Most of the calls I receive about cyber insurance are for Fraudulent Funds Transfer.  This seems to be what the caller is most interested in and for good reason especially if your profession is in the area of law, real estate, or title/escrow work.  However the cyber policy is much more than just fraud transfer coverage.

The policies are usually what I consider a program or a suite of coverages made up of first and third party benefits and a strong risk management team.  Several of the carriers that write cyber insurance will perform or run an analysis of your website/online presence and identify weakness that exists and exposures that may lead to a cyber attack or event.  The carrier prepares a report that will not only identify the weakness but will also offer suggestions on how to correct or eliminate the exposure.  They also will rank or compare your cyber situation and scan results to other companies of similar size and industry. Allowing you to see if you’re keeping up with others in your industry in keeping your business, your clients and your customers safe from cyber attacks.

Other benefits provided by most cyber policies include: Notification costs.  Did you know that the government requires you to notify your customers in the event you have a cyber attack and personal/confidential data is compromised?  Think of how many files you have.  It won’t be cheap to notify and complete this task.  Ransomware.  Think you’ll never become a victim of this because your office is too small, and you don’t have or keep large amounts of personal confidential information? Think again.  Everyone is a target for this type of claim.  A hacker breaks into your computer system and stops your ability to use it or shuts down the entire system unless you pay XX amount of dollars.  How long can your office run with no access to your computer system?  

Fraudulent transfer of funds, risk management team services, strong claims team, notification costs and Ransomware coverage only scratches the surface of what coverages/benefits are provided in most cyber policies.  Although you may only have interest in one or two of these you need to be aware of all the coverages available to you in your cyber policy.  Rarely in a cyber claim is only one benefit/coverage part triggered.  Usually several parts come into play.  Don’t short yourself by not knowing all of the coverages and assistance that is available to you under your policy.  Read it and call your broker, and or the risk management team of the program with your questions.

Welcome to the level up your cyber security in October program courtesy of integrity first Corporation. 

We’re on level four, the final week, which is enabling multi-factor authentication, or you might know it as two factor authentication. 

Now in computer security an authentication factor is anything you use to authenticate yourself with a system. Using a password is the most common type of authentication. With multi factor authentication, MFA, or two factor authentication 2FA, you use two or more different factors to log in. 

One example is a password and a verification code sent to your smartphone. This is something that’s really common whenever you sign into banks. This is an extra layer of security. So even if one of your factors is stolen, like your password, the hacker doesn’t have access to the other authentication factor like your phone. 

This stops them from accessing your account. As more and more organizations implement multi-factor authentication to strengthen their security practices, you might encounter different types of authentication factors. 

There are three different types you might be asked to provide. So something you know, which are passwords and security questions. Something you have, such as a verification code on your phone or a key card or something you are such as biometrics, like your fingerprint or a scan of your face. The more factors you use, the better your security. 

Having a combination of authentication factors is an even better way to keep your data protected. 

If you have any questions about any of these levels, please contact integrity first Corporation for help.

Welcome to integrity first Corporation, cybersecurity in October program. In week two, we are going to discuss using strong passwords and perhaps a password manager. 

To create a strong password, there are a few tips and tricks to remember. The reason that you want a strong password is it’ll help you keep your data secure. In fact, according to IDtheftcenter.org studies have found that a passwords guessability by hacking software decreases exponentially with every additional character. 

Creating something that’s easy to remember, but hard to guess is key to a successful password. 

Perhaps you’ll want to incorporate a favorite song, a favorite quote, your favorite sports player into a password and it becomes more complex and difficult to guess. You’ll want to make sure that it’s at least 12 characters long, has uppercase and lowercase letters in it, has at least two numbers, and it has at least one symbol in it. 

One thing that I commonly suggest is use the lyrics to one of your favorite songs like flymetothemoon!12 or something along those lines. You want to make sure that it’s something that might be a little bit more difficult for someone to perhaps put in, guess, or even have machine learning guess. 

The other thing is, you’ll want to have a unique password for each account. 

The average American has over 90 passwords. So one thing that you’ll want to do or look into is a password manager app that can help you remember your passwords. A password manager is basically a secure vault for all of your passwords. Basically like a glorified post-it note that sticks on your computer, but a lot more secure. 

You only have to remember the one password to get into your Password Manager app, which will allow you and your computer to access the rest of your passwords for all of your logins. 

Typically, depending upon the application that you purchase, you can access these passwords on your phone, tablet, laptop or desktop. This also means you can and should create different passwords for every single online account that you have. This should keep you ahead of any hackers.

Let INF know if you have any questions and join us next week for Level Three.

Welcome to integrity first corporations cyber security in October program. Week one, we’re going to talk about recognizing and reporting phishing. 

A few quick facts: cybercriminals sent over 3.3 billion phishing emails last year. This caused over 4000 data breaches then exposed over 22 billion personal records. 

But it’s not enough to know that phishing emails are out there. You also need to be able to recognize them and report them. 

So today, we’re just going to quickly review a few of the highly used phishing email types and tactics. 

The first type is a reward or a free gift message. Free things are really enticing, but they can also be dangerous. If you get an email saying you won a free TV or click here to enter a prize drawing, you need to be on high alert. Hackers are definitely trying to bait you into clicking a malicious link. 

The second type is a login or password message. Another type of phishing email will ask you to verify your account by logging into a fake web page or updating your credentials on this fake web page. These emails will collect your username and password which gives a hacker instant access to your account. 

A third phishing email type is an urgent message. An urgent message email is designed to get you to act fast. It might tell you that your account was hacked or it’ll be deactivated; click here to restore it. Fear makes people do things without thinking, so slow down and make sure that this urgent message is from who you think it’s from. 

The final type of common message is internal messages. This type of phishing is also called spoofing. Hackers will try to impersonate or spoof people at your company, like your HR rep, somebody in your IT department, or maybe even a co-worker. An internal phishing message email might ask you to click on a link to read and sign a policy, read a new document about company wide updates, or even handover sensitive information via purchase. 

If you think you’ve encountered a phishing email, you need to follow your company’s procedures for recording it. Once the right people are notified, they can help you to determine if it’s a phishing email. Whatever you do, do not click on the links, don’t reply to the email and don’t send it to anyone else.

We’ll see you next week for Level Two.

Over the last couple of years, I’ve been telling clients and prospective clients alike that now is the time to buy a stand alone cyber policy.  If you haven’t taken the steps to purchase a policy, there couldn’t be a better time than right now.  

Claims are increasing: Ransomware, malware, phishing schemes and fraudulent funds transfer just to name a few of the claims issues that seem to be an everyday occurrence.  Because of the increasing claims, obtaining a standalone cyber policy is getting a little more difficult.  

Carriers are beginning to get a little more selective on who and what industry they want to insure. Policy terms and conditions are beginning to get a little stricter and some carriers are even beginning to exit the marketplace and not offer coverage at all.  

Just a few months ago, one of the larger carriers that write cyber insurance did exit the market and no longer writes the coverage.  Worse yet, one of the ugly consequences of all this, is that the pricing on cyber coverage has started to increase and let’s not forget that ugly word inflation that also is playing a part!

If you haven’t purchased a cyber insurance policy yet, do it now or at least apply for coverage so you can review the offer and make an informed decision.  Keep delaying the process or decision and you may find yourself unable to secure coverage at all and the market has made the decision for you. 

Have any questions about the topic discussed in this article? Contact us today! 412-563-2106.

The week of June 7^th may have seen the biggest release of hacked data ever published to the dark web.  Hackers publicly released over 8 billion username and password combinations!

A 100GB list of data assumed to be stolen during various hacks was posted to a popular hacker forum.  This is now being referred to as the “RockYou2020” list.

Want To Check To See If You Were A Part Of This?

Check here to see if your data was part of this dump: https://cybernews.com/personal-data-leak-check/

To use this tool, all you must do is enter your email or phone number.  The tool can safely access the hacked username and password combinations on the dark web.  It will let you know if your data is found.

What To Do If Your Data Was A Part Of The Released Data

If the tool tells you that your data was compromised, you should start mitigation steps immediately.  Go to every account that uses the exposed username/password and change the password.  Be sure to use different passwords for each account that are considered to be “strong”.

Want to know what makes a strong password?  A rule of thumb is to create a password that has the following 6 characteristics:

1. More than 12 characters
2. Contains at least 1 uppercase character
3. Contains at least 1 lowercase character
4. Contains at least 1 number
5. Contains at least 1 symbol
6. Contains no “real” words that could be guessed via a dictionary attack (where they go through a list of words from the dictionary and try to guess your password)

In addition, you’ll want to be sure to look for any unexpected activity within the account.  Make sure that all of your personal information is correct and that no money has been transferred unexpectedly.

If given the option, turn on the “Two-Factor Authentication” (or “2FA”) option associated with the account.  This will require you to enter a code from your cell phone or email to authenticate who you are.  2FA protects your accounts from hacker dumps like this.

Yes, this is a pain.  However, it’s better to have your personal and financial data protected. 

How To Protect Your Data Easily Using Password Managers

There are ways to make tasks associated with passwords easier.  According to a study by NordPass, the average person has 100+ online passwords.  Who can remember that many passwords?

INF recommends using a password manager like KeePass or 1Password.  A password manager will help you create and remember well-formed passwords for all of your accounts.  In fact, you can copy and paste from these managers, so you don’t have to type anything going forward.

These password managers can also be installed on your phone.  This makes browsing the web a breeze when you need to access your passwords.

Is There Anything That You Can Do To Protect Your Business Further?

Yes, you can protect your business with a cyber liability policy.  These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more. 

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

Does my professional liability insurance policy Cover me for cyber risk?

The short answer is, sometimes. This is a great question. There are some policies out on the marketplace that do advertise that they cover both professional liability insurance and cyber. But if you’re really serious about covering yourself in the event of a cyber breach, you need to look into what is called a standalone policy, not any kind of combo cyber professional liability policy.

If you do look into that type of coverage, you’ll notice a few things. One, the cyber coverage is usually ancillary to the primary coverage of professional liability insurance and the limits that are available for the cyber are usually very, very small, somewhere between $15,000 and $25,000. Last year the average cost of a cyber breach for a small to mid sized firm was about $250,000. The other important note is that 50% of those that did have the breach, were out of business within six months of the breach.

Contact us at INtegrity First Corporation with any questions you may have regarding cyber liability insurance.