Three Simple and Effective Safety Measures to Protect Your Business Against a Cyber Attack

This past spring, hackers were able to halt the operations of the largest fuel pipeline in the US, with a single compromised password. These types of attacks are happening everyday and businesses of all sizes can be targets. Here are three simple measures that your business can take to prevent attacks like the one that shut down Colonial Pipeline.
Categories: Business Insurance
Nov 16th, 2021 | By: CapriCMW

This past spring, hackers were able to halt the operations of Colonial Pipeline, the largest fuel pipeline in the United States, with a single compromised password. It was one of many leaked passwords in a batch sold on the dark web and had previously been used by an employee to access Colonial Pipeline's virtual private network. Although the account was no longer active, the password still worked. The breach led to Colonial Pipeline shutting down its entire gas pipeline system, resulting in a mass gas shortage and panic buying among consumers. Gas prices spiked dramatically along the East Coast at this time. To get its system back online, Colonial Pipeline Co. paid a ransom of nearly $5 million in bitcoin.

This is just one example of the numerous ransomware attacks on businesses that are happening everyday. An Emsisoft study released earlier this year estimated that there were over 3,000 ransomware attacks on Canadian organizations in 2020 with ransom demands ranging from US $123,697,351 to $494,789,403. These numbers do not include the losses arising from business downtime and additional costs of restoring data and systems. 

Cyber attacks are increasing at an alarming rate and the methods used are growing in sophistication. However, many Canadian businesses are still not investing in leveling up their cybersecurity and cyber insurance.


Here are three simple measures that businesses can take to help prevent attacks like the one that shut down Colonial Pipeline:  

EMPLOYEES SHOULD NOT REUSE PASSWORDS.

The complexity of the password will not make a difference if it is being used on multiple websites that can be compromised. As with the Colonial Pipeline incident, hackers can buy stolen passwords online in batches and use them to gain access to company networks and systems. Instruct your staff to avoid using the same passwords on multiple websites.

DELETE ACCOUNTS FOLLOWING EMPLOYEE DEPARTURES.

When an employee leaves, delete all of their accounts, including older ones from systems no longer in use. In the case of Colonial Pipeline, although the compromised account was no longer in use, the username and password still allowed access to the company's network. 

ENABLE MULTI-FACTOR AUTHENTICATION.

Two-factor authentication is a commonly used security feature, which involves each employee using a username and password, as well as a secondary measure such as entering a code that is texted to their mobile device. While MFA can still be breached, it serves as another layer of protection against hackers attempting to exploit unprotected passwords. 


Contact a CapriCMW Risk Advisor to discuss your options for cyber insurance and other risk management tools and strategies to protect your business. 

 This content is powered by the Canadian Broker Network.

CBN_logo-250.png

CapriCMW is a proud member of the Canadian Broker Network (CBN), an alliance of Canada’s leading independent insurance brokerages representing over 50 offices, 1,500 professionals and over $1 billion in premiums. Learn more at canadianbrokernetwork.com.

Recent Blog Posts

Employee Benefits / Human Resources, employment law
Government of BC Announces Permanent Paid Leave Legislation

As of January 1, 2022, all employers in BC will be required to provide a minimum of five days of…

Nov 25th, 2021 | By: CapriCMW
Employee Benefits / CPP, employment insurance, pension plan
Federal Government Announces New CPP and EI Maximums

The federal government has announced new maximum pensionable earnings and maximum insurable earnings…

Nov 9th, 2021 | By: CapriCMW
Employee Benefits / workplace safety, health and safety, COVID-19
Employment and Social Development Canada Releases Updated Guidance on Records of Employment for Non-Compliance with Workplace Vaccination Policies

Employment and Social Development Canada has posted updated guidance for employers that must issue…

Nov 4th, 2021 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!