Category Archives: Cyber Crime

Cyber Insurance Strategies Explored: RIMS Report

Posted on by

High-profile data breaches have been making headlines recently, and their damage can transcend industries, which is why cybersecurity is often a top priority for risk managers. With many traditional insurance policies no longer responding to or outright excluding cyber events, risk professionals must understand their options to ensure the organization is protected in the event of a data breach.

online pharmacy phenergan with best prices today in the USA

A new report by RIMS, A Guide to Cyber Insurance, provides a roadmap for determining the type of coverage risk managers need in the fast-changing world of privacy, data protection, and cyber risk management. The study serves as a reference for risk professionals who are exploring options to effectively manage cyberrisks that are uncovered or not addressed by the organization’s existing risk management program.

Topics include:

  • The cyber insurance application process
  • Procurement of insurance
  • Management of cyber claims
  • Third-party coverage
  • Litigation strategies, and other pertinent details

“While cyber risk management policies are necessary for every organization, reducing a category of risk to zero is impossible,” the report notes. “Cyber insurance can help cover the gaps between a robust risk management program and any remaining risks.”

The report also features case reviews in the areas of cyber policy coverage litigation, negligence, computer fraud, technology errors and advertising and personal injury coverage. “While the overall decision-making process is much the same as with other litigation decisions, certain factors are more complex in the cyber insurance context compared to other insurance disputes,” the authors note.

The Guide doesn’t only focus on insurance. It also features helpful tips when implementing a strategic risk management program characterized by a cybersecurity framework. Pre-event planning and preparation, penetration testing and response ideas are offered as well.

“Following the purchase of some form of cyber coverage, risk professionals need to be prepared for the worst: a cyber event and any resulting claims,” the report states.

online pharmacy xtandi with best prices today in the USA

“An organization needs to understand both the risk it faces and the coverage options available to ensure that the cyber policies it purchases provide the necessary coverage when it experiences the inevitable data breach or other cyber events.”

A Guide to Cyber Insurance is authored by Bradley Arant Boult Cummings law firm members: Dylan C. Black, A. Kate Margolis, G. Benjamin Milam and Emily M. Ruzic.

The report is currently available to RIMS members.

online pharmacy ventolin with best prices today in the USA

To download the report, visit the RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. To learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Cyber’s Human Side

Posted on by

People are often tired, distracted and overworked. They are bound to make mistakes, inadvertently overlook policies and procedures and have quick lapses in judgement—forgetting hours and hours of training.

Human error is a significant problem when it comes to managing cyber exposures. Most cyber surveys point to people as the root cause of a breach.

buy tretiva online medilaw.com/wp-content/uploads/2015/03/jpg/tretiva.html no prescription pharmacy

The Information Commissioner’s Office (ICO) compiles statistics about the main causes of reported data security incidents. In its first 2018 quarterly report, four of the five top causes reported to them involved human errors:

  1. Loss or theft of paperwork – 91 incidents
  2. Data posted or faxed to incorrect recipient – 90 incidents
  3. Data sent by email to incorrect recipient – 33 incidents
  4. Insecure web page (including hacking) – 21 incidents
  5. Loss or theft of unencrypted device – 28 incidents

James Bone, author of the “Cognitive Hack: The New Battleground in Cybersecurity…the Human Mind,” will lead a RIMS webinar Aug. 23 that explores the cognitive risk framework. Bone asks: are risk professionals considering the “human element” in their cyber risk management plan?

According to Bone, “The purpose of creating the cognitive risk framework is to begin to educate risk professionals about the need to incorporate the human element into their risk programs, to identify areas where human error or lapses can cause significant damage, and then design effective solutions.”

Bone points to the airline and automotive industries as examples where the value of human element risk management planning has already been realized. “Automation in cockpits, navigation systems, lane assistance technology and, even something as simple as the seatbelt demonstrate organizations’ and industries’ attention to human error risk mitigation.”

“All of us have a limit in our ability to work and focus at a very detailed level for long periods of time,” Bone said. “The ability to design a work environment that simplifies the work that people do will help reduce risk.

buy flomax online medilaw.com/wp-content/uploads/2015/03/jpg/flomax.html no prescription pharmacy

And, while human error is a piece of the cyber risk management puzzle, it isn’t the only human element cyber concern. Human routine, tendencies and employee processes are constantly monitored by cyber predators. “A sophisticated hacker can spend up to 18 months to two years setting their strategy to attack your organization,” he said. “They are studying the rhythm of the workflow and the movement of data across the firm. They gain a tremendous advantage by just sitting silently and watching.

buy renova online medilaw.com/wp-content/uploads/2015/03/jpg/renova.html no prescription pharmacy

Implementing a cognitive risk framework is no easy task. The key is data. “A lot of data is mislabeled, making it difficult for risk professionals to see the connection between an end result and the human behavior that caused it. In order to use data to its fullest, it needs to be properly categorized with descriptors that allow risk professionals to be able to leverage it,” Bone said.

Organizations with risk frameworks that fail to incorporate the human element are, in his opinion, acting on assumptions. “They are assuming people will be able to follow thousands of policies and procedures with perfect accuracy every time,” he explained. “We shouldn’t assume that people won’t be distracted at work and click on phishing emails. We shouldn’t assume that people will change their passwords as frequently as we want them to. We shouldn’t and can’t be afraid to incorporate new ideas and solutions to improve routines or, at least, make them more difficult to track.”

People are the common denominator. They are not perfect by any means, but incorporating a cognitive risk framework can be a valuable advantage that allows organizations to stay ahead of human element risks while identifying opportunities to improve processes and increase productivity.

Data Breach Risk: What’s Next?

Posted on by

Ten years ago, many companies didn’t even ask about using encryption to protect data. Over the years, that has changed. More security and privacy professionals began to see it as an option in their cybersecurity defense.

buy desyrel online medilaw.com/wp-content/uploads/2015/03/jpg/desyrel.html no prescription pharmacy

Then it eventually became a necessary component of most companies’ security strategies and the use of encrypted laptops became a condition precedent for many cyber and privacy insurance policies.

Now, after strengthening their cybersecurity with encryption and other measures, companies need to identify the next potential data exposure points where bad actors can likely turn their attention. One overlooked vulnerability is the visual display of sensitive data on screens.

Protect Visual Privacy
Not every risk management, security and IT professional is familiar with visual hacking, but they should be.

Visual hacking is the unauthorized capturing of sensitive, private or confidential information for unauthorized use. It can include visually stealing information from someone’s phone screen, viewing information left on a printer at work or other opportunities of information that is in plain sight. Very likely, it is already happening to workers in your organization.

It is commonplace for professionals who travel for work to access sensitive corporate material on the go. They could be riding on a train, plane or bus and simply open their laptops, giving those seated next to them full view of their work. In these situations, no one can be certain they are not exposing sensitive information—even something simple like a network username. It is not likely such a road warrior can be aware at all times whether another person is viewing or capturing what’s on their screen.

A study conducted by the Ponemon Institute revealed that 87% of mobile workers have caught someone looking over their shoulder at their laptop in a public space. Yet, despite this potential risk, more than half of mobile workers surveyed said they took no steps to protect important information while working in public.

Visual privacy risks don’t just exist outside the office. A worker who steps away from his or her computer or has a screen facing a public walkway can also expose highly sensitive data to onlookers.

Reduce Your Risk
As with any risk, companies should evaluate the severity and potential frequency of visual privacy exposures to better understand their risk. An insurance broker can help determine if insurance coverage is available for these risks or if insurance premium credits may be available for implementing additional safeguards.

There are other steps any organization can take to reduce the risk of visual hacking. Working with IT departments and information-security officers, companies can implement small, easy changes to existing policies and procedures.

For example, companies can deploy privacy filters on laptops or mobile devices that darken screen data when viewed by onlookers from the side. These filters can also be fitted on device screens in an office to help limit the views of potential insider threats. For example, a receptionist should likely have such a privacy screen in place if his or her screen can be viewed by visitors.

Clean-desk policies should also be in place. Such a policy can reduce the display of sensitive information in printed and electronic forms when workers are away from their desks.

buy champix online medilaw.com/wp-content/uploads/2015/03/jpg/champix.html no prescription pharmacy

Workers should also be printing or storing sensitive information in locked areas and use crosscut shredders to destroy sensitive material.

buy aricept online medilaw.com/wp-content/uploads/2015/03/jpg/aricept.html no prescription pharmacy

Finally, because visual privacy can only exist if workers adhere to policies, training is obviously important. Workers should be trained on the importance of visual privacy and being aware of their surroundings. They should also receive regular training on an organization’s privacy policies and associated safeguards.

Tackle Uncertainty with Certainty
Visual privacy may seem like an additional, unnecessary risk management burden to bear. But, like any other potential threat to sensitive data, it deserves attention. After all, a visual hack can leave no trace of when, where or how it happened—and such uncertainties may become problematic when addressing a data breach.

Uptick Charted in Telemedicine Cyberrisk

Posted on by

Advances in telemedicine have benefited patients, but, as with any emerging technology, they also create exposure to cybersecurity risk.

buy xenical online thecifhw.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

In addition to patients’ data, monitoring and diagnostic devices that can provide treatment from a distance can be compromised due to a variety of causes—from hackers to employee error.

Because of a drastic increase in internal threats, cyber events have become a prevalent threat—with alarming consequences for employers and patients. While malicious actors are perceived as a major threat, 43% of healthcare cyber events are the result of internal threats, according to The Identity Theft Resource Center’s 2017 Annual Data Breach Year-End Review.

The study found that hacking continues to rank highest in the type of attack, at 59.

buy tenormin online thecifhw.com/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

4 % of breaches—an increase of 3.2% over 2016 figures. Overall, the Review indicates a drastic upturn, with a 44.7% increase over the record high figures reported for 2016.

buy seroquel online thecifhw.com/wp-content/uploads/2023/10/jpg/seroquel.html no prescription pharmacy

Here’s more information on cyber breaches and other potentially damaging threats: