Cyberlearning with Mike Fusco

Fusco & Orsini’s Mike and Ray discuss cybercrime, who is susceptible, what the pain points and costs are, and ways to get ahead of the crime that’s threatening businesses of all sizes.

First, what is cybercrime? Cybercrime is criminal activity carried out across computers and/or the internet.

Does it matter if you’re a small- or medium-sized company? Yes, absolutely. Target, AT&T, and Yahoo have all been under attack, but don’t let the headlines mislead you. Your small or medium-sized business is at risk, too.

As Mike shares in the video above:

“Last year, I made a call to one of my clients and he told me how he got a cyber breach…everything he’s done…ransom,” said Mike Fusco, president of Fusco & Orsini Insurance Services. “Until he paid these people overseas in Bitcoin to release his data back to him, he couldn’t do anything. The havoc caused not only on his clients…but his company…he couldn’t do anything for three to four weeks.”

How does this happen? A large percentage (up to 90 percent) of cyber-attacks result from human error. What this means is, cybercriminals prey on humans, not machines.

An attack can start with something as simple as opening a targeted email, a form of ransomware.

What is ransomware? Ransomware is a type of malware that threatens to publish a victim’s data or perpetually block access to it unless a ransom is paid.

Ransomware is typically sent to people via email. People will accidentally click on the email, realize instantly they shouldn’t have, close out the window and hope it’ll go away. They usually won’t report opening the email, especially if it was done on a work computer. Things may seem fine, until six months later when all their files are corrupted. Not only can their data be compromised, but the company’s entire network can also be compromised.

Funds transfer fraud is another common form of a cyberattack. Oftentimes, it’ll come in the form of an email directed to the accounts payable department. Worse yet, it’ll come from an email you recognize, like a client or vendor email, making you or your team more likely to transfer the funds.

What happens after these attacks? It’s two-fold. Your company and your clients can be adversely affected. In fact, 60% of companies fold within six months of a cyber-attack.

Here are some of the pain points and costs involved:

1. You’ll likely have to hire a forensic expert, which can cost big bucks (sometimes $500 per hour) and it can take weeks to figure it out.
2. There are notification laws. You must notify all your clients, which costs about $5 per person. If their social security numbers were obtained, you must provide credit monitoring to each customer for up to two years, which costs about $7 per person.
3. You’ll probably have to hire an attorney who can step in, should anyone try to sue.
4. You’ll have to replace your hardware and machinery.
5. If you paid a ransom, you’ve lost that money.
6. Your business is interrupted, so you’ll experience revenue loss from day 1.
7. Finally, you’ll suffer from reputational harm.

 How do you get ahead of these attacks?

1. Keep up with trends.
2. Let your team know what to look out for. For example, if you click on the actual name of the sender, an email address will be revealed that does not, in fact, match the name of the sender.
3. Put notifications on external emails that say “this is an external email, please double-check before opening.”
4. If you get an email from someone that looks suspicious, don’t reply to that email asking if it’s them. Call them or open a brand-new email asking that contact if they contacted you.
5. Have a great IT company on your side to help you stay up-to-date with trends and make sure your security is solid.

How can insurance help? We’ve vetted many carriers to find the best possible coverage, should your company suffer from a cyber-attack. This carrier also provides policyholders with five risk-management tools, which are valued at $5,000. As part of this toolkit, your company will undergo a vulnerability scan and receive analysis on ways to improve. They’ll also provide training programs to your team and more.

The policies are reasonable. We know because we’ve put them in place for our own business and are helping our clients do the same. If you’d like to learn more, please contact Mike directly at (858) 384-1507 or mike@foagency.com.