Global Cyber Attack Advice and Cyber Liability Insurance

Anton Hilton • May 8, 2017

The recent global cyber attack called WannaCry has hit over 150 countries, encrypted the data of 200,000 computers and affected organisations such as the NHS, Nissan and Renault. This is not the first, nor will it be the last cyber attack.

Regardless of how up-to-date your IT systems are, we are advising businesses to consider purchasing Cyber Liability Insurance as a matter of urgency and can provide a free quotation within 30 minutes – please call 020 8909 2899 today.

WannaCry exploits a vulnerability in Microsoft, who released a software patch to fix it in March, however many users fail to install updates and patches on their computers meaning vulnerabilities can remain open a lot longer and make it easier to exploit. If you have been affected, the National Cyber Security Centre has advice on steps to take: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

What is Ransomware?

There are two main types of ransomware – lock screen ransomware, where screens are locked to bar access, and encryption ransomware, where files are altered and opening prevented until an encryption key is applied. Either way, a ransom – usually payable in Bitcoins – is demanded, and which affected organisations must pay, or lose critical data. As cyber criminals become ever more sophisticated, businesses can be infected by ransomware via a number of routes but typically email, through accessing malicious websites or due to flaws in installed software (and omitting to apply patches).

Top tips to protect your business

Here are some of the top measures IT professionals believe are essential for protecting businesses from cyber crime:

1. Install anti-virus, web filtering and firewalls

The best way to secure against a cyber attack is to prevent malware entering the business in the first place. Implementing anti-virus, web filtering and firewalls are a must – and ensuring they are always up-to-date.

2. Keep software updates patches applied

Malware can often enter via bugs in software and applications. Protection can be advanced through ensuring software updates are implemented and patches applied as soon as they’re released. WannaCry is believed to be exploiting a Windows issue for which Microsoft released a patch in March, but many organisations did not update their systems.

3. Backup your files and data

Whereas encryption ransomware will result in live data being affected, backup data will not have been maliciously encrypted. Once infected devices have been cleared backup data can be restored and your business can be swiftly back up and running!

4. Keep your employees trained – Be careful what you click on! It’s essential to keep reminding employees of these potential ransomware threats. (The malware of this attack was distributed by phishing emails)

Cyber crime originating through email is common, often sent as mass random communications. Therefore, it’s worth ensuring employees receive regular training to remind them of potential hazards. Emails incorporating malicious links still create issues for many businesses. Some signs to look for include:

  • You should only click on emails that you are sure came from a trusted source.
  • Emails claiming to be from well known, reputable organisations. These may have email ‘from’ addresses that differ very slightly from the official address – i.e. a 0 replacing O
  • Emails may have been sent by one of your contacts, whose own accounts have been hacked. These can often be identified as they contain a short nonsensical message and malicious link.
  • Social media networks or instant messaging may also contain links to malware.
  • Increasingly, malware is distributed via every-day type documents that invite users to enable macros. A robust policy regulating download privileges, defining rights per employee can extend protection across the business.

5. Is it really the CEO emailing?

A common and growing form of cyber attack visited through email is that of spear-phishing, where an attacker poses as a company official to exploit a specific function – such as a ‘CEO’ requesting finance transfer funds. These types of email can also claim to come from official organisations – a bank, government department, or even the police, for example.

6. Formalise security policies Define in writing formal protection policies and processes, and work with an IT partner to roll out these policies on every machine, to provide as much protection as possible for each individual user.

7. Instigate a robust password policy

It goes without saying that the more robust a password requirements policy, the harder it is for cybercriminals to infiltrate. But many businesses still employ an ineffective/weak set of regulations – if any. Insisting on unique ‘strong’ passwords for individual accounts will help reduce potential risk, as will implementing single-sign on solutions. With multi-factor authentication, access is gained only after successful submission of various pieces of requested information, such as a numeric code texted to a mobile device, as an additional layer on top of password control.

8. Turn off immediately if suspicious activity is detected

At an early stage of an attack disconnecting from the web could prevent the malware establishing itself, but doing so may also prevent ransomware spreading to other areas of the business.

We are advising businesses to consider purchasing Cyber Liability insurance – to find out more about this cover or for a free quotation please call 020 8909 2899

How to manage threat of terrorism in crowded places

By Anton Hilton November 27, 2017
Crowded places are – and will remain – attractive targets for international and “home-grown” terrorists and so an important element of any counter-terrorist strategy is to create safer places and buildings that are less vulnerable to a terrorist attack. This is especially so for leisure, hospitality, retail industries. Cost of terrorism Companies still significantly underestimate their potential exposure to the related risks and losses, especially to the increasing indirect risks from terrorism elsewhere. For example, the Paris attacks in November 2015 paralysed Brussels’ tourism and retail sectors some 320 kilometres away and had a lasting impact on the city’s commerce. Many UK companies are unaware – or have underestimated – the financial losses that could occur if a key supplier or business partner (in the UK or internationally) were unable to operate for a significant period of time. The human and financial cost of terrorism is growing rapidly. The Institute of Economics and Peace has estimated that the direct cost of terrorism to the global economy in 2014 was $52.9 billion – a ten-fold increase since 2000 – and the indirect costs at $105 billion. Practical steps Companies can’t predict all possible threats to their business. However, by working through a range of potential scenarios and consequences it is possible to make informed judgements and set appropriate priorities. The following process is an effective way for companies to think about improving the management of these risks: Step one: identify the threats. Understanding terrorists’ intentions and capabilities, what they might do and how they might act, is a crucial first step to assessing potential threats. Step two: decide what you need to do to. Priorities should fall under the following categories: people, physical assets, information and process (supply chains and the operational process required to support the business). Step three: identify measures to reduce risk. Companies should introduce new proportionate measures that: deter would-be terrorists; 
aid detection of intrusion; and
delay any attempts at intrusion. Step four: continually review your security measures. Security and contingency plans should be rehearsed and reviewed on a regular basis to ensure they remain accurate, workable and up-to-date. Terrorism Insurance Since the IRA attack on the Baltic Exchange in London in 1993, the UK established a mutual government reinsurer, Pool Re, to provide a backstop to insurers that offer terrorism cover on business property and business interruption policies. This has worked well and despite £600 million of claims from 13 separate incidents there has been no use of public money. However, the increasingly interconnected nature of global commerce means that UK organisations are not only exposed to events in the domestic market but many also have international exposures through the global reach of their business activities. Companies can also be impacted via a change in consumer behaviour in the aftermath of a terrorist attack. New threats and new risks require new insurance solutions and one insurer is now offering a contingent Loss of Attraction cover, for example. As always if you have any questions regarding your business insurance please contact Forum Insurance on 020 8909 2899

Stay safe online this Cyber Monday

By Anton Hilton November 27, 2017
Here are some of the measures IT professionals believe are essential for protecting against cyber crime: Install anti-virus, web filtering and firewalls. The best way to secure against a cyber attack is to prevent an attacker entering your system in the first place. Implementing anti-virus, web filtering and firewalls are a must – and ensuring they are always up-to-date. Keep software updates up to date! Before you start shopping with any online retailers look for the security information in the address bar to ensure you see the letters “https:” to indicate that it’s a secure site. You might also see a little padlock symbol in the same line. Consider using an alternative form of payment that protects you a little more. An online payment service like PayPal has strong safeguards in place, and can serve as a go-between for you and the retailer – you can even use your regular credit card as a payment method within PayPal. In order to shop on any online retailer’s web site, you will most likely be required to create an account. When you do establish an account, it’s important to choose a strong password that has a combination of letters, numbers, and symbols, and don’t forget to throw in a mixture of upper and lower case. It is also recommended to create unique passwords, meaning you don’t use the same password for multiple websites. Check your credit cards routinely during the coming weeks to make sure there is no unauthorised activity, and remember to alert your bank if you have reason to believe that your identity has been compromised. If you have a business, keep your employees trained to be careful what they click on if receiving deals! They may not be from the well known brand they appear to be from – and this could spread a virus throughout your company’s system.

Forum Insurance hails next stage of growth with first new director

By Anton Hilton November 20, 2017
Amish joins the family business after successfully managing the business through a change period, structuring the team to serve it’s core markets. Mamtora studied at Aston University prior to joining the family business some 4 years ago. In his new role he will be responsible for growing the business in both existing and unchartered sectors. Managing Director Barry Mamtora said, “I am delighted Amish has chosen to join the family business and take it to the next stage. We have celebrated 25 years in business and I have every confidence Amish will maximise insurer partnerships and leverage our buying power to deliver the best risk management solutions for our clients.” A number of key achievements have driven Forum’s growth in the past few years including the expansion into petrol forecourts where they have gained significant market share. This appointment hails the next phase of growth for Forum Insurance. Amish Mamtora said, “I am delighted to be appointed director at such an exciting time. The opportunity to continue Forum’s success story and utilise technology to our advantage is key to my plans for the future. It is an exciting time for independent broking.” Forum Insurance are developing an ongoing client consultation programme, ensuring our diverse client base are best placed to understand the individual risks to their business. Amish continued, “As a family business we share a common passion for excellent customer service and look forward to working even closer with our clients, delivering traditional personal service. This opens up some very exciting opportunities for our employees."