cyber liability insurance

Cyber Risks & Liabilities

By | Business Insurance, Specialty Insurance

Spear Phishing

“Phishing,” a type of cyber attack in which a hacker disguises himself or herself as a trusted source online in order to acquire sensitive information. It is a common and technologically simple scam that can put your employees and business at risk. However, more resourceful criminals are resorting to a modified and more sophisticated technique called “spear phishing.” This technique uses personal information to pose as colleagues or other sources specific to individuals or businesses.

A spear phishing attack is often disguised as a message from a close friend or business partner and is more convincing than a normal phishing attempt; when messages contain personal information, they are much more difficult to identify as malicious.

For businesses, the potential risk of spear phishing is monumental. A report released by the Internet Crime Complaint Center (IC3) stated that there were over 120,000 cyber crime-related complaints against businesses last year, resulting in over $800 million lost. A large majority of these attacks can be attributed to spear phishing, since the messages are designed and customized to make victims feel safe and secure.

The Basics of Spear Phishing

Any personal information that is posted online can potentially be used as bait in a spear phishing attack. The more a criminal learns about a potential victim, the more trustworthy he or she will seem during an attack. Once the apparent source gains the victim’s trust, and there is information within the message that supports the message’s validity, the hacker will usually make a reasonable request, such as following a URL link, supplying usernames and/or passwords, or opening an attachment.

Even if spear phishing perpetrators target just one of your employees, it can put your entire business at risk.

Falling for a spear phishing attack can give a hacker access to personal and financial information across an entire network. And, successful spear phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses.

How to Protect Your Business

Though it is difficult to completely avoid the risk that spear phishing attacks pose, there are ways to prevent further damage to your business. Make sure that your employees are aware of these simple techniques:

  • Never send financial or personal information electronically, even if you know the recipient well. It may be possible for a third party to intercept this information, especially if the recipient is later subject to a spear phishing attack.
  • Be cautious when you are asked to divulge personal information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone. When in a Web browser, you can ensure a website is secure when you see a lock icon in the URL bar, or when an “s” is present in the “https” of a URL. The “s” stands for “secure” at the end of the normal “http”.
  • Some spear-phishing schemes use telephone numbers, so be sure to never share information over the phone unless you initiate the call to a trusted number.
  • Never click on links or open attachments from unknown sources. Even opening a file that seems familiar can give a spear phishing attacker access to personal information stored on your device.
  • Ensure that your company’s security software is up to date. Firewalls and anti-virus software can help protect against spear phishing attacks.
  • Encourage employees to think twice about what they post online. Spear phishing hackers often attain personal information through social media sites. Make sure that employees know how to keep this information private to protect their own security as well as that of your business.
  • Regularly check all online accounts and bank statements to ensure that no one has accessed them without authorization.
  • Never enter any personal or financial information into a pop-up window or a Web browser.

What to Do If You Suspect a Spear Phishing Attack

If you believe that your business has been the target of a spear phishing attack, it is important to act quickly to limit your potential losses. The first step should be to immediately change the passwords of any accounts connected to the personal or financial information of your business or its clients, and to obtain a list of recent and pending transactions. It may also be necessary to contact law enforcement.

Next, an internal or third-party IT expert should be consulted to pinpoint any vulnerabilities that remain in your business’ network, and he or she can advise you on how to avoid future attacks.

If you have further questions about spear phishing or other types of cyber attacks, or if you would like to discuss potential coverage options to further protect your business, contact BHI at insurance@bhi365.com or (302) 995-2247, to speak with an insurance advisor today.

Trouble Recruiting and Keeping Talent? Your Skimpy Health Insurance Is a Likely Cause.

By | Business Insurance, Employee Benefits

The most important decision your company will make for its bottom line just might be the health and wellness program it chooses.

Annual global health spending is now over $3 trillion — and growing rapidly. A good portion of that is driven by millennials, who have both a strong interest in personal wellness and, thanks to the Affordable Care Act (aka, Obamacare), an 86 percent coverage rate (more than 50 percent through individual plans, their parents’ plans or Medicaid). For those in or entering the job market, health insurance is an expectation.

Read More

New Jersey Enacts Paid Sick Leave

By | Business Insurance, HR Services

On May 2, 2018, New Jersey Governor Phil Murphy signed the Paid Sick Leave Act into law. The Act will require virtually all employers to provide paid sick leave to employees, effective Oct. 29, 2018. Under the Act:

  • All New Jersey employers must provide paid sick leave to their employees;
  • Employees will accrue one hour of paid sick leave for every 30 hours worked, up to 40 hours per year; and
  • Employees must be paid for paid sick leave at the same rate (and with the same benefits) they normally earn.

Read More

Is Your Company Liable for Business-Related Vehicle Accidents?

By | Business Insurance

Regardless of the industry you operate in, it’s likely your employees need to operate vehicles for tasks like client visits, product deliveries, and product pickups. While larger organizations often provide insured company vehicles to their staff for daily use, small and medium-sized business often don’t have that luxury.

If employees use personal vehicles for business-related activities and get into an accident, your organization could be held liable. That’s why it’s critical to have non-owned auto liability insurance, which can provide the following benefits:

Read More

Maryland Passes Paid-Sick-Leave Law

By | Business Insurance, HR Services

Maryland’s New Sick and Safe Leave Law under the Healthy Working Families Act

Effective February 11, 2018, Maryland employers must provide sick and safe leave to their employees, as state legislators recently voted to override Gov. Larry Hogan’s veto of the Healthy Working Families Act. With some exceptions, businesses in the state with 15 or more employees will have to provide up to 40 hours of paid sick leave to workers each year, and those with fewer employees must provide the same amount of time as unpaid leave. The leave may be used to care for the employee’s own or a family member’s mental or physical illness or injury, parental leave, or issues related to domestic violence, sexual assault or stalking.

Read More

Post Your OSHA Injury Summary by Feb. 1

By | Business Insurance, Safety Services

Reminder: Employers Must Post Injury/Illness Summary Beginning February 1

Posting Requirement

OSHA reminds employers of their obligation to post a copy of OSHA’s Form 300A, which summarizes job-related injuries and illnesses logged during 2017. Each year, between February 1 and April 30, the summary must be displayed in a common area where notices to employees are usually posted. Businesses with 10 or fewer employees and those in certain low-hazard industries are exempt from OSHA recordkeeping and posting requirements. Visit OSHA’s Recordkeeping Rule webpage for more information on recordkeeping requirements. Read More

Benefits of Crime Insurance

By | Business Insurance

If you are a leader within your organization, you want to trust your employees and the people you do business with. However, no business is immune to the threat of crime and fraud. The Association of Certified Fraud Examiners estimates that a business can expect to lose 5% of its revenue to fraud each year. Thankfully, companies can turn to crime insurance, which can provide the following benefits:

Read More

Empoyees-Looking-at-Computer

Employment Practice Liability Insurance

By | Business Insurance

Confidently Hire New Employees

As a business owner, you strive to hire qualified employees to work for you. Unfortunately, as you are well aware, not every hiring decision goes as planned. Even if an employee is terminated for legitimate reasons— such as poor attendance or unsatisfactory work habits—every termination opens the door for potential lawsuits. Read on to learn from one business owner’s experience and find out how employment practice liability insurance (EPLI) can help protect you and your organization from costly, frivolous lawsuits. Read More

Injury-Worker

Top 10 Most Frequently Cited Standards

By | Business Insurance
The following is a list of the top 10 most frequently cited standards following inspections of worksites by federal OSHA. OSHA publishes this list to alert employers about the most commonly cited standards so they can take steps to find and fix recognized hazards addressed in these and other standards before OSHA shows up. Far too many preventable injuries and illnesses occur in the workplace. Read More