This year’s Cybersecurity Awareness Theme theme is – Own IT. Secure IT. Protect IT.
October as National Cyber Security Awareness Month. This year’s campaign theme is Own It. Secure It. Protect It. As it has done for the past few years, the Department of Homeland Security has made available a number of informational resources and campaign materials for those who are looking to improve their own cybersecurity measures or to help inform others. For those interested in perusing what is availably, you can do so here on Homeland Security’s National Initiative For Cybersecurity Careers & Studies webpage.
As for the Massachusetts, the Commonwealth also has designated the month of October as Cybersecurity Awareness Month. In commenting on the occasion in 2015, Governor Baker said,
This month is a great opportunity to raise awareness about the importance of cyber security for the people of Massachusetts, our businesses, and state government,” said Governor Charlie Baker. “The cyber security field also represents a great opportunity for Massachusetts to utilize the multidisciplinary collection of assets and capacities in our universities, our industries and our government to be a leader globally in cybersecurity services.”
The decision to dedicate the whole month to cybersecurity awareness was in response to the growing importance of cybersecurity for financial services. This need is only growing.
The NAIC believes Cybersecurity has become one of the most important issues for the insurance industry
The National Association of Insurance Commissioners believes that cybersecurity is becoming one of the most pressing issues in the insurance industry due to the highly sensitive and personal data that many insurance providers and professionals handle on a daily basis. It should know, as evidenced by the current homepage announcement on the NAIC website:
What this shows is that no one is immune from a potential cyber attack. In fact as the 2019 Travelers Risk Index notes, this year is the first time that cyber risks tops the concerns of U.S. businesses more than any other issue.
The following are just a few more sobering statistics about the growing cyber threat.
Massachusetts was one of the top 10 states in the U.S. with the largest losses due to cyber crimes
According to 2018 data from the Internet Crime Center, or IC3, reported cyber crime losses in 2018 totaled more than $2.7 billion dollars.
As for which states suffered the most losses, the following graph by Statista maps out which states were hit hardest. California suffered the largest losses with $450.48 million in losses in 2018. It was followed by New York, and Florida to round out the top three. Massachusetts also was one of the top 10 states to suffer the largest losses coming in at the tenth position with approximately $68,242,216 million in cyber crime losses last year.
There are approximately 4,000 daily ransomware attacks in the U.S.
Ransomware is a malicious type of software used to block access to a computer system until money is paid. According to the latest data from the FBI, there are roughly 4,000 daily ransomware attacks in the U.S. with that number on the rise. While businesses are typically a popular target of ransomware, any individual or entity is at risk of becoming a target.
In fact, during the past year, there has been an alarming increase in the rise of ransomware attacks against various municipalities and hospitals throughout the country. The city of New Bedford successfully mediated just such an incident in July of this year avoiding having to pay a $5 million dollar ransom.
Insurance professionals, handling large amounts of sensitive data on a daily basis are at a heightened risk of loss due to a potential cyber attack.
How businesses can better prevent against a potential cyber attack
Typically ransomware infiltrates via an email phishing scam. The following are a few of the recommendations from the FBI’s Cyber Division center with respect to helping business prevent a ransomware attack:
- Implement an awareness and training program. Since many cyber attacks target end users, employees and other individuals should be made aware of the threat of ransomware and how it is delivered.
- Patch operating systems, software, and firmware on all devices used for business purposes.
- Back-up all data regularly as well as verifying the integrity of those backups.
- Secure your backups Ensure backups are not connected to computers and networks they are backing up instead choosing back-ups in the cloud or an external hard drive. The FBI says that backups are critical in a ransomware situation as it may result in the best way in which to recover any critical data compromised.
- Set all anti-virus and anti-malware programs to the “automatically update” setting.
- Make sure that both anti-virus and anti-malware scans are done on a regular basis.
- Create and manage a hierarchy of privileged accounts. Implement the principle of “least privilege” this means users should never be assigned administrative access to operating systems unless absolutely needed.
- Configure all access controls, including a company’s file, directory, and network share permissions with the “least privilege” principle in mind.
How individual insurance professionals can help make the work place more cyber secure
Independent agencies and insurance companies alike hold a wealth of highly sensitive data. As such, it is important that companies, large or small, take a look at cyber security, not only as another line of insurance to offer their insureds, but as security measure to ensure the safety and protection of their clients data.
With that in mind, the following are some tips that the MassIT Enterprise Security Office has offered in the past as a way to ensure better cyber security. Agency Checklists is reprinting them again this year as they are tips that can be shared both in your office as well as with your insureds:
- Make all passwords complex and be sure to implement a policy in which they are changed regularly; Better yet, look into the industry initiative SignOn Once;
- Be sure to create and implement a protocol to handle passwords from departing employees;
- Only open emails or attachments from people you know;
- In the case of a suspicious email – do not respond to emails or text messages asking for confidential information. Also never open attachments or links within a suspicious email.
- Limit your details disclosed in “out of office” messages.
- Keep an up-to-date computer, meaning that all computer programs and software are updated in a timely fashion;
- Use a screen saver on your office computer that activate within a maximum of 15 minutes after no keyboard or mouse activity; this helps avoid a vulnerable work station resulting from an impromptu absence from your office due to a meeting, etc.
- Lock your computer each evening by pressing “CTRL+ALT+DELETE then select Lock this computer”
Resources in the unlikely event a cyber attack occurs
The FBI encourages organizations to contact a local FBI Field office in the event of a ransomware attack or other cyber attack. The Federal Trade Commission also has a variety of resources on cybersecurity measures for small business which can be accessed on their website here.