Company owners and managers who think their business is too small or insignificant to become a target of ransomware attacks are making a potentially costly mistake. While attacks on large entities generate lead stories on news programs, cyber crooks are indiscriminately targeting businesses of every size.
As NJ Cyber Insurance specialists, we see firsthand how ransomware attacks affect all types and sizes of businesses. As an indication of the seriousness of cybercrime on companies today, this report follows our recent post titled, Major Cyberattacks in Recent News Highlights the Need for Cyber Insurance.
A Quick Primer on How Ransomware Works.
Since ransomware attacks are mostly software-driven applications, it makes it easy work to target any business that relies on its computers and networks to manage its operations. Ransomware is a growing threat that increasingly affects more businesses and organizations with attempts to extort money from them.
Ransomware is malicious software that restricts access to a computer until a fee is paid to unlock it. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency states that a form of software called “ransomware” renders any computer systems useless.
How Do Systems Get Infected with Ransomware?
Phishing emails and drive-by downloads are some ways extortion spreads. Drive-by downloads occur when a user visits an infecting website and then clicks on a link that leads to software installation without their knowledge.
Social media, including the increasing use of instant messaging applications, have been used to spread variations of ransomware with newer methods of infections detected. It is possible to gain access to an organization’s network by exploiting a vulnerable Web server.
Once the malware has locked the system, users usually see an alert displayed on their screen. Often warning emails are also sent with notifications that the users’ data on their computers are locked or unreadable.
Users are alerted they must pay the ransom or access their systems and restore their files. Virtual currency such as Bitcoin is the typical means to pay the extortion fee. After a successful attack, it usually requires specialized software tools from the hackers to unencrypt the locked system.
Advice for Defenses Against Ransomware.
Recovering from infections can be a complicated process that may require the services of a data recovery specialist. Users and administrators should take the following precautions to protect their computer networks.
- Limit users’ ability to install and run unneeded software applications and apply the “Least Privilege” principle to all systems. By restricting privileges, your network is less likely to be corrupted by malicious software.
- All critical information requires a data backup plan. Regular backups with a system of checking their performance are crucial to limit the impact of data or system loss. Necessary backups should be isolated from the network for optimum protection since network-connected backups can also be affected by ransomware.
- Training your staff on the threat of ransomware is essential. Regularly reviewing your plans for mitigating cybercrime is crucial as things frequently change how cybercriminals launch successful attacks.
- Keeping your operating system and software with current updates is vital. Most attacks are on vulnerable applications and operating systems. The number of entry points an attacker can exploit is significantly reduced by patching them with the latest updates.
- Require a scan of all software downloaded from the internet before executing and keeping anti-virus and malware protection software current.
- It’s a good idea to avoid enabling macros from email attachments. That’s because embedded code can execute the malware on any device where the user opens a file attachment and enables macros.
- Never follow web links in emails without full assurance the sender is a trusted source.
Protect Your Business with Cyber Insurance.
You can tailor cyber insurance to match the specific needs of your business and industry. Not all cyber policies are the same, as each carrier offers unique coverage and sometimes exclusions. In general, we can design a Cyber policy to include coverage that helps to pay for the following in the wake of a cyber-attack:
- Forensic investigation to determine the cause of the breach/cyber attack
- Notification expenses to alert affected customers that their personal information was compromised
- Credit monitoring services for affected customers
- Public relations for crisis management
- Legal services to help you meet state and federal regulations
- Lawsuits related to customer or employee privacy and security
- Regulatory fines from state and federal agencies (for example, HIPAA violations for medical offices)
Insurance companies are requiring more cooperation and participation from their insureds before they will issue policies. Because of increased costs and exposures, premiums and coverages are under scrutiny by carriers. Now, more than ever, it’s crucial to have an insurance agency that will work with you to develop your cyber insurance strategy and profile for submission to carriers. We use our extensive NJ Cyber Insurance proficiency to find you the best coverage at competitive rates.
About Dickstein Associates Agency
Dickstein Associates Agency has distinguished itself as a leading provider of personal and business insurance in the tri-state area since 1965. We pride ourselves on being advocates for our clients and providing them with quality and affordable coverages. As Trusted Choice™ independent insurance agency, we partner with various national and regional carriers, allowing for flexible coverage for each client’s unique circumstances. For more information on how you can leverage all your insurance to work best for you, and how we can secure the best insurance in the marketplace suited to your specific needs and business objectives, contact us today at (800) 862-6662 or www.dicksteininsurance.com.
