Privacy & Network Liability Coverage
Including Ransomware, Social Engineering and Data Restoration Expense Extension
Public Entity Partners has offered Privacy & Network Liability Coverage to members since 2012. This important coverage was originally designed for members who may have failed to protect confidential and private information, and to cover associated notification expenses through the Data Breach Fund.
Cyber criminals have continued to target local governments at an alarming rate. Beginning July 1, 2019, Public Entity Partners will also offer a Ransomware, Social Engineering and Data Restoration Expense extension to the Privacy & Network Liability Coverage. This coverage extension will have a $250,000 sublimit.
In order to be eligible for the Ransomware, Social Engineering and Data Restoration Expense coverage, members will need to demonstrate that they have met underwriting standards laid out in the application. One of the most important requirements of this coverage is having a backup procedure designed to protect your data. Public Entity Partners has always advocated for members to adopt a risk management philosophy, and this must also extend to computer networks, email systems, and how we access the Internet through any of our connected devices.
The Federal Bureau of Investigation has a dedicated Internet Crime Complaint Center (IC3). Since its creation, the IC3 has received an average of 248,000 complaints EACH YEAR! In 2017, the IC3 received 1,783 complaints that were specifically identified as ransomware.
What is Ransomware?
Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and systems. Ransomware is frequently delivered through spear phishing e-mails to end users. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor will purportedly provide an avenue to the victim to regain access to their data. Recent ransomware attempts to target employees at all levels of an organization, making awareness and training a critical preventative measure.
Even with sound controls in place, ransomware can still affect your organization. Cyber criminals are constantly searching for a way to trick your employees. Having contingency and remediation plans in place are crucial to your entity’s ability to recover from this type of attack.
What are some basic steps you can take to prevent ransomware attacks? The Cyber Division of the FBI recommends the following:
- Educate your employees! All employees need to understand that they may be a target of a cyber criminal and the common techniques that may be used.
- Operating systems, software and firmware on devices should be kept up-to-date. As weaknesses are found, companies like Microsoft or Apple provide security patches and updates. If your devices are not kept up-to-date, you are making it easier for criminals to exploit you.
- Any anti-virus or anti-malware solutions that you may use within your organization should be set to automatically update and scan your computer.
- Consider which employees need administrative access to their computers. Limiting the ability for an end user to install programs or make changes to programs on their computers is a safeguard designed to prevent malwares from making changes to your entity’s computers. If any users do not need administrative rights to their computers, make sure they have a more restrictive user account.
- Disable macro scripts from office files transmitted via e-mail. You should also consider using Office Viewer software to open Microsoft Office files via e-mail instead of full office suite applications.
- Implement Software Restrictive Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
- Does the idea of Internet security make your head spin? Engaging a professional to help you secure your network and protect your computer systems is a great first step. We can no longer bury our heads in the sand and think that a ransomware attack will not happen to us or our entities.
Even with sound prevention techniques in place, you could still be impacted by ransomware or general malware. How will you recover?
- It is up to you to regularly backup your systems to ensure you can rebuild your data.
- Make sure your backups are also secure! Malware can impact your backup if it is on the same network. Use of a cloud-based backup system or storing your backup off-site can help protect your backup if you are impacted by a ransomware or malware. Having a backup is the best way to recover your critical data in the event you are impacted, and is an underwriting requirement in order to obtain coverage.
What are some other best practices recommended by the FBI?
- Implement application whitelisting; only allow systems to execute programs known and permitted by security policy.
- Execute operating system environments or specific programs in a virtualized environment.
- Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units.
What should you do if you believe you have been impacted by a ransomware attempt?
- If you are impacted by a ransomware attempt, you should immediately secure your backups and contact Public Entity Partners to file a claim.
- In addition, you should contact the local FBI field office and request assistance. The FBI does not support paying a ransom to cyber criminals. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.
What is Social Engineering?
Social Engineering is a technique used by cyber criminals to trick you into giving access to your computer or network, and can even include tricking you into transferring money directly into the cyber criminal’s bank account. These bad actors will use commonly available information about you and things you care about in order to trick you into revealing information. These attacks can be very sophisticated and difficult to detect!
Doing a simple Internet search of your name can show you the information to which a cyber criminal may have access. If you post personal information online, including to social media platforms like Facebook or Instagram, a cyber criminal can use that information to trick you without having complex programming skills.
Social engineering attacks frequently come in the form of an email from what seems like a legitimate vendor, customer, internal employee, or even an elected official requesting a transfer of money or a change in direct deposit information.
How can you combat social engineering attempts?
A simple yet effective way to combat social engineering is to always confirm changes requested by email in-person or through a direct phone call. You should also seek to protect yourself by keeping social media posts private and limiting the personal information available about you online. Keep in mind that information about elected officials may be harder to limit online. Never assume that a request is valid simply because it includes a personal message.
What should you do if you are a victim of social engineering?
If you are impacted by a social engineering event, you should immediately contact your financial institution to attempt to stop payment or correct any incorrect routing information. You should also file a claim with Public Entity Partners and contact local law enforcement officials.
Public Entity Partners encourages members to review our Sensitive Information and Computer Security Loss Control Guideline. This extensive guideline covers sensitive information that is both printed and electronic. It is available in our online portal or through any of our casualty loss control consultants.
If you would like to find out more about the Privacy & Network Liability coverage and the Cyber Extension, please reach out to the underwriting department.
Return to the top