Sally clicks on an email from someone in accounting asking her to review an invoice. She opens the PDF and clicks on a link directing her to a page that needs additional review. Everything looks standard on her end, and she quickly moves on to her next task.
Weeks later, the CEO gets a call from the IT manager. There has been a ransomware attack on their system, and the attackers are demanding a payment of $2,000,000, or else they will destroy their entire internal system and release the company’s sensitive financial and personal employee data. Locked out of their software and databases, dispatchers have no way of tracking who is on the road, where their drivers should be, and what loads are being picked up and delivered. Chaos ensues as operations and dispatch have to resort to pen and paper tracking to maintain some semblance of normal business. The accounting department can’t get access to their bank accounts or records; bills aren’t getting paid, and revenue is stuck in limbo. The HR manager is in a panic over the possibility that employees’ social security numbers, addresses, birthdates, license numbers, and health information may be exposed.
Lawyers, IT experts, and insurance consultants are called in to work with the hackers on a resolution. All goes as well as possible, and after a week of negotiation, $800,000 of ransom is paid and the hackers release their hold on the company’s system. The immediate threat has passed, but the situation is far from over. The company will have to rebuild its entire system to ensure that they are not vulnerable to future attacks. They are still scrambling to keep their trucks on the road and their drivers working as they restore their systems for the dispatch team. Just when the CEO thinks the situation can’t get worse, he’s notified that their biggest client, a major OEM, is suing them for exposing their sensitive company data. The impact of the ransomware attack costs the company almost $1,000,000 in lost revenue, legal fees, and expenses to repair their systems, even with their cyber insurance policy covering the cost of the ransom and the initial legal fees to fight the attack. The impact of the event takes years to fully recover from, and the CEO is left wondering, “What could I possibly have done to prevent this?”
If this sounds like a nightmare, know that this scenario can quickly become the unfortunate reality for companies that fall victim to cyber attacks. As your partners in insurance, we offer and recommend that our clients carry cyber insurance. However, even the best cyber insurance coverage cannot completely fix the devastating impact of a cyber attack on your business. All it takes is a well-meaning employee opening the wrong email, and suddenly your most sensitive data can be exposed, your operations come screeching to a halt, and you’re at risk of losing your biggest clients and contracts.
These attacks are only becoming more frequent as technology improves and hackers become better at using psychology against us. Hackers most often rely on “social engineering” to get past our defenses and attack company systems. Social engineering is a tactic that manipulates human psychology to trick people into revealing sensitive information or compromising security, often through phishing (link to phishing post) or impersonation. It exploits trust or emotions rather than technical flaws, targeting the human element that makes businesses vulnerable.
Social engineering-based attacks mean that even companies with the sharpest IT workers and the best antivirus or anti-malware software can still fall victim to cyber attacks. This is why prevention and employee education should be a primary aspect of every company’s cyber security plan.
We’ve seen the impact of cyber attacks first hand as we’ve walked alongside our clients while they’ve navigated situations very similar to the story above, and while we see the immense benefit of carrying cyber insurance, we also know that there is no replacement for preventing cyber attacks from happening in the first place.
For this reason, we are excited to announce our partnership with top cyber security company, KnowBe4. KnowBe4 is a leading cybersecurity company focused on empowering organizations to combat social engineering threats. Its purpose is to reduce human-related cybersecurity risks by educating employees to make smarter security decisions, fostering a stronger security culture within businesses worldwide. The company offers a comprehensive suite of products and tools designed to address the human element of cybersecurity. KnowBe4’s tools and trainings help every employee on your team become more diligent about cyber security by teaching them what to look for to avoid cyber attacks and what to do if they notice something suspicious. KnowBe4 can also help screen for suspicious emails before they even hit an employee’s inbox. Their tools are affordable and require minimal time and effort to implement. At Sentinel, we’ve been loyal KnowBe4 customers for years, and our team loves that the quick and simple trainings not only make our office and clients safer, but that they’ve also been able to apply the knowledge personally to help keep themselves and their families safer at home.
We all need support with cyber security— how many times have you received phone calls letting you know that your “loan request has been accepted” or text messages urging you to pay a mysterious toll bill? These are just the most obvious examples of cyber scams- we unknowingly expose ourselves and our businesses to cyber security risks much more often than we realize!
So what can you do to protect yourself and your business? Over the next several weeks, we will be sharing some helpful tips for protecting your business from cyber attacks, but our first suggestion will always be to utilize the awesome tools provided by KnowBe4. Thanks to our partnership, KnowBe4 is offering an exclusive discount to Sentinel clients.
We can also help you protect your business with cyber insurance. While prevention is key, having the right insurance can protect you and your business if and when disaster strikes.
Give us a call at (470) 524-4884 and press 1 to speak with an account expert who can support the unique needs of your business.
