You’ve probably been hearing the term “ransomware” a lot lately; reports of this type of cyberattack have doubled in the past year alone. Any business, or even individual, can be targeted by this form of malware, with which a cyberattacker encrypts a victim’s files and then demands a fee, or ransom, to restore access to the data. Because these attacks are so widespread, one could happen to you or your clients, so it is important to learn what you can do to protect yourself from one; if you are not properly protected, you or your customer might have to pay the ransom, which is far less expensive than replacing or restoring the locked files and computer. One thing you can do is purchase cyber insurance, which will cover ransomware, and encourage your customers to do the same, but is having one of these policies good enough, or could it cause more harm than good?
How Ransomware Works
Ransomware is different from other types of malware in that, during these attacks, a cyber criminal gains administrative access to your information and takes your data hostage. The most common way these criminals get access to your data is by sending out phishing scams through emails and texts; usually, the emails will look like they are from your bank or another trusted company you work with, and will contain an attachment or link that, if clicked on, will give them full access to your files.
Once the cyberattacker has full administrative access to all of your information, they will encrypt your files and essentially put a lock on your computer, demanding that you pay them a ransom to be able to gain access to your data again. Some will even take it a step further and threaten to publicize the data if the ransom is not paid; this can put your business in jeopardy because, as an agent in possession of sensitive customer information, it is your duty under HIPAA to protect that information.
Cyber Insurance & Ransomware
If you’re worried about ransomware attacks, remember that almost all cyber insurance policies cover ransomware, including the cost to restore and recover your data. However, you should also know that not everyone agrees that giving in to the attackers is the best solution, and lately, insurance companies have been getting scrutinized for paying ransoms. Regulators feel that by paying these ransoms, it further incentivizes cyber attackers: because of this, some insurance companies are dropping cyber insurance from their list of policies, while others are taking the ransom payment coverage out of their policies. This will require people to either pay the ransom on their own, which is typically anywhere form $700- $1,300, or have to pay for the restoration of their computer systems. The insurance companies and regulators hope that this will slow down ransomware attacks in the long run, but it doesn’t help individuals and businesses who are attacked in the short term.
With that being said, this has not stopped many insurance companies from providing cyber insurance, including ransomware coverage. What’s more, after recent high-profile attacks such as the one on the Colonial Pipeline, there is now a greater push for ransomware legislation to support private and public sectors and to punish the criminals. Hopefully the focus will be taken off the insurance industry and put back where it belongs: on stopping the attackers.
As of now, if you are looking to protect your business and your clients’ businesses, there are still affordable cyber insurance plans, but there are some precautionary steps you and your customers can take as well.
How To Prevent Ransomware
A cyber insurance policy will help you restore your encrypted data if you are attacked, but there are other steps you can take to help prevent attacks on your computer and files:
- Keep your system up-to-date.
- Do NOT install software unless you are completely sure it is from a trusted source, and do NOT give administrative access to anyone else unless absolutely necessary (and safe).
- Install antivirus and whitelisting software to prevent unauthorized applications.
- Backup your files as often as possible.
Ransomware can destroy your business and cost you – or your customers – thousands of dollars. Cyber insurance is a great way to protect you and your customers’ businesses, but this type of coverage is becoming controversial, meaning that some insurance companies are no longer offering it. So, not only should you make sure you follow the steps above to prevent ransomware, and share the information with your clients, you should also compare cyber insurance plans from different companies to make sure they still cover ransomware.