  • Think before you click. Use caution when downloading or clicking on any unknown links, delete emails that are suspicious or are from unknown sources and review the details of an application before installing.
  • Pack a backup battery: Cybercriminals can hijack public USB connections to download data from your phone or install malware without your knowledge. Bring your own battery bank to recharge your phone when you’re low or use traditional wall plugs instead of USB ports.
  • Protect your mobile device. Because our mobile devices store so much personal information, it’s vital to keep them secured while traveling to prevent theft and unauthorized access or loss of sensitive information.

Don’t:

  • Share your location. Many apps and devices use geotagging and location sharing to broadcast your location publicly. Make sure that these settings are off to prevent criminals from knowing where you are.
  • Trust public Wi-Fi. Many public places, resorts and hotels offer free Wi-Fi networks. These are usually not very secure and can allow cyber criminals access to your Internet-enabled devices. When connecting to free Wi-Fi, avoid doing any online banking or shopping while on a public network.
  • Leave your device unlocked. Locking your device with a strong PIN, password, or fingerprint ID will help keep your data safe.
  • Post your location on social media. Checking in to places that you are visiting, posting updates mentioning your location or sharing photos from your journey compromise your privacy. Be careful about what you share and double check your privacy settings on social media sites to make sure strangers can’t see your posts.

Ultimately, the more we travel, the more cyber risks we face, but you can minimize the risk by following these guidelines.

by
iStock 898760650

Have you stopped to think about the risks your business faces this year? Among other risks, cyber threats remain a high-ranking concern across businesses of all sizes and industries—especially those in technology, banking and professional services sectors.

In 2018, cybersecurity threats grew from small, local attacks to attacks causing disorder on a massive scale. Consequently, it’s critical to be informed of cyber security trends and prepared to prevent cyber attacks in 2019.  Risk Management Magazine reports that the “massive gap between confidence and key fundamental preparation may itself pose a risk.”

Recently, Chubb announced 3 key cybersecurity trends to watch this year:

  1. “Cybersecurity regulation and enforcement will increase and focus more on actions taken by businesses pre-incident, in addition to post-incident protocol.”

For instance, in March of 2018, Alabama enacted the Alabama Breach Notification Act of 2018 (2018-396), which requires business entities to have certain security measures in place and predetermined notification measures to alert impacted individuals of the breach within a reasonable amount of time. Chubb predicts that this year lawmakers will not only shift their attention to companies’ data collection and data usage practices, but also on the actions that organizations should take to better prevent a cyber incident from occurring.

  1. “Crime does pay, and business is booming: the business model of cybercrime will tilt heavily toward direct monetization attacks.”

According to Chubb, this means that cyber criminals will prioritize attacks that result in direct monetization, and in order to pursue these types of attacks, criminals will continue to employ ransomware. Consequently, ransomware will continue to grow and become more destructive.

  1. “Cyber criminals will target individuals just as much as businesses as billions of Internet of Things (IoT) devices come online.”

IoT devices, such as vehicles, smart phones, nanny-cams and home appliances, will provide cyber criminals with more ways to target individuals and opportunities to gather personal information.

All in all, business leaders should strive to defend their companies from cyberattacks through preparedness rather than respond to cyber attacks. Cyber insurance plays a key role in protecting your company and managing cybersecurity risks. If you’re interested in obtaining cyber insurance, contact a consultant at The Prewitt Group today!

by
iStock 848867250

In case you haven’t heard, Alabama’s new data breach notification law went into effect on June 1st. In short, the law requires a business entity that “acquires or uses sensitive personally identifiable information (Sensitive PII)” to have certain security measures in place and predetermined notification measures to alert impacted individuals of the breach within a reasonable amount of time.

Read more

by
cyberattacks

Recently, the City of Atlanta was crippled by a ransomware attack that The New York Times called “one of the most sustained and consequential cyberattacks ever mounted against a major American city.” The city’s computer systems were held hostage after being hacked by a third party who locked them out and demanded money in exchange for re-access to the systems.

Read more