Will Cyber Insurance Save My Business From Human Error?
No—but the right security measures might
This week, a Providence law firm filed a lawsuit in the U.S. District Court against its insurer, Sentinel Insurance Co., after a cybercriminal locked the firm’s files with ransomware activated by a phishing attack on one of the attorneys. In return for decrypting the files, the firm was instructed to pay $25,000 in Bitcoin to the hacker. As a result, Moses Afonso Ltd. submitted a claim to its insurer for $700,000 in lost billings over the three months the files were sealed. The claim was denied—and the catastrophic effects of the hack didn’t stop there.
Once the attorneys paid the ransom, the cybercriminal continued to up the Bitcoin amount with each completed payment, thus becoming a form of “valet thievery”. This type of larceny means the hackers tailor their demands to their victims as they become more familiar with their targets.
Moses Afonso Ltd. is not the only business currently working to overcome hack attacks and valet thievery. In fact, many other law firms are struggling with these issues, as well as town halls, police departments, accounting firms, and even individuals throughout the world.
“I never tell anyone to buy the ransomware key because it’s sponsoring illegal activity,” reported Capt. John C. Alfred, head of the Rhode Island State Police cyber-crimes unit. “You have to backup your data beforehand. That’s what you have to do. You’re not going to get your data back. Even if you pay, you might not get the key.”
With the number of ransomware cases increasing every day, it’s more important than ever before to invest in cyber security and staff security awareness training to reduce your company’s overall risk. Your cyber insurance is NOT going to save you from human error every time, so take the right security measures by signing up for a complete security consultation or staff security awareness training today.