The article found below from our partner, Domain Computer Services, points out many proactive steps you can take to help limit your exposure to falling victim to Ransomware. The best results I have seen come when a business works with an IT Security Company like Domain to perform ethical hacking and spear phishing attacks on their directors, officers, employees, and volunteers. The training that follows teaches everyone in the organization how to spot a spear phishing attack by specifically looking at e-mail addresses, attachments, and links before clicking and/or viewing. If the individual does click on a compromised link or attachment an encryption program begins to run and an on-screen message will give instructions on how to pay the ransom.
However, mistakes do happen and human error is one of the top causes of breaches. So how do we cover the liability associated with this mistake, and will your cyber insurance policy reimburse the ransom?
Yes – most carriers will cover this exposure under a First Party coverage part called Cyber Extortion. Most carriers will ask that you notify them of the incident and receive their written approval before releasing funds. The carrier will then reimburse you for the funds paid in excess of your retention. It is very important to read the insuring agreement and definition of the terms in the policy to understand how the policy will respond.
By now, you have probably heard from someone you know about this type of event happening to them or someone close to them. Every day I learn of a new event that has caused a lot of damage due to these types of Ransomware programs. Please also note that these types of computer programs are only going to evolve and become more damaging. This has already been seen in a program called Jigsaw.
To limit your exposure and damages it is very important to have a team behind you that you can count on to constantly stay on top of this ongoing risk. I have led the development at Meeker Sharkey & Hurley to provide our clients with the ability to make one phone call and be connected with an IT Security Firm, Law Firm, and your insurance carrier. If you have any questions please feel free to reach out to me directly and follow me on LinkedIn to stay up to date: www.linkedin.com/in/anthonydegraw