Written by Frank Giachini, MBA of PSA Insurance and Financial Services.
No, really, this isn’t just another blog on Cyber. If by now the news of breaches at Target, Home Depot, Bank of America, Blue Cross Blue Shield, Sony, The US Office of Personnel Management and the Department of Defense haven’t raised alarms for you, there is nothing I can say that will bring you up to speed on the pervasiveness of cybercrime. No doubt many organizations are aware, and have taken precautionary steps to mitigate cybercrime but an unnerving number of companies continue to believe that they are ‘too small’ to become the target of an attack.
Unfortunately the reality is quite different. One of the largest breaches in recent memory was Target Stores where 40 million credit card numbers and 70 million total records were stolen. It resulted in 46 percent drop in profits, $100 million in additional security improvements and $200 million in costs to financial institutions to re-issue new credit cards. What you likely didn’t know is that the source of the Target breach was their HVAC vendor – a small shop located in Sharpsburg, PA.
And just consider, credit card information is among the LEAST valuable information stolen, whereas health and general login information is one of the most valuable. While a stolen credit card number might be worth $5 or less on the black market, health related information may sell for as much as 100 times that amount. To make matters worse, 81 percent of healthcare related organizations have been compromised in the past two years.
Do you run the risk of being that HVAC vendor? Are you doing business over the internet with larger firms, including your vendors, customers and banks? If you’re not paying sufficient attention to cyber exposures, then I would argue you are at significant risk. Keep in mind that not all cyber-attacks are targeted – actually in many cases they are crimes of opportunity. Login credentials left out in the open, weak passwords, lax network monitoring, and failing to provide regular and consistent cyber risk education to your staff can expose your firm to catastrophic losses.
In the coming months, PSA will feature technical ways in which you can ‘harden’ your infrastructure by working with experts in the field. Yes, we believe in cyber insurance, but the best course is prevention – you may have homeowners insurance, but would you really leave a window open in your home during a thunderstorm?
There are a number of relatively easy steps you can take to at least raise awareness of exposures and potentially prevent data and financial loss – not to mention damage to your reputation and credibility – which may be the greatest loss of all:
- Have staff develop strong passwords where feasible. These are passwords that are hard to guess, include symbols such as #!% and have a combination of capital and lowercase letters. Don’t leave passwords out for all to see.
- Educate your staff on PHISHING attacks – where seemingly legitimate emails are really disguised attempts to gain access to your credentials (e.g. an email advising you to wire money coming from the CFO, a package is being delivered, etc.).
- Limit access to your network using only encrypted and approved devices.
- Ensure you have an active and up-to-date firewall and malware applications in place.
- Develop an intranet policy that clearly spells out acceptable uses of computers and the intranet. Limit the use of internet access as much as possible to business applications. Many attacks are propagated through malware that lurks behind legitimate ads and links.
- Make sure you have the latest operating system upgrades completed. In many cases the upgrades include fixes to known security risks.
- Most email programs allow you to encrypt sensitive communications. Use it whenever you are sending non-public information to any recipient.
- Last but not least expect to be a victim of cybercrime and prepare accordingly.
At PSA, we see ourselves as much more than an insurance broker – we are your partner in protecting and growing your assets. We’ve learned a thing or two along the way when it comes to mitigating risk – and this is an area we feel many small and medium size firms don’t readily understand. We are here to help and will be glad to assist you in developing any of the ideas shared in this post. Feel free to contact me at FGiachini@psafinancial.com.
Originally published by PSA Insurance and Financial Services via their online blog.
About the Author: Frank Giachini, MBA, oversees PSA’s Operations, including support for the Wealth Management, Property & Casualty and Employee Benefits Business Units. He has over 25 years of experience in the Property & Casualty and Financial Services Industries. Frank joined PSA in October 2008 after serving in various leadership and management roles for All Risks, Ltd, a national, independently owned Excess & Surplus Lines brokerage headquartered in Maryland. He also served as Vice President for Marsh USA and Zurich Financial Services in various client support and financial management positions.
Disclosure Information
Information contained herein is generic in nature and provided by sources believed to be reliable. It is for informational purposes only and is not guaranteed as to accuracy, is not intended to be the primary basis for insurance or investment decisions, and is not intended to replace the advice of a qualified professional. Neither PSA Insurance and Financial Services, its affiliates or employees render, or offer to render, personalized insurance, investment or financial planning advice through this medium. PSA employees are not licensed legal or tax professionals. Contact your qualified professional for legal or tax advice. As tax and other regulations may change, always consult your advisor before acting on any information provided. Due to various factors, including market changes, this content may no longer reflect our current opinion. PSA may only transact business in those states in which they are registered or exempted from registration. Information herein is directed only toward U.S. citizens. All rights reserved. No reproduction in whole or in part is permitted without the express written consent of PSA. PSA Insurance & Financial Services, its affiliates and employees are not responsible for the content of other web or social networking sites. PSA Equities, Inc. is a FINRA Registered Broker Dealer; PSA Financial Advisors, Inc. is an SEC Registered Investment Advisory firm; both are located at 11311 McCormick Road, Hunt Valley, MD 21031. Contact our office at 410 821-7766 to discuss your specific needs. To protect your privacy, do not send personal information via the internet.
