If you have read the news in the past few weeks you will have seen a lot of talk about ransomware, or more specifically: WannaCry. Ransomware traditionally encrypts files on your computer and holds them ransom with the promise of unencrypting or restoring them on receipt of the requested funds.
Ransomware is not new, but WannaCry was unique because it was able to autonomously propagate through email and made its way around the world in a matter of days. Many business operations were brought to a grinding halt while the owners and IT providers attempted to negotiate the ransom or unencrypt the affected files.
Thankfully, the transmission of WannaCry has now slowed, so while it may not be a top-of-mind concern, this instance still serves as a cautionary tale in cyber risk. This is a precedent-setting global cyber event and more are to be expected.
Here are some tips on how to prevent a ransomware or malware attack.
(This isn’t an exhaustive list by any means, but it is a good start. For more information speak with an IT professional.)
Update your operating systems
WannaCry exploited a known security gap within the Windows operating system. While Microsoft had issued a “security patch” in March of 2017 to address the concern the afflicted users hadn’t gotten around to updating their systems and paid the price.
Educate your employees and family members on how to detect and avoid phishing attacks
A phishing attack is when someone (or a bot) sends an email with a link or a file that has a virus or malware attached to it. These can be very convincing. Look for spelling or grammatical errors, subject lines that refer to a product you didn’t purchase, strange links, or anything else that doesn’t feel right. Delete these emails immediately, don’t open them, don’t click on any links and don’t open any attachments. If they came from a friend or colleague’s email address give them a call to advise them of the breach.
Maintain up-to-date antivirus software
Always ensure you are running up-to-date antivirus software. Many of these programs update their definitions frequently, so ensure that the updates are automated or that you run them on a regular basis.
Buy cyber insurance
Crossroads has a full suite of cyber coverages that can be added to an existing commercial insurance policy or purchased as a standalone product. Policies can include:
- Computer Attack – covers the cost of hiring an IT firm to get things running again in the event of a cyber attack against your computer or systems. You can also be reimbursed for loss of income during the downtime.
- Lawsuits based on security failure – if you are seen to be negligent in maintaining your computer systems this coverage will come to your aid should a lawsuit be filed.
- Breach of Privacy Laws – with the forthcoming changes in Canada’s Digital Privacy Act businesses can be held responsible for a breach of privacy that hasn’t been reported to the Privacy Commission. Failure to do this can result in fines, fees or civil lawsuits again your business; the cost of which can be covered by certain cyber policies.
- Cyber Extortion – pays the fees associated with hiring a professional firm to handle and negotiate and deliver ransom demands.
Cyber Risk Insurance is rapidly expanding in the insurance landscape, there are more comprehensive products cropping up all the time. We promise to continue to look out for your best interest.
If you are interested in Cyber Coverage for your business, please contact our offices for more information.
Jamie Taronno, CAIB
General Manager