L&T Blog

Cybersecurity: What to Do Before and After the Breach

March 19, 2019

By Richard Swetonic, Sales Executive at Lovitt & Touché

“It looks like our computer system has been breached.”

What?! Thoughts race through your head. How bad is it? What information was compromised? How did this happen? What do we do now?

No executive wants to experience a cybersecurity breach at their organization, but the reality is that they’re becoming increasingly common.  

By now, most people have heard about the major data breaches such as Yahoo!, Marriott, Target, LinkedIn, and Equifax. However, it is unlikely that you have heard of the North Country Business Products, Inc. data breach. That is because the large corporations get all the press. After all, the Yahoo! breach resulted in 500 million accounts being hacked in 2014.

An alarming number of cyberattacks are also occurring at middle-market companies across a wide range of industries. In 2018, 765 million people in the second quarter alone were affected by corporate data breaches and cyberattacks – with losses surpassing tens of millions of dollars, according to global digital security firm Positive Technologies.

Social engineering accounts for the largest percentage of cyberattacks, according to global insurance provider Chubb. Social engineering involves psychological manipulation, usually through technology, to trick someone to divulge confidential information or convince them to take a certain action. This could include providing passwords, bank information, or employee information – even transferring company funds.

 The Chubb Cyber Index is a great resource that provides current statistics on cyberattacks, which can be analyzed by industry, company revenue, and by date range.

 According to the Chubb website: 

·        Phishing claims continue to rise as one of the leading contributors of "social" cyber claims.

·        W-2 type scams, where a person is tricked into sending a bad actor the W-2 tax forms for other employees, continues to be a significant source of claims, especially during tax season.

·        There has been a surge of phishing attack claims associated with cloud-based migration, when bad actors trick computer operators into providing their usernames and passwords, thinking that it is part of a system upgrade or migration.

·        In cloud-based phishing instances, bad actors usually take control of the victim’s email account and set up forwarding rules so that all future email traffic is diverted to the criminal's own account.

When it comes to cyberattacks today, it’s not if, but when. Most CTOs and CFOs are starting to realize it is very likely that a breach of their company’s system will occur. With that in mind, IT departments (in-house or outsourced) are proactively looking at their organizations’ IT infrastructure. They are conducting network security assessments, reviewing PCI compliance, and conducting penetration tests in an effort to improve security and prevent attacks.

Beyond these safeguards, employees are still vulnerable to social engineering scams. That’s why it is also important to train your employees regarding these types of attacks and to have a good cyber insurance policy.

Most commercial insurance policies now include a small amount of cyber coverage. But if cyber coverage is mentioned, it is more of a “throw in” coverage and it isn’t very robust. Notification costs alone would quickly exceed the limits of a coverage such as this. You need a separate cyber policy that will cover system damage, extortion or ransomware, business interruption, and damage to third parties, including customers.

Once a breach has been discovered, the extent of the damage needs to be assessed and contained, through the following steps:

·        The IT department should take preventative measures to contain the breach and avoid additional losses.

·        Next, you want to document all details of the event. Start with a written chronology of the breach: when it occurred, how it was discovered, what data was compromised, what systems were affected, and whether or not it has been contained.

·        The management team needs to be made aware of the incident details and countermeasures taken. Then, begin the process of reporting the incident – contact your attorney, insurance broker, and law enforcement to advise them of the incident.

·        Lastly, you and your team should learn from the incident. Understand how the breach occurred, identify additional security measures or training programs to implement, and how to handle another incident better in the future.

Today, a breach of your organization’s system almost seems inevitable. Fortunately, IT professionals are fully aware of this and look to enhance system security measures. However, the costs associated with a breach continue to increase every year. As a result, you should review your cyber policy limits and how the policy will respond on an annual basis. Cyberattacks are not going away. Hackers will continue to be innovative with their schemes to obtain sensitive information, and the insurance carriers will continue to add coverage endorsements in response.