1. Phishing. Phishing attacks are the means by which most malware finds its way into any business. When someone within your organization clicks on a link or attachment in a phishing email the malicious code gets downloaded.

• Wombat Security has said that 76% of businesses have been a victim of a phishing attack within the last year.
• SANS Institute reported that 95% of all attacks on enterprise networks are the result of successful spear phishing.

2. Ransomware. This is malicious software (malware) that infects your machine and begins by quietly encrypting files. Once completed, it presents you with a "ransom note" stating something to the effect, 'if you want to see your files again, you’re going to have to pay.' If you decide to pay, you're only encouraging criminals, almost guaranteeing you will pay again in the future.

The best defense against ransomware is offense with a well-defined disaster recovery/backup and restore program. Best practices include backing up your assets regularly and testing the restoration process. If you can restore your organization from backup, why pay a ransom?

3. Insider threats. These come in two categories – unintentional and intentional.
Physical security of employee devices can help reduce losses. An asset management solution can help prevent lost or stolen devices, preventing attackers access to valuable information. Connection to insecure networks, especially unsecured wireless networks, has the potential to give anyone in the world access to your business! Secure connections and firewall software is another preventative measure that can help loss from unintentional insider threats.

What reasons would employees have to become an intentional threat? Many do it to steal property or information for personal gain or to benefit another organization. Over 80% of the reported cases of insider threat to date have been done during working hours, with the activity planned beforehand, and for financial gain.

Remember, half the battle against cyber security risks in knowledge and taking proactive measures.

Related links: Commercial Insurance

Beware of Phone Callers Posing as Department of Insurance Staff

On August 10, Connecticut Insurance Commissioner Katharine L. Wade released a warning advising consumers to be aware of an individual posing as a Connecticut Insurance Department employee and calling residents to ask for their insurance information.
 
Please be aware of this scam. Protect your personally identifiable information (PII). Please feel free to share this news with your family and friends.
 
For more information about the incident, please visit the CID website

According to the Bureau of Justice Statistics (BJS), an estimated 17.6 million persons, or about 7 percent of U.S. residents were victims of at least one incident of identity theft in 2014.

Once cybercriminals have access, they can steal personal and financial information, hold computer files for ransom, and hijack anything from webcams and thermostats to smart TVs!

Here are tips from Ready.gov for what to do to prevent and manage a cyber attack.
 
Protect your online profile

• Only connect to the Internet over secure, password-protected networks.
• Do not click on links or pop-ups, open attachments, or respond to emails from strangers.
• Always enter a URL by hand instead of following links if you are unsure of the sender.
• Don't respond to online requests for personally identifiable information (PII).
• Limit who you are sharing information with by reviewing the privacy settings on all social media accounts.
• Trust your gut — if you think an offer is too good to be true, then it probably is.
• Don't re-use the same password; choose a password phrase that means something to you and you only; change your passwords on a regular basis.
• If you see something suspicious, report it to the proper authorities.

What you can  do if you are experiencing an online breach

• Check to make sure the software on all of your systems is up-to-date.
• Run a scan to make sure your system is not infected or acting suspiciously.
• If you find a problem, disconnect your device from the Internet and perform a full system restore.
• If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. Install all of the appropriate patches to fix known vulnerabilities.

If you think your personally identifiable information (PII) is compromised

• ​Immediately change all passwords; financial passwords first. 
• Restart your computer in safe mode and perform a full system restore.
• Contact companies, including banks, where you have accounts as well as credit reporting companies.
• Close any accounts that may have been compromised. Be alert or set up alerts for any unexplainable or unauthorized charges to your accounts.
• File a report with the local police so there is an official record of the incident.
• Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
• Report identity theft to the Federal Trade Commission.
• If your PII was compromised, consider other information that may be at risk. Depending what information was stolen, you may need to contact other agencies. For example, if someone has gained access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver's license or car registration has been stolen.
• For further information on preventing and identifying threats, visit the United States Computer Emergency Readiness Team's (US-CERT) Alerts and Tips page.

​Ask a Connecticut Insurance Exchange agent about Identity Theft insurance. It's relatively inexpensive and could save you a lot of time and grief in the long run.