FULL ARTICLE - JUNE 2020
WHAT KEEPS YOU UP AT NIGHT?
This is my 16th year as Commercial Insurance Broker prior to that I was on the buying side running my own companies. The experience of being on the other side of the desk as a President/Owner lends credibility to my being a trusted advisor to my clients.

What keeps business owners up at night?  Right now, Cyber is a hot topic as it pertains to hacking, social engineering, extortion, etc. Most employees working from home need to make sure they are utilizing the companies' VPN, which is critical to insure employees are utilizing a secure site. What I hear most from prospects is, "I don't need Cyber coverage because we have a great IT department" or "we work with a great vendor, so I don't need it," and then the call comes – "WE'VE BEEN HACKED!"

Highlighted below are just three real-life examples of ways hackers impacted some of my client's businesses and thus added to the cost of doing business!

Example #1: Social Engineering - Hackers will steal an email between a non-profit employee and a prospective donor. The hackers posing as the donor went back to the non-profit and requested to have them send them their wiring instructions so they could initiate a donation. 
The donor thinks that this is all on the up n' up wires $85,000 to the non-profit. The non-profit follows up on the donation only to be told that the wire was initiated, but they hadn't received the funds. The donation/monies were now in the hands of hackers and long gone.

Example #2: Extortion – Hackers in the Eastern Bloc get into a company's server and steal data. The company receives a knock on the door from the FBI telling them they have been watching these Eastern Bloc guys for months, and your company got hacked. The IT department says, "no way we have the best firewalls, and we watch the action daily." 

The FBI says, "go to this day and time, and you will see that a packet of information was taken," and sure enough, something was taken. The company bought a cheap laptop, went to a Starbucks, and transferred $40,000 to get their packet back. At the end of the day, nothing of importance was taken, but this $100M company thought they were secure.

Example #3: Social Engineering – A hackers get into the server of a non-profit and intercepts an email from the CFO to an Accounts Payable person. After a few days, the hacker sends an email to the A/P person making the email & attachment look like it's from the CFO. The hacker instructs the A/P person to send a check to XYZ Company and without double-checking with the CFO cuts and sends the check. A few months go by, and the hacker tries the same thing, and this time the A/P person goes to the CFO and asks if he wants her to send another check to XYZ Company, and he says no and he then finds out what had happened several months prior. The lesson here is the hackers try many ways to get into the company and learn patterns such as when a CFO typically works from home, or they steal the company A/P list and ask for payment on a specific invoice be wired to them.

The bottom line is all these Cyber claims and losses could have been avoided by following strong internal controls. Strong internal controls include using the company's VPN while working at home while having the best internet security systems/firewalls in place. Remember there are also 1st party claims that are internally driven, the attack can come from a disgruntled employee who set off a Trojan or his/her last day of work. 

If you know of a company that has a fear of the Cyber-attack, please have them contact me so I can consult on best practices going forward and put the insurance coverage in place.
HOW CAN GPSLA CONNECT YOU?