Advice for Avoiding a Ransomware Attack
May 26, 2021
Advice for Avoiding a Ransomware Attack

Advice for Avoiding a Ransomware Attack


Earlier this month the country once again bore the consequences of a cyber security breach when Russian hackers, calling themselves DarkSide, coordinated an attack on the computer network of the Colonial Pipeline Co., a major gas pipeline that provides almost half of the gas supply to the East Coast of our country. The Colonial Pipeline Co. paid out a hefty ransom of $4.4 million to get control of their business network back from hackers who had taken over. The decision to pay the ransom did not come lightly and was not agreed upon by some experts, such as the FBI who maintain a policy of not paying ransom to terrorists, but the CEO felt obliged to get the gas supply up and running again for the millions of Americans who were being affected by the shortage of gas and millions more who would pay the price as supply could not keep up with demand.


Targeted attacks are no accident, there is a process that hackers follow that is somewhat predictable, but with awareness and security measures firmly in place are also preventable. Good security protocols that are followed and backed up by continuous monitoring of security are the only hope to prevent this from happening to you. Even with vigilant practices an organization weakest point is usually a human error, so training is imperative to prevention.


How ransomware works

The first step of a ransomware attack is reconnaissance. These bad actors research their targets in advance to determine the likelihood of ransom payment and they identify vulnerabilities and access points. Your business should stay vigilant in security measures and have access points monitored and checked regularly for flaws. Once access points are identified, the hackers use their skills exploiting these by obtaining credentials through phishing, using default passwords, or purchasing access to systems through the dark web. The best way to prevent this is to use secure passwords, double authentication, and train employees on staying vigilant against phishing. It’s also a good idea to have any terminated employees’ access completely cut off as early as possible in the separation process.


Once a hacker gains access to your network, the name of the game is to maintain an open door.  They do this by using malware to create back doors into the system that ensure maintained entry into your network. The next step is to encrypt or destroy your back ups and move through your network looking for additional systems and back-ups to control, encrypt or destroy. Once in control of your network these threat actors steal your data and use this as leverage to force the organization to pay a ransom by threatening to disclose the stolen data publicly and/or they encrypt as many files and systems as possible across the network to refuse you the ability to utilize your network.


Once your data and network are firmly in their handcuffs, a ransom will be requested to release the encrypted files and allow you access. If the victim organization chooses to pay the ransom, usually an experienced incident response firm is engaged to assist with the negotiation of the demand and facilitate the cryptocurrency payment. If the ransom is paid, a decryption key is provided by the hackers and data recovery can occur. If the ransom is not paid the organization must either recover the files from a clean back up or rebuild the files and system from scratch which could take several weeks or months to recover.  


What you can do to avoid ransomware attacks

The dark web is upon us and there are dark forces that work around the clock looking for large payouts and easy targets. Don’t be an easy target! Utilize your IT Security protocols vigilantly, consider a threat assessment by an expert and consider purchasing Cyber Security Insurance for breach response assistance. There are several products available to fit a variety of sizes and types of businesses that protect your business assets in the event of a breach of personally identifiable information, a hostile takeover of your network, interruption of your cloud or the introduction of malware to your system.


Talk to our licensed agent today about products available to protect your organization. In the underwriting process you may find additional tips on security measures that you hadn’t considered before and you can rely on a partner to help get your business through to the other side in case of a cyber security event.

 

The facts

In 2020 ransom and extortion claims accounted for 1 in every 5 cyber claims, up from 1 in every 10 cyber claims in 2018.

 

A ransomware attack on businesses is predicted every 11 seconds, and the global ransomware damage costs predicted to reach $20bn in 2021, up from $325m in 2015.


According to an AIG observation, network outages and business interruption from global ransom and extortion claims are lasting 7-10 days .


By 2025, global cybercrime costs is estimated to reach $10.5 trillion.

Sign up for our newsletter.

Risk Mitigation Tips for Company Holiday Parties

31 Oct, 2024
The holiday season is a time for celebration, but it can also bring potential risks for employers. To ensure a safe and enjoyable experience for all employees, consider the following strategies to mitigate risks during your company’s holiday gathering. 1. Make Attendance Optional Clearly communicate that attendance at the holiday party is optional. It’s essential to create an environment where employees don’t feel pressured to attend, as this can lead to resentment or claims of discrimination. Ensure that managers understand the importance of not implying that attendance is linked to performance evaluations. 2. Keep It Non-Work Related To maintain the festive spirit, avoid any work-related activities, such as presentations or updates. Hosting the event off-site and outside of regular business hours can reinforce the idea that this gathering is a time for relaxation and fun. Allowing employees to bring a guest can also enhance the social atmosphere. 3. Set Clear Expectations Prior to the event, establish guidelines around respectful behavior and responsible drinking. Remind employees that company policies, including those regarding harassment and conduct, remain in effect during the festivities. 4. Monitor Alcohol Service Plan to manage alcohol service carefully. Ensure that no minors or visibly intoxicated individuals are served alcohol. Consider hiring professional servers or holding the event at a venue with trained staff who can refuse service to those who have had enough to drink. 5. Opt for a Cash Bar Hosting a cash bar can reduce liability, as it signals that the company is not providing alcohol directly. This approach may also limit consumption, as employees will be more mindful of their spending. 6. Limit Alcohol Intake Distributing a set number of drink tickets can help control the amount of alcohol each attendee consumes. While this tactic has limitations, it can be beneficial in promoting responsible drinking. 7. Choose Appropriate Entertainment Select entertainment and venues that foster a respectful and inclusive atmosphere. Avoid any activities that could be seen as provocative or offensive, as these settings can lead to uncomfortable situations, especially when combined with alcohol. 8. Plan for Safe Transportation Make arrangements for employees to get home safely after the event. Options may include providing ride-sharing services, public transportation vouchers, or organizing group transportation. Encouraging attendees to designate a sober driver at the beginning of the party can also be an effective strategy. 9. Offer Food and Non-Alcoholic Beverages Provide a variety of food and non-alcoholic drinks. This consideration not only helps ensure the safety of employees but also demonstrates that the company values all attendees, including those who may not wish to consume alcohol. 10. Act Responsively If an employee is visibly intoxicated and needs assistance getting home, don’t hesitate to arrange transportation. It’s crucial to prioritize employee safety over any reluctance to intervene, as taking swift action can prevent serious consequences. Conclusion By implementing these strategies, employers can create a holiday party that fosters enjoyment while prioritizing safety and respect. With thoughtful planning and proactive measures, your company’s celebration can be a memorable and positive experience for all employees. Happy holidays from Simco!

New DOL Overtime Rule Effective January 1, 2025: What Employers Need to Know

31 Oct, 2024
In April 2024, we shared the U.S. Department of Labor’s (DOL) announcement of a new overtime rule under the Fair Labor Standards Act (FLSA), setting higher salary thresholds for white-collar exemptions, which first took effect on July 1, 2024. Now, as the second increase approaches, employers should prepare for the final phase of the rule, effective January 1, 2025, when salary levels will again rise for executive, administrative, and professional employees, as well as highly compensated employees. What Are the New Salary Thresholds? Starting January 1, 2025, employers will need to ensure that salaries meet the new DOL requirements to maintain overtime exemptions: Executive, Administrative, and Professional (EAP) Employees: To qualify for the overtime exemption, EAP employees must now earn a minimum salary of $58,656 per year (or $1,128 per week). Highly Compensated Employees (HCE): HCEs must earn at least $151,164 annually to maintain their exempt status under the new guidelines. These changes aim to ensure fair compensation and proper classification for employees, helping prevent wage and hour violations. Action Steps for Employers While there may be challenges ahead, employers must take proactive steps to get ready for the rule’s implementation as scheduled. Here are some recommended actions: Evaluate Your Workforce and Classifications: Review exempt roles, including job responsibilities and salary levels, to determine how upcoming changes will affect your organization and identify any necessary adjustments. Seek Legal Guidance: Collaborate with your legal team to understand the new rule's implications and ensure compliance with state laws. Prepare for Changes: Develop strategies for potential reclassifications, including necessary training and clear communication plans to inform affected employees about changes to their status and compensation. Final Thoughts As you prepare for the upcoming changes in the DOL's overtime rule, take this opportunity to review and optimize your compensation practices. Ensuring that employee classifications and salaries align with the new thresholds will help safeguard your organization against compliance issues and promote a fair work environment for all employees. If you need assistance or have questions, contact Simco !

Your Medicare Plan Is Discontinued: What’s Next?

18 Oct, 2024
If you recently received a notification that your Medicare plan is being discontinued for 2025, you're not alone. According to Healthpilot, a digital Medicare broker, some insurers are exiting unprofitable markets, leading to approximately 1.5 million Medicare Advantage enrollees losing their plans. Whether your plan is being discontinued or not, it’s important to take action quickly to ensure continuous coverage and get the best fit for your healthcare needs. Why Are Medicare Plans Being Discontinued? Many Medicare Advantage plans are being discontinued due to rising costs and changes within the industry. Insurers are facing increasing medical expenses as members require more care, compounded by the effects of the Inflation Reduction Act. Additionally, as the healthcare landscape evolves, insurers are grappling with how to remain profitable while still offering competitive health plans. This combination of factors has led to many plans being discontinued, prompting members to seek new coverage options. My Plan is Being Discontinued – What Now? Act Quickly: With your current plan expiring, you need to enroll in a new one. The standard Annual Enrollment Period (AEP) runs from October 15 to December 7, but if your plan is discontinued, you have until December 31 to select a new one. Just be aware that waiting past December 7 may leave you with a gap in coverage. Review Your Notice: Unlike the standard Annual Notice of Change (ANOC), the notification you received is a crucial signal to start your search for new coverage. Take a moment to read through it carefully, as it contains important details about your current plan’s discontinuation and next steps. Research Your Options: Don’t wait until the last minute. Start evaluating different Medicare plans that align with your healthcare needs and financial situation. Consider factors such as coverage specifics, provider networks, and costs. Our licensed insurance agents are available to assist you in comparing your options and finding a plan that works best for you. Avoid Coverage Gaps: To avoid any interruptions in your healthcare services starting January 1, make it a priority to enroll in a new plan by December 31. Double-check that your new plan starts on January 1 to maintain continuous coverage. My Plan Isn’t Being Discontinued – Should I Still Act? Even if your plan will continue next year, you might still want to consider making a change. Medicare plan benefits, premiums, and coverage can change annually. Whether it's finding better coverage, more competitive premiums, or improved benefits, it’s worth exploring your options. You can still schedule a meeting with one of our licensed insurance agents to review your current plan and discuss potential alternatives. We’re Here to Help At Simco, we understand how overwhelming it can be to navigate Medicare, especially during enrollment periods. That’s why our licensed insurance agents are here to provide personalized support and help you make the best decision for your needs. Whether your plan is being discontinued or you’re just looking for better options, don’t hesitate to reach out. Contact us today to schedule a 1-on-1 meeting or for more information on Medicare options. We’ll help you find the right plan to keep you covered in 2025!

Have a question? Get in touch.

Share by: