If you’re like most businesses in Canada, email and the internet are crucial components of your success in today’s digital marketplace. Increasingly, Canadian businesses of all sizes need cyber insurance. Cyber attacks come in various configurations and threaten the security of individuals and entire organizations.
The global COVID-19 pandemic has seen an increase in remote work and a surge in the volume and sophistication of cyber threats. The increased threat makes cyber security a critical concern for businesses because attacks are detrimental to your business operations and bottom line.
With that said, you can take proactive, preventative measures to safeguard your business, as well as insure against the financial impact of a cyber-attack or data breach.
Below are 6 preventative measures you can use in conjunction with cyber security insurance.
What is a cyber attack?
Cyber attacks typically affect business in one of the following ways:
- Data breach – Threat actors look to steal information to sell on the dark web. Typically this is Personally Identifiable Information (PII) or Personal Health Information (PHI).
- Social engineering fraud – Threat actors create realistic looking invoices and/or payment instructions. The first step is usually the criminals gaining access to email accounts via phishing/smishing/vishing and monitoring for the opportune moment to strike.
- Ransomware – Threat actors take control of your systems and encrypt your data. Once the data is encrypted they hold it ransom/hostage unless you pay the ransom, usually in a digital currency like Bitcoin, Ethereum, Dogecoin or other untraceable format.
The true cost of a cyber attack is not just in the money spent but more importantly the time spent dealing with the breach. Whether you are a small, medium-sized, or large business, the main avenue for exploitation is people:
- 32% of Canadians report being a victim of a cyber attack.
- 56% of Canadians have been victimized by virus, spyware, or malware
The threat is real, ever-changing, and increasing in frequency. It’s essential to be aware of the cyber events employed by bad actors and how to mitigate the damage with preventative protocols and cyber insurance in Canada.
Cyber attacks threaten profits
It’s no wonder that cyber security is such a high priority. The Canadian Anti-Fraud Centre reports that businesses register more than $104.2 million in yearly losses. Cyber attacks like social engineering and ransomware make up a substantial portion of those losses.
Moreover, the Canadian Centre for Cyber Security estimates that ransomware attacks have increased by 151% globally. In Canada, the average cost of a data compromise is $6.35 million per breach. It’s imperative to reduce your risk and protect your employees and business.
Typically, you think of a cyber threat risk as an attack on your financial or personal information.
But it can be costlier than you imagine.
For instance, the Desjardins data breach compromised the personal data of 4.2 million Canadians. In June 2022, the Superior Court of Quebec approved a $200.9 million class action settlement against the company. That kind of data breach has a substantial financial loss and damaged the company’s reputation with customers.
How do I protect my business from cyber threats?
Get Cyber Safe recommends that you create protocols including:
- Security awareness programs to help your staff recognize the risks
- Put one person in charge of cyber security, but define everyone’s roles and responsibilities
- Developing clear policies, procedures, and standards
- Develop a cyber security action plan
- Prioritize cyber security
- Budget for cybersecurity measures and insurance
The preceding are general steps and best practices that you can leverage to diminish the risk of cyber attacks.
There is no guaranteed way to stop a cyber crime entirely, making a cyber insurance policy a critical component of your technology strategy. A cyber insurance policy will not only provide financial security, but help navigate the complex process proceeding a cyber attack, including conducting a root cause analysis.
How do I protect my company from a data breach?
Social engineering produces 22% of data breaches in Canada. Social engineering uses lies and deception to trick employees or business owners into providing confidential or personal information for fraud.
A cybercriminal will use search engines and social media to learn about your company and then send a message that looks like it’s from a trusted party, like your co-worker, employee, or another business.
Keep your information safe by:
- Limiting what you share on social media
- Using different passwords
- Be vigilant for phishing attempts. If something seems wrong, it usually is.
Software updates are needed to keep your business information secure. Our computers, phones, and tablets are incredible devices that add value to our operations. That information is at risk of being compromised if you don’t update your software.
Here are some best practices for your and your employees to keep your software updated:
- Enable auto-updates
- Stay operational by doing updates during downtimes
- Schedule time for updates
Multi-factor authentication provides an additional layer of security to your business’s devices. A strong password is the first step in ensuring your privacy, but a multi-factor authentication like a PIN or biometric marker enhances that protection.
Possible two-step authentication solutions include:
- Fingerprint scanners
- SMS (text message) authentication
Canada’s Get Cyber Safe reports that multi-factor authentication protects against:
- 100% of bots
- 96% of phishing attacks
- 76% of targeted attacks
Even the most vigilant people sometimes fall prey to cybercrime; it’s sophisticated and looks real. In that case, having a cyber insurance policy that covers your business for interruptions, forensic support, legal support, and cyber extortion defense will help get you back up and running.
How can I safeguard against malware?
Malicious software (malware) is software designed and delivered to disrupt your business or steal private information. The malware hides in your operating system and bypasses security features. In some cases, malware is undetectable and unremovable without dedicated resources.
It’s devious by design and can infect all your business devices, including, but not limited to, your desktop computers, laptops, smartphones, and tablets.
You’ve probably encountered malware as a virus. Like a human virus, a computer virus replicates itself and infects system after system. The infection can be costly as a virus may corrupt, destroy, or steal your data.
You get viruses via email attachments, website downloads, links, or infected disks or drives.
Usually, you want to have anti-malware software that scans, reports, and blocks suspected downloads. Another protective action your business could undertake is setting up a firewall to block malicious website connections
How can I mitigate phishing risks?
Phishing is a common practice cybercriminals employ to deceive you or your employees into giving sensitive information. Usually, bad actors send phishing messages via email or text. Text-based phishing is called smishing.
The insidious thing about phishing is that the attack appears to come from a legitimate company. Typically, the scam asks you to validate an account, informs you of a problem you have fixed using a provided link, or threatens you with legal or administrative action if you don’t respond.
Spear Phishing is different than phishing. Whereas phishing is a mass numbers game, spear phishing targets one person or a small group of people. A cybercriminal sends out well-researched, targeted messages based on social media posts or other online information. Like phishing, the message appears real, and it is difficult to differentiate the attack from an authentic message.
Whaling targets senior executives or business owners. Criminals target these decision-makers because they have the resources and power to move large amounts of company funds. These are among the most sophisticated attacks because if it is successful, the potential payoff is in the hundreds of thousands or millions of dollars.
Phishing, spear phishing, and whaling are pervasive problems, with 6.4 billion phishing emails sent each day. Moreover, 1 in 10 Canadians have replied to a phishing email.
Here’s how you can safeguard your business:
- Be skeptical
- Verify legitimacy with a follow-up phone call
- Don’t click on links
- Never provide personal information
- Check email addresses for typos or errors
- Look for shoddy images, logos, or misspellings
- If it’s too good to be true, it’s probably a scam
A common misconception is that only big businesses need cyber security insurance in Canada. While it’s true that high-profile companies get the majority of the press, the harsh reality is that 40% percent of small businesses will suffer a cyber security attack. Even direr is that 60% of those companies won’t survive the attack and will have to shutter operations. They just do not have the funds available to pay for the loss and recover their operations.
Small companies are less likely to ensure regular updates and implement cyber security best practices. 48% of business owners view cyber threats as minimal. As a result, they don’t have internal IT teams to keep them safe. That’s a recipe for disaster. With the proliferation of the Internet as the primary place of business, it’s crucial to have a multi-pronged plan of protection that includes preventative measures supported by cyber liability insurance in Canada.
How can I prepare for ransomware?
Ransomware is a type of cyber attack occurring when hackers invade your system and grind your business to a halt until you pay a ransom. In other words, it’s extortion. The criminal denies you access to your data by encrypting or locking you out of your own devices and systems. In recent months hackers have realized that people are getting better at restoring from backups, so the hackers threaten to release a company’s private information as an added threat.
Ransomware can target your data, files, or system and often comes with a note that demands payment in an untraceable cryptocurrency, like bitcoin. The demands can be costly. The average ransomware payment is more than $160,000.
Ransomware usually comes via phishing attempts, downloads, attachments, or links. Here’s what you can do to mitigate the risk:
- Provide security training to your employees; only 2 in 5 business owners instruct employees about the dangers of phishing.
- Update your devices
- Update your software and systems
- Limit access
- Install anti-malware/anti-virus software
- Use multi-factor authentication
- Back up your data to the cloud and offline
Getting attacked by ransomware is not ideal, but it’s no cause for panic. Prepare for the scenario, and if you identify a ransomware attack:
- Quarantine the device
- Do forensic research on the ransomware
- Reset the device to factory settings
- Wipe all data
- Update the device
- Change passwords
- Report the incident to the Canadian Centre for Cyber Security.
These measures and tips are part of your arsenal in defending your business. A main benefit of a cyber insurance policy would include the costs of hiring experts to quarantine systems, trace and eliminate the problem as well as negotiate the ransom with the hackers or assist with restoring systems from backups. Additionally, the insurers will replace the hardware that has been turned into a “brick”, or is now useless.
Forensic support helps you identify the extent of the breach, how it happened, and how to avoid future breakdowns in cybersecurity. A benefit of the right cyber insurance broker is the resources they provide to help solve those issues and the expertise on how to resume business operations.
When hackers attack via ransomware, they’ll demand payment. The fee is usually hefty, and you want to ensure you can pay it. Your attack may not be as severe as St. Mary’s, but it can disrupt your livelihood and business operation. Cyber insurance can help you recoup your losses if you have to pay.
Is my point of sale susceptible to cyberattack?
Yes, but you can protect your point of sale (POS). Your business likely has a POS to conduct transactions. Your customers expect it for the convenience it provides for an immediate credit card or debit transactions.
Your POS may be vulnerable to hackers accessing your network, so you must protect them. Cybercriminals have no issues hacking into an unprotected POS system to steal card information and other personal data. That makes your customers’ /accounts and data a target for malicious actors.
Protect your customers and your business by ensuring:
- Your POS is protected behind a firewall
- You have encrypted data between your POS and the provider
- Use strong passwords (not the factory default)
- Limit access
- Install and update your anti-malware software
If your POS system gets attacked in addition to the reputational damage you will sustain you also could be levied fines, penalties and/or assessments for being in violation of the Payment Card Industry (PCI) standards. While it may not rank in the top 5 largest breaches it can still be damaging to your business.
We’ve discussed some preventive steps you can take to protect your business. The reality is that even the best protections fall short. To supplement your proactive steps, you should consider cyber liability insurance.
Here’s an analogy to highlight the importance of cyber insurance.
Your business has fire extinguishers, sprinklers, and marked exits in case of a fire. Even with all those protections and safeguards, you still likely have business property insurance to protect you in the event of a fire.
No one wants to deal with a business interruption; that’s part of the reason why you get insurance.
Find a cyber insurance policy for your needs
Cyber liability insurance covers your business from cyber attacks, including:
- Phishing simulations for employees
- Dark Web Monitoring and Scanning for threat signals
- Expert advice from specialists
- Real time threat alerts
Even with the best protections available, a cyber loss can still happen. Your policy should include:
- Cyber Incident Response Coverage
- Cyber Crime
- Damage to your systems and Business Interruption
- Ransomware Response
- Network Security and Privacy Liability
- Tarnished reputation
We know that your cyber security insurance needs to match your goals, business, and budget at Westland Insurance. Our expert cyber insurance brokers get to know you and your business so that we can tailor your policy to your needs.
We’ll work with you to build a risk management solution and ensure that your cyber security insurance coverages align with your business needs. Insurance can be complex sometimes. It doesn’t have to be. At Westland, we are passionate about helping you confidently navigate cyber insurance in Canada.
Contact Westland Insurance and let out expert insurance advisors do the hard work. We’ll find a policy that you feel best fits and provides peace of mind.