This week we’ll be focussing in on ransomware, whilst we’ve touched on ransomware more generally in a couple of previous episodes, today’s vlog will be honing in recent activity that’s affected our clients. We hope that sharing these recent developments will help give you some clues of what to look out for!
Ransomware is a much talked about topic and is generating a lot of publicity; it’s also something that we see crop up time and time again in our conversations with clients. We’ve actually had two incidents within the last couple of weeks that were very similar; fortunately both didn’t have a serious impact on their businesses. Fortunately our vendors were able to act fast and help mitigate and further nullify any potential losses.
The most recent feedback we have had from our brokers is that even though the threats are very real and very current, not all businesses see the need or think they are vulnerable and are not taking up the cover. In both these cases, we must stress, the businesses were non-digital, they didn’t have e-commerce; they had few digital aspects to their business (online banking, storing of employee data) they were exposed and fell victim. The way that the attack is happening is, the attackers are targeting the HR Department.
Attackers are targeting HR departments, quite simply because they are easy targets. They are used to receiving emails from unknown persons, whether it’s people speaking to them about opportunities within the company or correspondence with other businesses- either way HR are used to clicking on emails from strangers. Therefore, what’s happening is the ransomware email is opened by the unassuming employee, attached is a PDF document and an Excel spreadsheet. Whilst the PDF seems to be benign, the spreadsheet contains the malware designed by the attackers, to begin encrypting all of the files as soon as it is clicked open, asking for a bitcoin payment.
One of our goals and what we really try and work on is; We obviously want to be the insurance solution but as important, if not more, we want to be able to guide them offering them the tools to prevent. We’d much rather add value in that way, helping both you and the client, offering tools and resources through our offering that raises awareness of said potential issues, educating them with the aim on improving their risk management, preventing them from landing themselves in a sticky situation. Of course we’re still also there if it all goes wrong as insurers, but from our perspective it’s equally important to help them prevent as well as protect.
There are quite a few things that the insured can do, whether it’s having the right settings on their G-mail or Outlook, or simply keeping up to date with the right information. We’re always producing new material that contains all of the necessary pointers on what to look out for or what to be mindful of clicking on. We deliver this through our monthly webinars and weekly educational publications.
We wanted to bring this subject your attention, to make sure you keep your eyes open; especially with the high frequency attacks which have occurred over the past week. If you have any questions or want to learn more about the warning signs of malware and ransomware, as always please feel free to get in touch as We always enjoy hearing from you.