Published by Anthony Burger, Jr.
While businesses and employers struggle to manage the fallout of this national crisis relative to lost revenue, difficulty meeting payroll, supply chain disruption and more, cybercriminals see this as an opportunity to exploit fear and uncertainty. Many businesses and their employees are working from remote environments that may be new or possibly unsecure in comparison to the company’s internal network and hardware.
In recent weeks, it has been noted that thousands of domain names were registered with Corona Virus/COVID related keywords. Disguised as informative blasts from credible sources like the Center for Disease Control (CDC), World Health Organization (WHO), and State or Federal authority, cybercriminals are trying to get employees to click on ransomware or malware to extort payments or access networks through susceptible victims. While we are all looking for new information about the crisis regularly, it is important to maintain best practices of email security and verification of links from new or unknown sources. With the significant increase in email communications globally related to the pandemic, social engineering fraud or ransom are an easy way for cyber thieves to get a quick payout.
A few important things to consider:
- Social Engineering Fraud is typically excluded from a standard Crime policy unless endorsed to include a small sub-limit. Even then, the policy terms may have hidden language requiring Dual Authentication/Call Back Verification before funds are transferred. If that stipulation is not met, the carrier could deny a claim. Broader protection, higher limits, and less restrictive policy terms are available in the Cyber market.
- Loss due to Malware/Ransomware/Extortion is only covered in a Cyber policy and many carriers provide full policy limits for these coverages.
- Cyber carriers and brokers are providing valuable service offerings with a cyber policy such as Vulnerability Testing, Employee Phishing (email) Training, Breach Coaching, etc. Often these come at no additional cost to the insured.
- Maintain constant communication with your staff to be vigilant in verifying the source of an email or request for funds. Advise employees to only open and click on verified company communications or official updates from trusted sources.
While employees are certainly a company’s biggest asset, they are also the greatest exposure to cybercrime in an age of reliance on digital communications. Pritchard & Jerden has a team of Cyber Risk Advisors that can evaluate your current risk, identify coverage gaps, and assist in providing a program to supplement the steps your Network Security team and IT staff are already taking to protect your business. Coverage is still extremely affordable, but there are a select few insurance carriers that provide coverage that truly meets the needs of your business. We are here to help you navigate the confusing and constantly changing cyber environment as your trusted advisors.