How to Work From the Beach This Summer

It’s summer. You’re at the beach. You need to finish up some details to close a last-minute deal. You need to access that critical file because you’re the only one that can handle it. You’re out of luck, right? Not so fast! There are many ways to securely access business resources outside the office.

The first rule of thumb is to ask your technology services provider what methods are available to you. They should be able to help you implement something that fits your needs, budget, and security concerns, if they haven’t already. And security is big!

The next rule of thumb is that the ways to get to what you need are as varied as the types of resources you want to get to. It all depends on what you need to get to: files like documents or spreadsheets, or applications like QuickBooks. Each business is going to have different requirements, regulations, and budgets, et cetera, that will determine what method or methods can be used. This brings the first rule of thumb back into play: your technology services provider will know what methods fit your situation best.

When accessing your work data remotely, it’s crucial to be cautious of public Wi-Fi networks. These networks can be insecure and prone to cyber-attacks. It’s best to avoid using them altogether when accessing sensitive work data. Instead, consider using your phone as a personal hotspot or find a secure and private network such as a hotel’s business center or dedicated coworking space.

Cloud-based file-sharing services are a great way to securely access your work data remotely while on vacation. These services, such as Google Drive, Dropbox, or OneDrive, offer advanced security features, such as encryption, access controls, and two-factor authentication, to ensure the protection of your data. You can store and access your work files and documents from anywhere with an internet connection. And the good news is that most companies already use these services, so use rule of thumb 1 and see what your company’s technology services provider has set up.

Enjoy your summer (and don’t work too much)!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Small Business Lessons from the Change Healthcare Hack

Change Healthcare, a payment exchange platform operated by Optum Solutions (a subsidiary of UnitedHealth), suffered a ransomware attack in February of this year. The current estimate of damages is approximately $872,000,000. Details on the attack can be found on Bleeping Computer’s site: https://bit.ly/4bB2ihd. Let’s break down some lessons learned from this incident.

Preliminary information from the ongoing investigation suggests that the attackers used stolen credentials to access the company’s Citrix portal (Citrix is a system for remotely accessing company resources). It’s important to note that the compromised account did not have multi-factor authentication enabled on it, meaning that once the attackers had the username and password, they were able to log in without any additional checks. They then worked their way further into the network and started exfiltrating data, ultimately locking up systems in a ransomware attack. The investigation found that the initial system access happened at least 10 days prior to the ransomware being deployed and affecting the availability of resources. Additionally, it appears that malware on a device stole an employee’s Citrix credentials the day before the initial access; however, it is as yet unknown whether those same credentials were used in the attack.

What can we learn from this?

  1. Cybersecurity is a team effort: Cybersecurity is not just the responsibility of the IT person/department/company. It is important for all employees to be aware of the risks and take steps to protect their devices and data. Businesses need to create a culture of cybersecurity awareness and provide training to their employees on how to spot cyber threats.
  2. Educate employees about cybersecurity: Employees are often the first point of contact in the cybersecurity chain. Businesses need to educate employees about cybersecurity best practices, such as how to identify and avoid phishing attacks and how to create strong passwords.
  3. Implement a layered security approach: This involves using a variety of security controls, such as multi-factor authentication, firewalls, intrusion detection systems, and data encryption, to protect their systems and data. No one solution is 100% effective at stopping attacks.
  4. Have a plan in place to respond to cyberattacks: This plan should include steps to identify and contain the attack, mitigate the damage, and communicate with customers and employees.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

3 Ways to Avoid Being the Fool (Getting Phished) On April Fools’ Day

April Fool’s is fast approaching (it’s almost April?!?!?!), so it seems like a good time to review some phishing email tips so the joke isn’t on you.

Email is still the number one communication method, which makes it the perfect avenue for scammers and other malicious actors looking to get the highest return on their activities. Here are three ways to stay safe online this April Fools’ Day:

  • Verify the Sender: One of the most common tactics used by phishers is to impersonate trusted entities such as banks, social media platforms, or even friends and family. They often send emails or messages that appear legitimate, prompting you to click on malicious links or provide personal information. To avoid falling into this trap, always verify the sender’s identity before taking any action. Check the email address or contact number against known ones associated with the organization or individual. Be cautious of any unexpected requests for sensitive information and never hesitate to contact the sender through official channels to confirm the authenticity of the message.

  • Think Before You Click: Phishing attempts often rely on enticing users to click on malicious links or download infected attachments. These links may lead to fake websites designed to steal your information or install malware on your device. Therefore, it’s essential to exercise caution and think before clicking on any links, especially those received via email or social media messages. Hover your cursor over the link to preview the URL and ensure it matches the expected destination. If you’re unsure about the legitimacy of a link, it’s best to avoid clicking on it altogether. Instead, navigate directly to the website in question through your browser or contact the sender directly for verification.

  • Stay Updated and Educated: Cybercriminals are continually evolving their tactics to bypass security measures and exploit unsuspecting individuals. Therefore, staying informed about the latest phishing trends and techniques is crucial in safeguarding yourself against online threats. Keep your software, operating system, and antivirus programs up to date to protect against known vulnerabilities. Additionally, educate yourself and your family members about the signs of phishing scams, such as misspelled URLs, grammatical errors, and requests for sensitive information. By staying vigilant and informed, you can reduce the risk of falling victim to phishing attacks not only on April Fools’ Day but every day of the year.

Keep in mind that world events and holidays are often good disguises for malicious actors to send out emails. That link to a funny April Fool’s prank may not be from your friend or coworker and the joke might be on you, so keep an eye out!

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Tax Scams and How to Avoid Them

It’s that time of year again! As we get deeper into tax season, we’ll see an uptick in tax-related scams. IRS Commissioner Danny Werfel says, “People should be wary and avoid sharing sensitive personal data over the phone, email or social media to avoid getting caught up in these scam.” Here is some information on what to keep an eye out for as well as some resources from the IRS.

Phishing email is still the biggest attack avenue, as it is cheap and easy, but text and phone scams are still quite popular. Use the SLAM (Sender, Links, Attachments, Message) method to assess any suspicious emails:

  1. Check the Sender address
  2. Hover over any Links to see if they match the text
  3. Be wary of Attachments
  4. Check the Message. Red flags are a sense of urgency, consequences if something isn’t immediately done, or requests for payment in odd forms

The IRS compiles a list of its “Dirty Dozen” scams each year. It can be accessed here: https://www.irs.gov/newsroom/dirty-dozen. They also have a webpage dedicated to specific tax scams and consumer alerts: https://www.irs.gov/newsroom/tax-scams-consumer-alerts. It is a good place to learn about common scams and how to identify them. And for the low tech scams, here is a page dedicated to helping you determine if the IRS is really on the phone or knocking at your door: https://www.irs.gov/newsroom/how-to-know-its-really-the-irs-calling-or-knocking-on-your-door.

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.
  • Demand that taxes be paid without giving taxpayers the opportunity to question or appeal the amount owed.
  • Ask for credit or debit card numbers over the phone.
  • Call you about an unexpected refund.

(taken from their website: http://bit.ly/2AQf8cF)

The IRS is also warning tax professionals about being targeted by scammers. Scammers are posing as tax software providers and requesting EFIN (electronic filing identification number) documents from tax professionals under the guise of a required verification to transmit tax returns. The thieves then attempt to steal client data and tax preparers’ identities, creating the potential for them to file fraudulent tax returns for refunds.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Why NJ Insurance Agencies Need Cybersecurity Insurance (and 2 Steps to Boost Security)

As an independent insurance agency in New Jersey, you understand risk. You help your clients mitigate theirs every day. But what about your own? In today’s digital landscape, the biggest threat you face might not be a fire, a flood, or a bad driver – it could be a cyberattack.

Data breaches are on the rise, and the insurance industry is a prime target. Hackers crave the sensitive information you store, like PII, financial records, and policy details. A single breach can result in devastating consequences: hefty fines, lawsuits, reputational damage, and even business closure.

That’s where cybersecurity insurance comes in. It’s not just a nice-to-have – it’s a vital safety net for any agency. Here are three compelling reasons why:

1. Breaches Happen. Be Prepared.

Think you’re too small to be a target? Think again. Hackers don’t discriminate by size. In fact, smaller agencies can be easier targets with less robust security. Cybersecurity insurance can ensure you have the financial resources to recover from a breach, potentially covering legal fees, notification costs, and even credit monitoring for affected clients.

2. Compliance Made Easy.

New Jersey takes data privacy seriously. Laws like the NJ Privacy Act and regulations like HIPAA mandate strong data security measures and strict breach notification protocols. Having a cybersecurity insurance policy can demonstrate your commitment to data protection, potentially easing compliance audits and building trust with clients.

3. Sleep Soundly, Securely.

Beyond financial protection, cybersecurity insurance can offer peace of mind. Imagine having access to expert incident response teams who can quickly contain a breach and minimize damage. Or receiving vulnerability scans and employee training to proactively strengthen your defenses. It’s like having a dedicated cybersecurity partner by your side, 24/7.

Now, let’s talk proactive security. Here are two actionable steps your agency can take right now:

1. Lock Down Logins with Multi-Factor Authentication (MFA).

Think of MFA as an extra lock on your digital door. Even strong passwords can be compromised, but MFA adds an additional layer of security, like a code from your phone or a fingerprint scan. This makes it exponentially harder for attackers to gain access, even if they steal a password.

2. Educate Your Team: Knowledge is Power.

Your employees are your front line of defense. Regular security awareness training can equip them to spot phishing scams, avoid social engineering traps, and practice good password hygiene. Remember, informed employees are empowered employees, making your agency a safer place for everyone.

Cybersecurity is an ongoing journey, not a destination. By investing in both insurance and proactive measures like MFA and employee training, your NJ insurance agency can navigate the digital world with confidence, knowing you’re protected from the ever-evolving threat landscape. Don’t wait for a breach to be your wake-up call. Secure your agency’s future today.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

A Business Plan is Crucial for Independent Insurance Agencies

In the ever-evolving landscape of the insurance industry, independent agencies face a myriad of challenges and opportunities. Next year alone, artificial intelligence and machine learning are expected to be used more widely to improve efficiency and reduce costs. Insurtech companies are expected to continue to grow and offer new products and services. And cyber insurance is expected to become more important as cyberattacks become ever more expensive. As we step into 2024, the need for a well-thought-out business plan has never been more critical. Let’s delve into four compelling reasons why crafting a business plan is critical for the success of an independent insurance agency in the coming year.

1. Strategic Focus: Setting the Course for Success

A robust business plan serves as a compass, guiding independent insurance agencies through the complexities of the industry. By defining a clear mission and vision, agencies can establish strategic goals that align with market demands. This strategic focus ensures that efforts are concentrated on areas that drive growth, improve operational efficiency, and enhance overall agency performance.

2. Revenue and Growth Planning: A Financial Roadmap

At the heart of every successful agency is a sound financial strategy. The second key reason to create a business plan for 2024 is to outline revenue and growth objectives. By setting realistic financial targets, agencies can develop actionable plans for client acquisition, product expansion, and market penetration. This financial roadmap not only propels sustainable growth but also helps agencies adapt to the dynamic financial landscape of the insurance sector.

3. Client Relationship Management: Building Lasting Connections

Client relationships are the lifeblood of any insurance agency. Developing strategies for client acquisition, retention, and satisfaction is a compelling reason to invest time and effort in a comprehensive business plan. Agencies can leverage technology, streamline communication processes, and implement client-centric initiatives to fortify their position in a competitive market.

4. Employee Development and Training: Investing in Talent

The success of an independent insurance agency hinges on the expertise and dedication of its workforce. By outlining strategies for recruitment, continuous training, and career advancement, agencies can ensure that their team is well-equipped to navigate industry changes, adhere to compliance standards, and deliver exceptional service to clients.

As we stand on the cusp of a new year, independent insurance agencies must recognize the significance of a well-crafted business plan. With strategic focus, financial planning, client relationship management, and investment in employee development, agencies can position themselves for success in 2024 and beyond. A business plan is not just a document; it’s a roadmap that charts the course for growth, resilience, and excellence in the dynamic world of insurance.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

National Cybersecurity Awareness Month 2023

October is National Cybersecurity Awareness Month. In keeping with this theme, let’s talk about the upcoming holidays and some ways to avoid holiday scams.

1. Be careful about what you click on.

Phishing scams are one of the most common types of holiday scams, and they can be very convincing. Phishing emails and text messages often contain links that appear to be from legitimate companies, such as shipping companies or charities. However, these links actually lead to fake websites that are designed to steal your personal information.

To avoid phishing scams, be careful about what you click on. If you receive an email or text message from a company you don’t know or trust, do not click on any links. Instead, go to the company’s website directly by typing the URL into your browser address bar. Try to avoid searching for the company’s website, as scammers often use the paid search results to try to trick you.

2. Be wary of unsolicited offers.

Scammers often use unsolicited offers to lure people into holiday scams. For example, they may offer you a discounted gift card or a chance to win a free gift. However, these offers are often too good to be true. If you receive an unsolicited offer, be wary of it. Do not give out any personal information or pay any money unless you are sure that the offer is legitimate.

3. Use strong passwords and enable two-factor authentication (2FA).

Strong passwords and 2FA are essential for protecting your online accounts from unauthorized access. A strong password is at least 12 characters long and includes a mix of upper and lowercase letters, numbers, and symbols; most accounts now also allow you to use spaces. 2FA adds an extra layer of security to your accounts by requiring you to enter a code from your phone in addition to your password when logging in.

If you are not already using strong passwords and 2FA for all your online accounts, now is the time to start. Most websites and apps offer the ability to enable 2FA.

National Cybersecurity Awareness Month is all about raising awareness, and education is key. You can take advantage of a wealth of information available online such as:

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: https://bit.ly/2sCMb30 LinkedIn: https://bit.ly/375e6HB Twitter: https://bit.ly/3ajca0n

Small Business Lessons from the Casino Cyber Incidents

It came to light this past week that both Caesars and MGM suffered cybersecurity incidents (https://bit.ly/3EJ8kho). While we don’t yet know the full details of either incident, there are still lessons we can take away from the information we do have. Let’s take a look.

Preliminary information in the MGM case leans towards social engineering as the initial method of access. Some claims state that the malicious actor made a phone call to the MGM IT help desk, and they were able to trick/convince the IT staff that they were an MGM employee and needed to reset their password. Upon having the password reset and gaining access to the account, they were able to gain further access to the network through more sophisticated methods of attack. They were then able to access a system used to authenticate users of MGM services, which essentially gave them “the keys to the kingdom”.

CISA (Cybersecurity & Infrastructure Security Agency) says that more than 90% of all cyber attacks begin with a phishing email, and an IBM report from 2022 found that spear phishing (targeted) attacks combined with phone calls (vishing, or voice phishing) were three times as effective as just emails. Peter Nicoletti, global chief information security officer at cybersecurity company Check Point Software, is quoted in Vox saying “There’s always a little back door, and all the best defenses and all the expensive tools can be fooled by one good social engineering attack[.] What we’re seeing, especially in the new age of artificial intelligence, is the attackers are leveraging not only hacked information that they find about you, but also all of your social profile information[.]” (https://bit.ly/46g4jNh)

So what can we learn from all this?

  1. Cybersecurity is a team effort: Cybersecurity is not just the responsibility of the IT person/department/company. It is important for all employees to be aware of the risks and take steps to protect their devices and data. Businesses need to create a culture of cybersecurity awareness and provide training to their employees on how to spot cyber threats.
  2. Educate employees about cybersecurity: Employees are often the first point of contact in the cybersecurity chain. Businesses need to educate employees about cybersecurity best practices, such as how to identify and avoid phishing attacks and how to create strong passwords.
  3. Implement a layered security approach: This involves using a variety of security controls, such as firewalls, intrusion detection systems, and data encryption, to protect their systems and data. No one solution is 100% effective at stopping attacks.
  4. Have a plan in place to respond to cyberattacks: This plan should include steps to identify and contain the attack, mitigate the damage, and communicate with customers and employees.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n

Why Should You Protect Your Business with Cybersecurity Insurance?

The threat landscape for small businesses is rapidly evolving, with cyberattacks becoming more frequent and sophisticated. As a small business owner, it’s essential to take proactive steps to protect your company from these potential threats.

Cybersecurity insurance, also known as cyber liability insurance or cyber insurance, can be valuable for small businesses with 10-50 employees due to the growing risk of these cyber threats and attacks. Here are two reasons why businesses should consider having cybersecurity insurance:

  • Financial Protection Against Data Breaches: Small businesses often collect and store sensitive customer and employee information. In the event of a data breach, where this information is compromised or stolen, the costs associated with managing the breach can be substantial. This may include expenses such as notifying affected parties, providing credit monitoring services, legal fees, and potential regulatory fines. Cybersecurity insurance can help cover these costs, minimizing the financial impact on the business.
  • Mitigation of Business Interruption: Cyberattacks can lead to significant disruptions in business operations. For instance, a ransomware attack could render critical systems inaccessible, resulting in downtime and lost revenue. Cybersecurity insurance can provide coverage for business interruption and income loss resulting from such incidents. This coverage can help a small business get back on its feet more quickly by covering expenses like income loss, extra staffing, and temporary infrastructure.

Understanding the complexities of cybersecurity insurance is essential for small business owners seeking comprehensive protection. Speaking to an insurance agent about cybersecurity insurance is crucial for a small business owner for several reasons:

  • Understanding Coverage: Cybersecurity insurance policies can vary widely in terms of coverage, limits, and exclusions. An insurance agent can help the business owner understand the specifics of the policy, what types of incidents are covered, and what may not be covered. This ensures that the business owner has a clear understanding of the protection the policy offers.
  • Tailored Solutions: Every business has unique cybersecurity risks and needs. An insurance agent can work with the business owner to assess the specific risks their business faces and recommend a policy that aligns with those risks. They can help customize the coverage to address the business’s vulnerabilities, industry regulations, and data protection requirements.
  • Coverage Gaps: Small business owners might assume that their existing business insurance policies cover cyber incidents, but this is often not the case. Cybersecurity risks are distinct from traditional business risks, and specialized coverage is needed. An insurance agent can identify potential gaps in coverage and recommend appropriate cybersecurity insurance to fill those gaps.

From data breaches to business interruptions, the risks small businesses face are multifaceted and constantly evolving. Engaging with an insurance agent specializing in cybersecurity is a strategic step toward holistic protection. By understanding coverage nuances, addressing vulnerabilities, and harnessing tailored solutions, small business owners can proactively safeguard their enterprises against the evolving landscape of cyber threats.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips

For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n