The Latest on Cybersecurity

Ultimate Kronos Group, one of the countries largest human resources companies, suffered a crippling ransomware attack in mid-December 2021 that will likely keep its systems offline for weeks. While you may think your company’s cybersecurity is up to date and your risk for attack is low, cybercrimes are on the rise. In fact, cyberattacks increased by 148% in March 2021 over baseline attacks in February 2021, and that trend seems poised to continue or even increase as more employees work remotely.

This increase in cyberattacks can be alarming considering the staggering number of cybercrimes and ransom attacks in 2020. Industry-specific attacks have increased in healthcare, education and higher learning, and financial and insurance sectors. Even municipal, state and federal government institutions were not immune.

Cyber and ransomware attacks are not only costly in terms of a company’s productivity and reputation, but they can also break the budget on a much larger scale. In 2019, companies around the world spent more than $7.5 billion to settle ransomware attacks. In 2021, mid-sized organizations paid an average $170,404 ransom to recover their compromised accounts. For some, the cost can be much more dramatic. In the 2017 ransom attack on FedEx’s Dutch subsidiary, the company claimed a $300 million loss, the majority of which was attributed to the ransom attack.

With cybercrimes on the rise, what can businesses do to help protect themselves from these types of attacks? Below are some basic prevention tips, which is a good place to start.

  • Establish a Plan. Work with your IT provider to make sure your business has a plan in place to combat cyberattacks, and make sure all employees are familiar with basic cybersecurity efforts and protocols.
  • Educate and Train Employees. Ensure that everyone with access to your network systems — employees, remote workers and vendors — is educated on the company’s cyber policies, and implement those practices into their daily work functions.
  • Avoid Clicking Suspicious Links. This may sound remedial, but it’s estimated that more than 70% of data breaches involve phishing scams from email solicitations. These days, phishing attempts often replicate the design and address of another trusted source — or even a company email.
  • Utilize Robust Email Protections. Using robust email and endpoint protections is imperative to protecting your company’s data. Be sure to include up-to-date email scans for malicious attachments and current endpoint signatures for malware detection.
  • Consider VPN (Virtual Private Network). Consider using a VPN for employees and remote users.
  • Password Security. Set up two-factor authentication on your company’s password system. This can help limit access in the event of a password breach.
  • Offsite Backups. Keep immutable and offsite backups of your company’s data. This can help limit data loss in the event of a cyberattack or data breach.

Implementing these types of security measures can help protect your company’s systems from attack, prevent a data breach or help mitigate information loss should an attack occur. If your company sends and receives emails, makes or receives payments online, hosts an interactive website, or holds any personal information within its systems, you may be vulnerable to a cyberattack. Every business needs a Cyber Liability Policy, and it is imperative to educate and train your staff on cybersecurity.

ISA has decades of experience helping clients manage risk in their commercial and personal lives. To speak with one of our agents about how ISA can help with your insurance questions, contact us at (828) 253-1668 or