Skip to main content

The Weakest Link

By January 24, 2018Cyber Liability

As the old saying goes, a chain is only as strong as its weakest link. Think of your business like a chain – all it takes is one employee to slip up for your entire network and database to be broken. Businesses of all shapes and sizes are targeted by computer hackers looking to do harm. As a business owner, it’s important to understand some of the dangers lurking out there.

Don’t Click That Link!

One of the easiest and most common ways a hacker can get into a company’s computer network is through the use of malware. Malware is a type of software that is installed on a computer, often without the owner’s knowledge, that attempts to cause harm such as identity theft, installation of a virus, or the encryption of the system to extort a ransom. Cyber criminals often send emails enticing the recipient to click a link, which then allows the criminal to install the dangerous software. While many of these emails are filled with misspellings and grammatical errors, hackers are getting smarter and producing fraudulent emails that look like the real deal.

Employees must be vigilant about making sure they do not click links from suspicious sources. Emails that seem off due to improper phrasing, capitalization, or spelling, or those that contain requests for information that the recipient doesn’t expect, should be opened with caution or not at all. Links and attachments in emails are also red flags.

Know Who to Trust

The above advice is solid, but it overlooks one very important element: social engineering. This newer type of fraud preys on an email recipient’s trust that the email itself is genuine. A hacker can send a fake password reset email or use malware to obtain the password of a high-level company official. The hacker can then log in as that person to send fake emails to other employees. They may create false invoices or allow the hacker to redirect wire transfers.

Social engineering takes advantage of the fact that many employees trust emails that come from fellow employees. They also will often do what their boss asks them to do. Exploiting that human vulnerability can give cyber criminals access to information and bank accounts before anyone is aware of what’s happening.

In response, many companies are warning employees that they should never take certain actions like wiring money without verification over the phone. Employers should also set clear protocol for how money flows from the company, providing a signal that something is wrong when someone doesn’t follow procedure. Further, if employees receive instructions that are outside the norm, they should be instructed to verify them over the phone or in person, as replying to the suspicious email or forwarding an email to someone’s compromised account may give additional misleading information.

Raise Awareness

Assuming employees won’t make a mistake or trust the wrong email is a recipe for disaster. Employee training and clear procedures for internal and external fund transfers are your first line of defense. Creating an environment where employees will validate requests can help minimize the risk. Other simple requirements, like changing passwords frequently and providing ongoing training and education to employees will go a long way toward protecting your business.

Always Have a Backup Plan

Even the most stringent policies and procedures often aren’t enough. Employees may still inadvertently provide access to systems. Cyber liability insurance can offer financial protections as well as breach management and reputational damage control in case other protections fail. As technology and hackers become increasingly complex, knowing your business is protected can give peace of mind, allowing you to do what you do best – run your business.

All insurance policies are different. Be sure to review your insurance policy for specific information about coverages available to you. Nothing in this post is meant to suggest a guarantee of coverage.