As people become more reliant on electronic communication, and as businesses collect and maintain ever more granular pieces of information on their customers, the opportunity for bad actors to cause difficulties for businesses and the public is exploding.
Yesterday the Identify Theft Resource Center, released its Annual 2015 Data Breach Summary. See full report here >>>
According to this latest report, over 16 million personal records have been access via cyber attacks on businesses.
Many of these businesses are small and surprisingly do not have eCommerce sites.
In fact, earlier this month, Sucuri warned of an increase in Brute Force attacks on the most popular website CMS platform, WordPress.
A brute force attack is simply a script trying to log in to a site using known popular user names and passwords.
The user name “admin” is the primary target and many CMS users are aware that they should never use “admin” as a user name.
However, WordPress is not alone, according to DIR Incorporated, a Michiana web marketing company:
Sites like Drupal, Joomla, and even so-call “custom web platforms” face brute force attacks on a daily based via protocols and multiple login attempt hacking software.
An infographic titled, SME’s and Cyber Attacks – What You Need To Know recently highlighted the following:
In the last few years, we got used to seeing retail giants like Target and eCommerce leaders like eBay face cyber attack vulnerability.
Yet, we seldom worry about cyber attacks on small businesses.
The reality is that just about any organization that uses technology to do business faces cyber threats.
And as technology becomes more complex and sophisticated, so do the risk that confront small businesses – which is why every business and organization needs to be prepared with cyber liability insurance.
Of course, since Mahar Insurance primarily serves small businesses in Michigan, we titled this post with the states name in it.
In the July 28, 2015 issue of Business News Daily,
… small businesses fall into hackers’ cybersecurity “sweet spot”: They have more digital assets to target than an individual consumer has, but less security than a larger enterprise.
Recently, Donna, owner of Curvy Girls are Chic replied to a Wordfence blog post with the following statement:
… I am so shocked by this [brute force attacks on her site]… I have a darn sewing blog. What do they possibly want with my site! …
This leads to the question, “how can small businesses do a better job to protect themselves against, and manage the risks related to a data breach and reduce the significant cost that can result from a cyber attack?
Two of the simplest and most cost-effective options are website plugins and Cyber Insurance.
Improving Your Small Business Website Secure
According to DIR Incorporated;
“for owners of WordPress sites, plugins like Wordfence, Jetpack, and bruteprotect are all design to help security small business websites for free.”
There are similar plugin are available for other open-secure CMS.
To find them, simply conduct a Google search.
For example, as seen on the screenshot below, over 189,000 search results are available for the query “Brute Force Plugin Joomla”.
Sadly, brute force attack are just one of the six most common types of cyber attack risks to small businesses.
- APT: Advanced persistent threats, or APTs, are long-term targeted attacks that break into a network in multiple phases to avoid detection.
- DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests, with the goal of shutting down the target’s website or network system.
- Inside attack: For this type of cyberattack, a sophisticated software program may not even be required: Someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information.
- Malware: This umbrella term is a portmanteau of “malicious software,” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access.
- Password attacks: Cracking a password is the simplest way for hackers to gain access to their target’s accounts and databases.
- Phishing: Perhaps the most commonly deployed form of cybertheft, phishing involves collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email.
Getting Cyber Insurance To Minimize Hacking Risks.
On Your SMB Across the country attorneys, and the American Bar Association consider Cyber Insurance as a critical coverage for for small businesses.
In fact, they have even titled one of their webpages; Guide to Cyber Coverage.
While the Guide acknowledges the active market for Cyber Attack Insurance, that comprehensive coverage is available, and that coverage changes constantly, the article claims that no one understands the coverage.
While cyber exposures are relatively new and tend to change rapidly, at Mahar Insurance of Dowagiac, Michigan, we partner with several insurance providers to help simplify the Cyber Insurance buying process.
For example, Travelers Insurance several solutions for different SMB situations.
Cyber policies cover a wide range of exposures, involve multiple lines of coverage, and are evolving. The market is responding to very creative criminals who have been quite successful in finding ways around most IT security measures.
Exposures are varied and go well beyond the basic costs associated with a breach of credit card information, so policies must incorporate a range of coverages to provide the protection that most organizations need.
And the reasonable level of risk management measures required frequently change as well. This doesn’t mean that Cyber Risk policies cover everything – they do not.
Underwriters must constantly balance their underwriting requirements, primarily information and expected client security measures, with client coverage needs.
However, underwriters in some cases have gone too far in trying to eliminate losses.
Long applications for cyber risk insurance with detailed technical technology questions are still common even though they are not applicable to most small and mid-sized companies.
And laser exclusions used by some underwriters, while effective in removing difficult exposures from coverage, create more challenge for customers and brokers. Bottom line, the market is working well as the exposures evolve and underwriters respond.
For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach are still a mystery. The market for cyber liability products is also in its infancy, so be prepared to work with your provider to ensure that you get what you actually require.
A good starting point is to determine what costs or expenses you would like to have covered and what types of incidents you want cover for. Circulate and discuss this list with all the relevant people, not forgetting to get all the information you need from third-party suppliers and partners. List both your own costs (known as first-party costs) and the costs that others may attempt to claim from you as a result of the incident (known as third-party costs).
Getting the right broker is important. A good specialist broker will save you time in determining what is right for your business, remembering that this may not be the broker you are currently using for your non-cyber risks. Share your list of estimated expenses and costs with your broker and talk through the different exclusions that might stop you from making a claim.
– Computer Weekly Magazine, Sarb Sembhi, July 2013
For now, Cyber Insurance is optional … but the day is coming when as a small business having Cyber Insurance might simply no longer be an option.
Get Identity Thief Prevention and Correction Defense.
Services like Lifelock™ and Credit Report monitoring services are great at identifying potential breaches of your identification.
However, ID Shield helps detect, prevent, and in case of ID thief — restore your identity.
Best of all, it not only delivers more services, it cost less over 25% less than Lifelock™ — Check it out >>>