/// Posted by Ellen Bohn Gitlitz & Bill Smeltzer
No one would have predicted that we’d all be spending our spring, summer, and possibly beyond working remotely and restructuring how we engage with our coworkers, clients, and lives in general. Unfortunately, this extended period of disruption and uncertainty has also made us all more vulnerable to those who would capitalize on the moment. As we’ve all turned to online solutions to remain connected, hackers, fraudsters, and thieves across the globe have unleashed their arsenals toward exploiting any weakness. Now more than ever, stringent cybersecurity protocols, backed by a comprehensive insurance policy, are necessary.
Ellen Bohn Gitlitz, Executive Vice President of Property & Casualty Insurance at The Hilb Group of New England, has seen a sharp uptick in social engineering fraud, reverse social engineering fraud, and phishing hacks. From an insurer’s perspective, she states that, “Everyone needs cyber coverage, now. It’s not a matter of if your company will be hacked, but when.”
Most every company she works with has been covered by a cyber insurance policy when they’ve run into trouble. Every carrier is a little different in terms of what and how they cover their policyholders—including cyber business interruption, affected server coverage, data breach recovery, legal claims coverage, and more. One company she knows of, however, did not have cyber liability insurance when it was hacked last year and held up for cyber ransom. Today, after losing more than 50% of their clients, they are still wrestling with a tenuous future. “The threat is very real,” she cautions.
Social engineering fraud is a confidence scheme where a would-be thief impersonates a vendor, client, employee, or partner of your organization to trick the system into sending money or diverting a payment. This can be a sophisticated incursion including seemingly internally sent email requests to pay fake invoices or follow detailed wiring instructions. She recommends that every invoice should be checked with vendors and billing records, and that credit card bills, informational requests, and any computer system irregularities be examined with a fine-toothed comb.
Bill Smeltzer, Chief Strategy Officer for Focus Technology, a leading information technology and cybersecurity partner for the Northeast, shares some tips and insights to maximize system and network security during this time of remote connection. There are some basics you can do at home to maximize network security, include deleting any phishy emails without opening them, and ensuring that your spouse, children, and roommates remain equally vigilant around online messages. Hackers are targeting kids and less tech-savvy elderly as everyone is now online and active, making networks more porous that in the past.
We also recommend that you ensure your home Wi-Fi networks are not set to the “default” password that your routers came with. Following guidelines for creating a complex, personalized password for your Wi-Fi is something you can and should do right now. Another potential point of weakness comes with the influx of various points of smart technology to your home. Smart TVs, Wi-Fi enabled home thermostats, the always listening Alexa, Echo, or other smart-speaker system, and even an App-controlled fish tank monitor can and have proven to be points of potential infiltration for clever hackers.
And for the many business teams that are now operating via video-chat or telework technology, consider these six key Focus Technology recommendations to mitigate the chances of a hack:
- Update VPNs, network infrastructure devices, and devices being used to remotely connect with the latest software patches and security configurations.
- Alert ALL employees to an expected increase in phishing attempts.
- IT security personnel should ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Implement Multi-Factor Authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords.
- IT security personnel should test VPN limitations for mass usage and, if possible, implement modifications, such as rate limiting, to prioritize users that will require higher bandwidths.
- Communicate to your whole team who and how to report security incidents, phishing, malware, and other cybersecurity concerns.
Whatever your remote work situation, take this moment to communicate the very real dangers of cyber-crime to your teams and housemates. It is also a good time to consider both a cyber insurance policy that meets your needs and a partnership with an outside cyber security specialist to bring professional-grade protection to your organization.
Please don’t hesitate to reach out directly with any questions or needs:
Ellen Bohn Gitlitz, EVP of Property & Casualty, Hilb Group New England
Bill Smeltzer, Chief Strategy Officer, Focus Technology