ransomware cyber

2020 – a year of improbable curveballs for all of us; sure to have mid to long-term effects on all businesses regardless of the industry.

Many of us have had to change our working practices as our team dynamics have changed and are also having to rely more heavily on our IT systems and make huge changes to them at very short notice.

A traditional 9-5 office-based role has lead to a shift of businesses now allowing employees to work from home with increased remote server access with sometimes little attention giving to the potential repercussions of doing this without reviewing their cybersecurity policy.

Cyber insurance, as an insurance product, is clearly at the forefront of any business owner’s mind, however, the question you should ask yourself is-  ‘How has working from home specifically affected the probability of ransomware attacks on your company?’

Beazley have recently advised their highest frequency claims in 2020 were: business email compromise (32%); ransomware attacks (26%) and hack/malware incidents (at 20%). Their ransomware claims have increased approx. 8% this year alone but why is this?

Helen Nuttall (BBR Services Manager, Beazley) cites a correlation with hacker attacks dropping off in line with earlier lockdown measures and have increased again with businesses trading again.

Cyber attackers will typically work in cycles and waves, focusing on a short intense ‘campaign’ to maximise losses and then will dissipate to use funds and re-energise under a new working title- such as Gangcrab have done this year.

Use this as an analogy- essentially, when we started to work from home, our house is the IT network, and the more users that are logging in remotely, the more windows and doors are being left open. Although we may have supposedly strong password credentials, the more users, the higher the likelihood is of a weakness in our IT systems being taken advantage of.

Most ransomware incidents start from a phishing attack or remote access security weakness – where we have left a ‘window open’ for ransomware to be installed.

Working from home means we are more easily distracted and click downloads or “enter credential” launch screens to open said window.  In addition to the direct data and financial loss of the attack, insurers are noting extortion going in hand in hand with the additional threat of publishing the GDPR breach to the public.

What are the recommended top tips to curtail the losses of a ransomware attack?

Offsite backups

  • Really important that your backup is kept offline
  • If your backup system is kept online with the remainder of your platform, the attacker will also still have access to the backup data also- keep them separate

Personal data-

  • Protect your personal data
  • Limit the volume of users that have access to key personal data- restrict your access
  • Encrypt your data- Attackers can access data through file servers. If it is encrypted then they can access data but not read it however if not encrypted, they can access the data as well as publish it.
  • Don’t reuse passwords
  • Enable multi-factor authentication for all employees (especially when working from home)

Use Experts-

  • The right experts at the right time is key.
  • Smaller businesses- your third party IT provider may not hold the specialist skills to be able to minimise the losses and likely to not have the resources or leverage to negotiate with a ransom attacker