Examples of Cyber Attacks

Target, the IRS, Anthem BlueCross/BlueShield, Yahoo, and Ebay; these are just a few of the biggest data breaches over the past five years. When a person hears about a data breach in 2018, it is human nature to envision an IT Scientist cracking the code of an in-depth system of cyber security. Sometimes this is the source of a cyber attack, but many of the largest data breaches in history were started by something not highly technical. Here are some Examples of Cyber Attacks and how they begun.

Examples of Cyber Attacks | My Insurance Question

General Manager of a Professional Baseball Team uses a Weak Password

This actually happened between the Houston Astros and the St. Louis Cardinals when the Astros General Manager used the same user name and password in Houston that he had previously used when he worked in the Cardinals Front Office. Some employees from the St. Louis Cardinals Organization used this information to log in to the internal computer systems of the Houston Astros and obtained access to a database known as Ground Control, which was created by Luhnow. This database included details about confidential discussions within the Astros organization, player evaluations, trade recommendations, statistical information and more.

High-level Industry Executive uses the same password for all accounts

Many high level industry executives have extensive experience and expertise in their particular profession, but have only used computers for some or a small portion of their career. Many high level execs deal with interpersonal relationships between departments, partners and even competitors much more than the day to day operations of a business. For this reason they may not be as in tune with the risks a business faces in the realm of cyber security. These execs also have access to some of the most precious information a business may possess. This makes them prime targets for cyber attacks. In many industries there are many computer programs that require these execs to remember many different usernames and passwords. When you pair these accounts with all of the accounts these people have to use in their personal life, it is human nature to use the same password for multiple platforms. This makes it easy for hackers to find their password from one platform and use it to gain access to a bigger platform with more valuable sensitive information.

Salesman is travelling across country and has their laptop stolen in an airport

A few of the most common examples of cyber attacks are when an employee has a laptop stolen when they are away from the office. Depending upon the information saved on the device, it can be the source a hacker uses to start a data breach. Several data breaches have started when an employees laptop was stolen when their car was broken into and another occurrence happened at an airport while travelling for business. Bringing this to the attention of your employees when they use devices remotely will go a long way towards protecting your business.

Employee leaves the password to his computer on a post-it note attached to his desk

Leaving out a password in plain view can be a common way someone gains access to internal servers. Most offices have commercial cleaning companies in the facility after hours with little to know supervision. The people who work for these third party companies may or may not be ethical. Regardless it is imperative to not give them the opportunity to gain access to your internal computer systems. Many banks do monthly walk-throughs on unannounced days to find if employees are leaving sensitive information out on their desk. Depending upon the type of information your organization works with, this might be necessary for your business.

An employee clicks on an email that is actually a phishing scam

Phishing scams are a very common way for hackers to either install something malicious on one of your businesses computers or gain access to your internal servers. A phishing scam is when a hacker sends an email that looks legitimate asking the receiver to click on something within the email. Many of the emails look very authentic. There are businesses out there that can help you send out test emails to prepare your employees for a phishing scam. The company will send out an email periodically to see who will fall for the request. If the employee clicks on the link you are notified and you can go through additional training with that employee.

Eight CyberSecurity Tips for Small Businesses

Cyber Security

In-depth Training for Employees in Cyber Security Prevention

You and your information technology expert need to come up with basic security practices for your employees. There need to be clear and concise rules of behavior for your employees regarding passwords and customer information.

Protect all sensitive Information from Cyber Attacks

Starting with just keeping the computers clean and always running the latest security software on schedule.  Make sure you are install all of the proper malware, antivirus, and key software updates. If you and your IT Professional are constantly paying attention to cyber security, the employees will take more of an interest as well.

Make sure you purchase the proper Cyber Insurance Policies

Cyber Security Insurance comes in two forms that are usually packaged together. The first is commonly referred to as Data Breach Insurance and it covers your first party damages to you and your business. The other coverage is commonly referred to as Cyber Liability Insurance. This coverage protects your business from the third party liability your business may have to customers and other parties who may be damaged by a data breach that occurs within your business.

Get the best answers to Data Breach and Cyber Security Insurance questions at MyInsuranceQuestion.com

Do not forget about having a policy regarding Mobile Devices 

Mobile devices are such a common part of our lives now that many people forget to realize their phones are a prime target for criminals to access a business’s sensitive information. Many employees may want to have access to their company email on their phones, especially if they travel much for work.  Having a well thought out policy that you are comfortable with and adequate measures to check that your employees are following the procedures is essential.

Make backup copies of important business data and information

There should always be a way for you to retrieve customer’s sensitive information. Microsoft one drive is a great fairly new software program that allows you to store and share information internally.  If you can afford it, having a second server at a separate location may be necessary depending on how much information your business does store.

Cyber Security Insurance is needed for most small businesses.

Strictly control access to your computers and create user accounts for each employee

This can help dramatically if you have an internal problem. Knowing who was logged in at the time of the access can help determine where to go to find information about a hack. It may be as simple as an employee who opened a zip file in an email and they are scared to bring that to your attention fearing retribution or it may help you find the source of employee theft.

Secure your Wi-Fi networks

Properly securing your Wi-Fi network may seem like something obvious to prevent a hack. For small businesses owners without a lot of technology experience may not know how to do this or the need for this type of security. This should be the first and foremost thing a small business should do to prevent unauthorized access.  This is important to consider for businesses that are open to the public or may offer Wi-Fi access to their customers.

A Strong Password is essential to a good Cyber Security Program.

Passwords and authentication

Passwords protection is crucial to defending your business from a data breach.  It is important to give your employees hard examples of what is a good password and what is not.  What may seem secure to one employee may be something as simple as October which is not acceptable in the least bit.  Here are some examples of password you can use to demonstrate strong and weak passwords.

6f8Il,E6pg%j2

This would be an example of a password that is extremely secure.

BaSkeTBaLl_2741+3657

This would be an example of a password that is a little less secure, but easier to remember.

JoeSmith or password

These are examples of terrible passwords that should never be used.

You will find many employees like to use something similar to the middle password. This is because it has some resemblance to a word they can associate with to remember the password more easily.  I personally like this because, in the Fall I might use Football or Autumn, in the Winter I might use basketball or Thanksgiving. As long as you are keeping the other numbers and special characters random it is difficult for hackers to hack through these secure passwords.  The birthdays of yourself or a family member should never used. There should also be a time period for how frequently a password must be changed. Every 90 days is a good rule of thumb, but many businesses have different requirements based on the needs of their organizations.

4 ways your Small Business can prevent a Data Breach

In today’s day and age, there are many ways businesses take and face risks. Some businesses are in industries where they take risks just in the fact that they are open for business. That can be a roofing company who has employees who climb on top of a house on a daily basis. Other businesses face risks in hiring and firing employees, generating enough revenue to stay afloat and most importantly the risk of becoming victim to a data breach.  Most business owners do not think twice about purchasing commercial property insurance, but many still hesitate to secure small business data breach insurance.  This is a mistake because it does not matter the size nor the scope of your business, every business is a target for being hacked and every business is at risk for a data breach.

Obtain the best information about how to protect your small business from a cyber attack and where to buy small business data breach insurance at myinsurancequestion.com

Two of the largest data breaches in history were Target and Home Depot. Both of those breaches were accessed by first hacking in to a smaller company before gaining access to the larger company. Niether of these businesses had Small Business Data Breach Insurance. In the case of Target, the company was Fazio Mechanical Services and in the case of Home Depot, the company provided credit and debit card processing. These companies had been hacked weeks if not months prior to accessing the system of the larger company.  If your business works for any larger business than you could be at risk of being a target for hackers. If you choose to protect your business with data breach insurance this may not be as damaging.  Even if your business does not partner with larger companies you could still be a target for hackers just to get the information of your customers. This is a costly risk that you are taking without properly insuring your business and without taking precautions to protect your business. According to the Ponemon Institute it costs a business on average $174 per record. Other studies show it costing more. Taking these numbers in to consideration it would cost your business more than $17,000 for just 100 records being compromised. if that were 1,000 records it would cost $174,000. If that is not a cost your business can withstand than you need to have Small Business Data Breach Insurance Coverage and on top of that you need to be taking the proper steps to preventing this from happening. Here are four simple things your business can do to prevent a data breach.

Train your employeesLearn about the needs for Small Business Data Breach Insurance at My Insurance Question.com

The prevention of data breaches starts with your new hire training. If an employee is going to be using a computer they need to be trained on how to protect the company from being at risk. Do not assume employees know how to do this. Many employees may be very capable of doing a job for your business that is necessary. This does not mean they are computer savy and are properly trained to protect your business from intruders. Take the time and effort on the front end to properly prepare your employees to defend your business against hackers and it will provide dividends on the back end.

Help each employee protect their work space

Logging out and locking up your desk when away and over night are crucial. Even if the employee is just stepping away to the restroom it is crucial to lock up their devices. In most business environments, there are customers, vendors and other employees who may gain access to your computer while you are away.  You do not have to create a culture of mistrust to do this. On top of locking down your devices it is also important to not write down passwords on a post it note or some other piece of paper. It may be rare, but if these passwords fall in to the wrong hands it can cost your business immensely.

Require long passwords 

Passwords need to have certain requirements to be allowed. The best way to make this easier for your employees is to give them examples of what you want. here are a few examples of how someone can make a password strong and still make them rather easy to remember.

6h1fl,j2Oc49=

This would be an example of a password that is extremely secure.

BaSeBaLl_2345+6789

This would be an example of a password that is a little less secure, but easier to remember.

JoeSmith or password

These are examples of terrible passwords that should not be allowed.

I like using something similar to the middle password because I can change the word Baseball with the time of the year. In the Fall I might use Football or Autumn, in the Winter I might use basketball or Thanksgiving. This allows me to change the password frequently but not having to remember an entirely new password. There should also be a time period for how frequently a password must be changed. Every 90 days is a good rule of thumb, but many businesses have different requirements based on the needs of their organizations.

Shred everythingTo prevent a Small Business Data Breach make sure your employees shred everything that could be used in a cyber attack.

In today’s day and age, there is no reason any personal information should ever be disposed of without first being shred. There are outside businesses that can dispose of the shredded material. Some of these businesses will even recycle this paper, which is something you can share with your employees, customers and vendor partners. If any of these groups are environmentally conscious this can be a bonus to them and will add to your credibility as a business.