By Jason Johnson
Loss Prevention Specialist | Jewelers Mutual Insurance Group
With the rise of cyber-attacks, you can never be too careful or prepared when protecting your digital information. Whether you own one store or several, you need to be equally as cautious, anyone can fall victim to these thieves.
Picture this: You arrive to work, check your email, and suddenly your computer’s files are infected with an encryption that requires a “secret code” to unlock, and a ransom note scrolls across your screen with a demand, such as “Pay the price or all your files are gone.” What would you do?
Ransom ware is a type of virus that can attach itself to a very harmless looking email or website, often from a legitimate-looking company. Once opened or otherwise activated, the virus infects all of the computer’s files with strong encryption that requires a “secret code” to have the encryption removed. Then, a ransom note appears on your screen, typically demanding a certain amount of money, with no guarantee that the hackers will actually provide the promised code in return. Even if they do, there’s no guarantee the code will actually unlock or release your files.
Your digital security should be a top priority, alongside your physical and procedural plans. You can never be too safe when responding to/defending against ransom ware hacking attempts and attacks.
Follow these tips from Jewelers Mutual Insurance Group to protect yourself against ransom ware attacks:
1. Only use secured wireless providers to gain Internet access and encrypt your router to protect your connection. Contact your system administrator to confirm your system’s security.
2. Limit your encrypted Wi-Fi connection to necessary employees only. If you allow wireless access to your customers, make sure it is via a “guest network” with different login credentials.
3. Computers should be frequently checked with anti-malware, anti-spyware, and anti-virus software. Perform frequent scans on your systems to ensure no hacking attempts have been made. Also run frequent software updates, as many software vendors publish security updates frequently. Many software applications can be configured to update automatically when security patches are available that address new security threats.
4. If you are on a website that seems suspicious, leave it immediately. Never enter sensitive information, such as account information or passwords, into questionable websites. If you think a website is suspicious, check with your IT provider to confirm its legitimacy before continuing to access it.
5. Run ad-blocking applications on corporate machines. Pop-ups and free downloads are frequent offenders of carrying viruses. Configure your Internet browser settings to disable pop-ups so you don’t accidentally click on one.
6. Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.
7. Confirm computer screens and confidential information is out of sight of your customers and visitors. Careless placement of computer screens, documents or other sensitive materials could result in a visual hacking incident. Confirm your sensitive information is out of sight of the general public. Just looking over someone’s shoulder or across the counter, customers might not be able to see large amounts of data, but it still counts as an unauthorized disclosure, a confidentiality breach.
8. Properly dispose of sensitive information by destroying or wiping hard drives. Consider having a locked box for physical items that need to be shredded. Contact a local electronic company to discuss options for safely disposing of electronics.
9. Back-up your information. Consider having a copy of your files backed up and stored offsite in a secure location. In the event that you do experience a ransom ware or data catastrophe, you will be able to recover your information safely and efficiently.
10. Create a plan. In the event that you experience a ransom ware or phishing situation, have a plan in place. Training your employees on proper protocol is essential to protect your electronic information and data systems. Have frequent team meetings to review safety processes to keep security at the forefront of your employees’ minds.
11. If your business does experience a ransom ware attack, contact law enforcement immediately. Any attack on your business should be reported to the police so they can record any hacking incident. If customer data is lost, such as credit card details, you will need to notify the Federal Trade Commission (FTC). To report Internet fraud: www.ic3.gov
12. If your company website or systems have been hacked, you may want to contact your attorney for advice on your responsibilities, such as letting your customers know. The public and companies are encouraged to collaborate with the FBI and local law enforcement.
Data Breach and Cyber-Related Coverage
Learn more about protecting yourself against ransom ware and other risks to your business, contact Jewelers Mutual Insurance Group. To find an experienced Jewelers Mutual agent in your area, visit JewelersMutual.com.
About the Author, Jason Johnson
Jason Johnson joined Jewelers Mutual Insurance Company in 2013 as a Commercial Lines Claims Examiner. In his current role as a Loss Prevention Specialist, he is responsible for providing sound advice to jewelers on ways to prevent insurance-related losses. Prior to joining Jewelers Mutual, Jason worked as a private investigator. He has also worked for American Family Insurance as a Claims Adjuster. Jason is a graduate of Carroll University. He holds a bachelor’s degree in criminal justice.