Cyber attacks and data breaches have become a recurring trend in today’s society, and the most valuable currency is customer data. In the business world of sensitive customer records and data, virtually all consumer and company data is prized by hackers and worth protecting for your business.
As breaches become more common and destructive, organizations are still perplexed about coverage and, ultimately, uncertain about cyber insurance being a necessity. In this era of increasing regulation and public awareness of data security risks, you don’t want to risk critical information falling into the wrong hands. Every business should consider their exposure level in the event that sensitive data is compromised, and cyber security needs to be a top priority.
In 2016, a hospital in California was the victim of a ransomware attack. Hackers shut down the internal computer system at Hollywood Presbyterian Medical Center for over a week, encrypting protected patient files, emails, billing, and other sensitive data.
The hackers were demanding $3.7 million in ransom before they would relinquish control of the information obtained from the hospital’s server. Tim Erlin, a spokesperson from the hospital, said that the attack “seriously degraded their ability to deliver care.”
Ransomware is malware that exploits security weaknesses to infiltrate a company’s computer system, then takes their information hostage. Once they get in, cyber criminals lock the business’ computers down, encrypting sensitive information and threatening to release it to the public unless a ransom is paid.
According to a report by Verizon, in 2018, 56% of malware incidents involved ransomware. The most alarming fact from the study was that cyber criminals are now seeking to compromise entire computer servers versus single employee devices.
Social engineering is a method hackers use to trick victims into divulging sensitive information, like their passwords and usernames, through emails or other platforms with a sign-on function. This method of accessing and attacking protected information and even entire servers is becoming more and more common. Some of these emails can be disguised under branding or a domain that is similar to your practice, or the all too familiar "prince of Nigeria" email.
Email is an easy access point and hackers can deploy massive attacks by sending out blanket emails waiting for a bite—giving them access to your business’ sensitive information—or worse, your customers’ personal information. Small and mid-sized businesses are more susceptible to social engineering attacks because many of their employees have access to consumer information and sensitive data. Employee data is also a vulnerable target for cyber criminals that often goes overlooked. If your business keeps employee records of any sort, that data is rich with information like social security numbers and tax documents, which are highly valuable pieces of information.
Most employees constantly work over email sharing company data, and often times aren’t properly trained on how to recognize or respond to these types of incidents.
No matter the type of business or the size, a good best practice is to take precautionary measures when it comes to protecting your business’ sensitive data. All businesses face their own types of cyber risks, and while they may not be completely avoidable, having a prevention plan, educating your employees, and proper cyber liability insurance coverage can protect your practice from the aftermath of a breach.