Cyber Insurance: Why You Need It and How Beacon Helps You Save

person at computer

Bear with us here, because we’re going to take a moment to talk about a subject that isn’t particularly fun.

Insurance.

Ugggghhhh, right? Unless you are in the insurance business (in which case, sorry), there is nothing particularly enjoyable about insurance. It costs money, and if you ever use it, it means something bad has happened. Nope, no fun at all.

Insurance IS important though, and it can provide some peace of mind that if the worst does occur, you won’t be financially ruined. Chances are you already have a lot of insurance in your personal and professional life: auto, health, life, liability, the list goes on. But now it’s getting increasingly important to add cyber insurance to that list.

Here’s what you need to know about this new and evolving area of the insurance industry.

What is cyber insurance?

Sometimes also called cyber liability insurance, this type of insurance covers or mitigates the costs for a business that has been the victim of a cyber attack, whether it’s ransomware, a phishing scam, a virus, or some other form of hack.

Man with computer and phoneDo I need cyber insurance?

If you store important or sensitive data on your network, a hard drive, or in the cloud, then the short answer is, yes, you probably do. Or if a cyber attack on your business could lead to a significant loss in productivity and income, then the answer, again, is yes.

Though there might be some basic cyber coverage in your liability insurance, cyber insurance will offer you much more protection. It’s especially important if you store any personally identifiable information about your employees or customers, such as names, social security numbers, credit card or bank data, email addresses, or birthdays. Any of that data could be used by a hacker to target an individual, who could in turn sue you for the security breach. Many cyber insurance policies can help cover the costs of settling that litigation.

What does cyber insurance cover?

Even if you aren’t targeted by a lawsuit, you’ll still have extensive costs in the wake of a hack. Cyber insurance covers a variety of these, including:

  • The recovery of your system or data;
  • Notification of customers or clients of the security breach that may affect them;
  • The costs of business loss due to downtime or suspended operations;
  • A forensic investigation into your hack to prevent future attacks.

All of these costs, and others, are typically covered by a cyber insurance policy.

tiny cart of cash next to computerOkay, sounds like I need cyber insurance. What’s it gonna cost me?

Costs vary depending on the size of your business—and the size of your policy. Some policies may cost as little as a few hundred dollars a year, while others are in the tens of thousands.

Aside from your business’s size and coverage needs, your costs can be affected by some other factors. One is location. If, for example, you store your data on a European server, it may be subject to foreign laws regarding data security and insurance, such as the recently passed EU Cybersecurity Act. So, it’s important that you have a full understanding of your network and data storage setup before you begin exploring your cyber insurance options.

Another key factor in your insurance costs is your cyber security. Just as many health insurance policies go up in cost if you have too many risk factors, your cyber insurance costs will increase astronomically if you don’t have proper security measures in place. If, on the other hand, you have robust security—including precautions like multi-factor login credentials, antivirus software, firewalls, and VPN usage for remote access—your premiums will likely be much lower.

Furthermore, if you fail to take preventative measures to protect your network and data, your cyber insurance claim—no matter how much you pay for it—may well be denied. Some cyber insurance providers won’t even offer you a policy if you don’t have proper security in place.

Yikes! I guess I need to beef up my cyber security, too.

You sure do. Fortunately, that’s where Beacon IT Services (BITS) comes in.

We offer extensive cyber security and threat protection services to our clients in addition to cloud integrations, data backup, and other key managed services.

Contact us today to begin exploring how we can make your business more secure. Because after all, an insurance policy is the last line of defense for protecting your business, and with BITS providing security, you reduce the potential of having to put it to use.

By | 2021-07-23T07:31:05+00:00 July 23rd, 2021|Computer Related, Cyber Security, IT Services|

How To Protect Your Business From Costly Ransomware Attacks

It’s never good news when cybersecurity is in the news. Unfortunately, that’s certainly been the case this year, as story after story has emerged of cyber attacks and hacks crippling major corporations and utilities. The ransomware attack that halted Colonial Pipeline, hiking prices and causing gas shortages on the East Coast, was one of the most well-known recent incidents, but certainly not the only one: hackers also targeted food suppliers, insurance companies, communication companies, and many more. Indeed, one prediction from Cybersecurity Ventures predicts that businesses will be attacked by ransomware every 11 seconds by the end of 2021.

Though that particular estimate is on the higher (and more alarming) end, there’s no question that cybersecurity is an absolutely essential part of any responsible business’s IT agenda. If you run or work for a small business, you may not be a target of the multi-million dollar schemes affecting some of the major, international corporations, but you are still at risk. There’s no need for panic though. With a few precautions, you can make sure your business is protected.

Why Ransomware Attacks Are So Common Now

To begin understanding how you can protect your network, employees, and business, it’s important to understand what exactly is happening.

hacked laptopTo start, let’s look at exactly what a ransomware attack is. Essentially, ransomware is malicious software (or malware) that infects a computer or network, taking control and restricting access to files and programs. The only way for the system’s owner to regain control and keep their data from being destroyed or publicly leaked is to pay a ransom to the malware’s creators.

Lately, attacks like this gotten more frequent. Many exporters and observers agree that this is most likely a side effect of the COVID-19 pandemic.

Why? Due to the pandemic, many workers transitioned from working in offices every day to working from home. Unfortunately, many also began using unsecured remote networks to do their work, opening themselves up to attack.

At the same time, hackers took advantage of the fear and uncertainty bred by the pandemic to start sending out targeted phishing emails. Using subject lines with topics related to coronavirus prevention and safety measures, these emails, often falsely attributed to reputable sources like the World Health Organization or the Center for Disease Control, tried to dupe worried readers into surrendering important data and credentials. Sometimes it worked.

How You Can Keep Your Network Safe

Even as we better learn to battle COVID-19 and life returns to something closer to normal, the threat of ransomware attacks persists. Fortunately, protecting against them is not as difficult or complicated as it may seem.

Here are three steps to take:

icon of virus-free smartphone

1. Enlist the aid of managed services pros

To start, one of the key things to remember is that you don’t have to fight this by yourself. Partnering with a trustworthy and proven network management team like the experts at Beacon IT Services (BITS) can go a long way towards securing your network and your data. (Not to mention all of the other benefits of our services, including cloud migration, data recovery, and general systems maintenance.)

2. Set up a VPN

Next, your BITS team will work on securing your remote network. In most cases, that will mean setting up a virtual private network (VPN) for you and your team to work on. VPNs offer the security and function of a traditional, hardwired private network while still allowing users to access it remotely. BITS partners with SonicWall to offer a variety of secure and reliable VPNs that will secure your network.

3. Prepare your team to spot scams

You also must train your employees to recognize the signs of potential phishing emails. From keeping an eye out for suspicious and overly complex email addresses to unusual requests for social security numbers, credit card info, and other sensitive data, there are some simple things employees should always watch out for. Your IT expert can provide info on essential best practices and can offer recommendations on valuable services like KnowBe4 if more in-depth anti-phishing measures are required.

BITS will also install powerful firewalls and anti-virus software on your network to keep it safe from other threats. Our 24/7 network monitoring also allows us to identify any issues as they arise—before they become a problem for you and your business.

Don’t Fall Victim to Ransomware: Contact BITS Today

Don’t waste time: contact us now to get to work on securing your network.

If you already partner with us, don’t hesitate to reach out if you have concerns about your security. We’ll work with you to make sure everything is secure and that you have the best protection possible.

By | 2021-07-23T07:32:09+00:00 June 24th, 2021|System Administration, Cyber Security, IT Services|

Employee Security Training: Your IT New Year Resolution

Happy New Year! What are you looking to do better in 2019?

The turn of the calendar tends to bring with it thoughts of personal growth and improvement.  But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.

So, let’s restate the above question: What are you looking to do better for your business in 2019?

If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.

The Case for Initiating Security Training for Your Employees

It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).

In most cases, though, you really can’t blame the rank-and-file. Think about this:

  • 65% of companies have over 500 employees who are never prompted to change their passwords
  • 52% of business leaders don’t know what to do if cyber security is breached
  • 45% of employees don’t receive cyber security training at all
  • Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
  • 91% of cyber attacks begin with a phishing email

What are these statistics telling us? First, that workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats, and often has no plan of action.

Let’s take a look at a few more statistics:

  • cyber crime is expected to cause $6 trillion in damages by 2021
  • 61% of breach victims in 2017 were companies with less than 1,000 employees
  • average cost of malware attack is $2.4 million

If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.

What Does Security Training Entail?

Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.

As such, the first part of training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.

The test serves two purposes. First, it exposes people to real life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.

Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.

The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.

At the end of training, be sure to remind your team of how valuable their contributions to network security are.

Beacon Knows Security Training

Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.

By | 2020-09-22T12:27:04+00:00 January 28th, 2019|Computer Related, BITS News, IT Services|

Lessons in Cyber Security & Threat Prevention

Atlanta Ransomware Attack

The ransomware attack that took hostage a number of vital computer systems in Atlanta last month wreaked havoc on residents and sent the city’s administration scrambling. What can we learn from the situation?

Considering that city officials were aware as early as last summer that “severe and critical vulnerabilities” existed within the municipality’s computer network, the biggest takeaway is: DON’T WAIT to shore up your cyber security.

We’re not in the business of beating dead horses. And, surely, Atlanta officials have their hands full orchestrating the recovery from the attack and trying to return vital operations back to normal. Nonetheless, the fact that a 2017 internal city audit revealed an utter lack of preparedness to manage any sort of cyber threat should not go unmentioned.

What that means is the March 22 attack wasn’t a technology problem. As with most hacking efforts, it’s not the code that sinks you – it’s the human element that’s exploited for criminal gain. In this case, the human element was the inability of city administrators to respond to known threats. Not only was the city not equipped to handle an attack on its networks, it also didn’t have a proper response plan ready.

The number of ransomware attacks spiked sharply in the last year. So, if you don’t have an updated plan for your organization’s network security, you may very well be the next target of SamSam – the group responsible for the Atlanta situation – or another criminal outfit.

The good news is that there’s an army of cyber security professionals who are very skilled at crafting customized solutions. We, at Beacon, have been good at it for quite a while.

Protection Through Prevention

The best way to avoid a ransomware attack is to make sure that your network has a sufficiently strong firewall in place. A firewall identifies incoming web traffic and filters any suspicious or unapproved activity. The effectiveness of any firewall depends on how well it is configured. Typically, large networks require complex firewall configurations and a team of IT specialists for maintenance and monitoring.

Firewalls are great at protecting against known threats. However, new hacking techniques are developed every day. To defend against these zero-day exploits and other sophisticated attacks, IT pros deploy advanced automated audits that boot the threat off the targeted network. About 80% of current Beacon clients rely on this type of advanced protection. And, ideally, that number would be 100%.

Of course, even the most well-designed security setups can be breached. Criminal hackers know that people are the weakest link in network security and design attacks to take advantage of unwitting networks users. (There’s that human element again.) However, the odds of such attacks succeeding are low if your organization takes security awareness training seriously. Security seminars should be made available to every person on staff, and be repeated at least once every three years.

Recovery: It’s Good to Have a Back-Up Plan

Let’s be honest – sometimes hackers succeed even when you’ve done everything right. If that happens, you don’t want to find yourself in the same position as the folks in Atlanta. Backing up your network will protect you in case of a catastrophe.

While the concept is simple, data backup is actually a fairly complex process that takes considerable forethought. You’ll need to decide how often your network needs to be backed up (hourly, daily, weekly, etc). You’ll also have to examine how long your organization can go without access to your data.

A busy medical center, for example, would need to have its data backed up hourly to capture changing patient statuses, doctor’s orders, prescriptions, etc. With lives at stake, it would also be imperative to restore access to that data as quickly as possible.

Organizations that don’t deal with life and death issues would probably have less stringent requirements for their data protection plan.

We’re Here to Help

Have questions about your company’s cyber security? Give BITS a call at 336.546.6660, and we’ll be happy to talk to you about your concerns and data protection needs.

By | 2018-04-12T11:22:11+00:00 April 12th, 2018|IT Services|

Is Hacktivism a Problem for Your Business?

Back in the 80’s, when someone hacked a website, they left a message not unlike graffiti. “Hackers rule” or something silly like that. It was relatively harmless. These days, hackers have grown up and hack with resolve. If they should deem your website or business counter to their beliefs, you could find yourself out of business within days.

Research suggests that 1 in 5 hackers are hacktivists. That is, their motivation for hacking is activism. Some of this activity may be seen as productive. For example, a hacker once created an open source software that enabled people in China to circumvent government censorship. Through the use of this software, one could access restricted websites such as CNN or Amnesty International, even in countries where it had been banned by government.

However, there is a dark side to hacktivism. Hackers often use open source hacking tools to penetrate Windows networks and employ “denial of service” attacks to bring down legitimate businesses. Essentially, a “denial of service” or DoS attack bombards a server with more requests than it can handle until it ceases functioning. More effective than a traditional protest or picket line, a DoS attack can cut off a business’s sole source of online revenue, crippling it in the process. DoS attacks can be implemented through email spam, downloads and various other methods.

These open source tools go by names such as Social Engineer Toolkit, John the Ripper and Metasploit. Anyone can use them and they’re readily available for download online. Go ‘head. Perform a Google search and see for yourself. It’s more than a little bit scary.

Here’s a number that’s scarier, still. 60% of small businesses call it quits within 6 months of a cyber attack. Don’t be one of them. Follow a few simple precautions.

  1. Use the latest versions of software. Software updates ensure that vulnerabilities identified by the author have been addressed. If a software doesn’t have a recent update, then it may be wise to seek an alternative software.
  2. Make sure security extends across mediums. Anything connected to your network needs to be secure including cell phones and tablets. Use of a PIN code is highly desirable.
  3. Don’t rely on W-Fi. It’s risky and easily exploited. Make sure that employees use a VPN when accessing the network off-site. A VPN (or virtual private network) provides a layer of security as one must log on before being able to access an open wireless network.
  4. Educate employees. Just today, users of a common browser cleaner called CCleaner learned that the latest version has been compromised when hackers breached the author’s security. As a result, CCleaner version 5.3 not only contains software updates but a multi-stage malware payload. Approximately 2.27 million users are affected. Make sure your employees know what they should and should not download on their work stations. Create a list of approved tools.
  5. Be proactive. Develop a risk management plan. Identify your vulnerabilities and most valuable assets. Develop a strategy to secure the most valuable information first and work from there.

For certain business markets, hacktivism is an obvious threat. A fur business knows it has to protect itself from PETA activists. Political parties must protect themselves from their ideological counterparts.

For some of us however, the answer isn’t quite so obvious. So, consider the worst case scenario. If you were to lose your most important asset to a network hack, could you overcome it?

Feel free to leave a comment or email me with your thoughts and ideas on hacktivism. If you think your business is at risk and wish to take action to protect it, call me at 336.447.3473.

By | 2017-10-03T05:21:30+00:00 September 17th, 2017|IT Services|