Cyber Liability Insurance and Advice
We have provided some general information about cyber security and keeping for you below to help you manage your risks, but if you want to enquire about insuring your cyber liability risks please contact us.
Cyber Security for Organisations
There have been several high profile cyber attacks reported in the media recently and it is suddenly on the radar of small to medium sized organisations, especially if they store sensitive data.
You may have even read about Domino’s Pizza who were recently held to ransom after a hacker stole customer addresses, phone numbers, passwords and even favourite pizza topping from their servers! We are not sure exactly what the hackers hoped they could do with the topping information, but nevertheless serves to underline the vulnerability and negative publicity which is easily generated.
Whilst many more people are aware of the growing risks, recent surveys conducted by Symantec and other cyber security companies suggest many smaller organisations are still operating under a false sense of security.
It is easy to think of the large corporations and government bodies being the ones at risk from cyber-attacks. However as large companies continue to get serious about data security; other organisations are becoming increasingly attractive targets. The vast majority of charities probably don’t have a formal internet security policy for employees, only about half will have rudimentary cyber security measures in place. Around 40% will not have their data backed up in more than one location.
If an unauthorised outsider was to gain access to your server and take sensitive data on your clientele, crash your systems or take bank details, there would be a significant impact on your operations and your reputation.
Do not make the mistake of thinking that the cost of improving your security will be too expensive, here are some simple and economic steps you can take to reduce your risk of falling victim to a cyber attack:
- Train employees in cyber security principles
- Install, use and regularly update anti-virus and anti-spyware software on every computer used in your business
- Use a firewall for your internet connection
- Download and install software updates for your operating systems and applications as they become available
- Make backup copies of important business data and information
- Control physical access to your computers and network components
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your charity, make sure it is secure and hidden
- Require individual user accounts for each employee
- Limit employee access to data and information and limit authority to install software
- Regularly change passwords
- Consider using an encryption programme to keep computer drives, files and even email messages safe from hackers.
Another key point is to remind your employees to be wary of online scams. As the world’s football fans are engulfed by World Cup fever this summer, online scammers are hoping to capitalise on the sporting event’s widespread popularity by sending a spate of bogus Fédération Internationale de Football Association (FIFA) emails designed to con the recipients out of their money and personal information, or gain access to their computers. If employees fall for these sham emails, they risk infecting your charity’s computer network by inadvertently granting hackers unauthorised access.
The scams, purporting to represent FIFA, rely on a number of tricks to persuade supposed ‘lottery winners’ to fork over money in order to receive their huge cash prize. Another tactic is making delivery of the fake prize contingent on recipients divulging personal information. Scammers then use that personal information to commit identity fraud—draining bank accounts and opening fraudulent credit cards.
Due to the barrage of 2014 World Cup promotional material, it can be difficult to separate the real from the fake. To counter this confusion, urge your employees to follow the age-old adage that if something is too good to be true, it probably is. Some scam emails have recently been sent in Portuguese to baffle the recipients into clicking on a malicious link, employees should never click anything unfamiliar.
These and other online scams often take the form of spam, or unsolicited electronic messages. Through spam, scammers can also initiate installation of spyware, which is software installed on a computer without the user’s permission.
As a general rule, caution your employees to be vigilant when receiving any unsolicited or unexpected emails, and exercise extreme caution when clicking on links in suspicious emails.
For most charities cyber security should be simple, it is a case of implementing some simple rules and procedures.
All of our clients have access to a whole library of resources including policies which you can easily implement, not only for cyber protection but to comprehensively cover all your main risks. As part of our commitment to the sector we are also providing these resources for low cost rate of £99 which is fully refundable on buying your insurance policy through Access Insurance.