As organizations are becoming more aware of Cyber-attacks and Ransomware and are improving IT security tools they use; Ransomware and Cyber criminals are also evolving and are devising new ways to breach a company's systems.  In addition, expenses related to Cyber breaches/attacks are steadily increasing.  Ponemon's 2019 Cost of a Data Breach study noted that "breaches originating from a malicious Cyber-attack were not only the most common, but also the most expensive."

Below are several tips to help combat Ransomware and other Cyber threats:

1. Strong passwords aren't enough - companies should be implementing and enforcing two factor authentication to prevent unauthorized access using a company account, especially for users with elevated access rights. 
2. "Over the counter" anti-virus is a bit outdated - look into rolling out Endpoint Detection and Response (EDR) software.  It's smarter and responds fast to threats than your average anti-virus software. 
3. Implement Email Spam Filtering - a quality spam Filtering service will not catch all spam and phishing attempts but it will prevent most of them from reaching a user's inbox; therefore reducing the threat that a user errantly clicks on a malicious link For the ones that do get through, educate your staff on how to identify and deal with phishing attempts. 
4. Introduce multiple point of redundancy - in some cases your backup system may be compromised or unavailable.  Remember, cloud servers and backup systems can get hit with ransomware too. It's best to have a backup to your backup.
5. Patch servers and computers regularly and update firmware on hardware devices. 

Last but not least, make sure you have adequate Cyber insurance that covers ransomware events, extortion payments, legal and forensic fees and data recovery in additioon all of the other beneficial coverages that are provided by a Cyber Liability policy.  

Cyber risk and, particularly, the risk from ransomware appears on everyone’s top risks list these days, including ours. The threat from a ransomware attack has rapidly increased over the past nine months, as many organizations continue to “work from home” which can come with more relaxed cybersecurity practices. As we go further into 2021, cybercriminals will continue to become more sophisticated, forcing these organizations to waste resources reacting to a ransomware attack.

In the last 10 months so many employers have adapted to a remote workforce. Here at The ALS Group we are no different. We have highlighted a few ways we have remained connected as a team through this pandemic, and how we have driven productivity with the help of our employees!

As most of the workforce continues to work remotely, the “data breach” exposures of yesteryear are still around. I doubt that any of your employees have been issued one of these as part of their “remote work setup”, but as people are settling in to a “new normal” in working from home, printing and reading documents is still prevalent. Only now, the security of that “paper” is often overlooked and can be simply discarded into the kitchen trash which is moved to the curb on garbage pickup days.

In these challenging economic times, having a lower TCoR can not only give a company a competitive edge, but also improve its bottom line by affording it the ability to pursue opportunities their peers may not be able to.

The idea for this blog was conceived by Marshall Ma, who joined The ALS Group as a Risk Management Intern and now provides support on client accounts as Technical Analyst, based on the Chinese ideogram for “crisis”. It just happens that Marshall is fluent in Mandarin and is passionate about risk management. She is an Enterprise Risk Management Graduate and Lecturer at Columbia University. While at Columbia, Marshall spent a lot of time working on campus educating her peers and supporting industry outreach. She also participated in risk assessment and mitigation for the campus’ internal Career Design Lab.

As companies think about their supply chain and the risks that are inherent with that area, a good place to start is with your contract terms with the supplier – what are the terms you want? What are the terms you have agreed to?

With the unsettling state of affairs of the world today, a manufacturer or distributor has to be properly vetted and the terms of supply carefully considered. What is an acceptable delay or non-delivery? 

Most CEOs or CFOs are probably not Cyber Security experts, but are entrusted to ensure the company runs efficiently and profitably. In today’s business IOT world, having a safe and secure network is a large part of keeping the business operational. This includes ensuring that all cyber related risks are minimized as much as the budget will allow. Cyber related issues that threaten the company’s income are scary for sure, but perhaps the most frightening aspect of keeping your network and data secure are the “unknowns” of IT.

As we are “flattening the curve” and the economy is slowly opening, employees will start to transition back to the office after nearly four (4) months of working from home. The COVID-19 pandemic forced many organizations to close and, those that did not have a disaster recovery/business continuity plan in place had to scramble to come up with a “work from home” solution in order to keep their business running while keeping their employees safe and healthy. Such “on the fly” solutions can cause serious complications as employees return to the office, and company leadership realizes that they must adjust their risk strategies to suit the “new normal”.

The 2020 Atlantic hurricane season is expected to run from June 1^st to November 30^th. Department of Atmospheric Science at Colorado State University predicted that the East Coast of the United States is likely to see a major hurricane, ranking at a category 3, 4, or 5, during the 2020 Atlantic hurricane season. High category named storms bring on damages like, floods, wind damage, and power failure which may take several weeks to recover from. Though these predictions are not precise, we believe, that informed preparation is the best way to avoid costly claims, not unlike those caused by Hurricane Sandy in 2012.