Three Simple and Effective Safety Measures to Protect Your Business Against a Cyber Attack

This past spring, hackers were able to halt the operations of the largest fuel pipeline in the US, with a single compromised password. These types of attacks are happening everyday and businesses of all sizes can be targets. Here are three simple measures that your business can take to prevent attacks like the one that shut down Colonial Pipeline.
Categories: Business Insurance
Nov 16th, 2021 | By: CapriCMW

This past spring, hackers were able to halt the operations of Colonial Pipeline, the largest fuel pipeline in the United States, with a single compromised password. It was one of many leaked passwords in a batch sold on the dark web and had previously been used by an employee to access Colonial Pipeline's virtual private network. Although the account was no longer active, the password still worked. The breach led to Colonial Pipeline shutting down its entire gas pipeline system, resulting in a mass gas shortage and panic buying among consumers. Gas prices spiked dramatically along the East Coast at this time. To get its system back online, Colonial Pipeline Co. paid a ransom of nearly $5 million in bitcoin.

This is just one example of the numerous ransomware attacks on businesses that are happening everyday. An Emsisoft study released earlier this year estimated that there were over 3,000 ransomware attacks on Canadian organizations in 2020 with ransom demands ranging from US $123,697,351 to $494,789,403. These numbers do not include the losses arising from business downtime and additional costs of restoring data and systems. 

Cyber attacks are increasing at an alarming rate and the methods used are growing in sophistication. However, many Canadian businesses are still not investing in leveling up their cybersecurity and cyber insurance.


Here are three simple measures that businesses can take to help prevent attacks like the one that shut down Colonial Pipeline:  

EMPLOYEES SHOULD NOT REUSE PASSWORDS.

The complexity of the password will not make a difference if it is being used on multiple websites that can be compromised. As with the Colonial Pipeline incident, hackers can buy stolen passwords online in batches and use them to gain access to company networks and systems. Instruct your staff to avoid using the same passwords on multiple websites.

DELETE ACCOUNTS FOLLOWING EMPLOYEE DEPARTURES.

When an employee leaves, delete all of their accounts, including older ones from systems no longer in use. In the case of Colonial Pipeline, although the compromised account was no longer in use, the username and password still allowed access to the company's network. 

ENABLE MULTI-FACTOR AUTHENTICATION.

Two-factor authentication is a commonly used security feature, which involves each employee using a username and password, as well as a secondary measure such as entering a code that is texted to their mobile device. While MFA can still be breached, it serves as another layer of protection against hackers attempting to exploit unprotected passwords. 


Contact a CapriCMW Risk Advisor to discuss your options for cyber insurance and other risk management tools and strategies to protect your business. 

 This content is powered by the Canadian Broker Network.

CBN_logo-250.png

CapriCMW is a proud member of the Canadian Broker Network (CBN), an alliance of Canada’s leading independent insurance brokerages representing over 50 offices, 1,500 professionals and over $1 billion in premiums. Learn more at canadianbrokernetwork.com.

Recent Blog Posts

Business Insurance / Property Management, Strata Corporation, subrogation
Strata Corporations and Subrogation: Recovering Costs of Damages From At-Fault Parties

Our Strata Advisors explain reasons why subrogation can often be a long and arduous process, steps…

Aug 18th, 2022 | By: CapriCMW
Business Insurance / employment practices liability
3 Strategies to Limit Your Organization's Exposure to Employment Claims

The impact of the COVID-19 pandemic has led to a global shift towards remote and hybrid work…

Aug 10th, 2022 | By: CapriCMW
Employee Benefits / employee benefits, group retirement, retirement savings, RRSP
Employee FAQs: Group RRSPs

CapriCMW's Group Retirement and Savings Advisors answer some of the most common questions from…

Aug 3rd, 2022 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!