With a name like John Smith, PLM’s CEO and president is a phisher’s dream come true. Which means he is hyper-vigilant when it comes to cyber safety by implementing strong passwords, using two-step verification whenever possible, and making sure that cyber safety training is up-to-date and constant for not only himself but for all employees throughout the company.
PLM takes cyber threats seriously because we have had to deal with them in our recent past. A few years ago, someone contacted one of our employees using the name ‘John Smith’ and asked them to send every employee W-2 as soon as possible. Despite being recently trained on this topic, the employee simply reacted to the situation as if the CEO had asked them to complete a task and replied to the email with the W-2s, as requested.
Unfortunately, the training kicked in immediately after clicking the send button when the employee started wondering if they had done something wrong. After realizing their mistake, the employee immediately informed people of the situation and that sensitive information had just been released to someone outside the company. What followed was a scramble to protect PLM employees’ identities as quickly as possible. States were notified of the breach as required by law, and we invested in CyberScout coverage for each of our employees and their families to help prevent identity fraud.
Not long after that situation, one of PLM’s accountants received an email from the CEO email address asking them to donate money to a certain charity through a link. They took care of it and when another request came through a few days later for a different charity, they submitted the donation there as well. They started to get suspicious when these charities had not been discussed in later face-to-face interactions and realized someone had compromised the CEO email and was using it to send these false requests to our accounting department.
These two situations are eye-opening and shows that cyber thieves are becoming more advanced, and their methods are becoming harder to recognize.
Some cyber security tactics to consider as an organization:
- Have servers that are hidden behind firewalls and monitored 24/7 by both humans and technology and tested for new vulnerabilities monthly
- A security incident response plan that is tested yearly along with an annual test of your security risk
- An IT department keeping employees informed of various cyber risks with periodic training, regular phishing tests, and working with vendors who take cyber security seriously
Even with each of these safeguards, sometimes accidents happen and there is always the potential of a breach. Being covered by a cyber liability insurance policy is a way to help when this occurs. Cyber liability insurance is an absolute necessity in this day and age. Not only having the coverage but making sure your policy limits are high enough is of the utmost importance. Security breaches today can cost tens of thousands of dollars and each state has different privacy laws and breach reporting. You may be covered, but do you have enough?
Cyber threats are not going to go away, and if anything, becoming more prevalent. Just because your name is not John Smith doesn’t mean you aren’t as much of an easy target. Take some time today to consider if your cyber security is up to snuff. Our Business Development Representatives are available to further discuss cyber liability policy options to help safeguard your business, employees, and customers.