Category Archives: Cyber Liability Insurance

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Why Passphrases are the Future of Logins

Every so often, whether it be for a company software program like MOZ, a school database like blackboard, or even a personal social media account on twitter, you get one of the two ominous messages.

The Unwanted Messages

You get the “time to reset your password” right after you slowly got used to your new password. Now you have to create a new password that’s memorable but is also hard to crack. Yes, it is a measure of security and caution from the website that is admirable. It is a pain at best for the user.

Then there’s the other message: “oops, you forgot your password too many times. Let’s reset it!” This one is arguably worse because of two things. One, you have to create a whole new password just like the mandatory reset times. But, you have to make it easier to remember than your last one, since you just forgot it. That makes hacking for these passwords so easy.

Where we are with Passwords

While there are some awesome dual-factor authentication apps and tricks as well as new biometric security measures, hacking password details could not be easier right now. Soon, we’ll be strictly using biometric passwords like eye scanning and finger pad touch. Or just using dual-factor using an app like duomobile. But for now, passwords are becoming ever so easy to hack for cyber criminals. They have more advanced technology that can run dictionary hacks and algorithm checks at 1,000,000,000 searches a second. And the only thing standing between your account with credit card info and their supercomputer is the password “qwerty12345.” All jokes aside, that password is extremely common, and there’s simpler derivatives of that password that make the 25 most common passwords of 2020.

Passphrases

While waiting for that futuristic physical password technology, allow me to introduce you to a better password type: pass-phrases. Pass-phrases are exactly what it sounds like. It’s not a word with numbers and symbols, it is a whole phrase that may include further numbers and symbols. While some say it is only a small step of improvement over passwords, let me tell you why they are much more protected.

Benefits of Passphrases

First, the guideline check is simple. They’re just as protected against password guidelines on the vast majority of sites. They are also supported by many sites as well, meaning you will be able to use these wherever you can use your normal pass-word.

They’re more secure. It’s that simple. The more characters and difference in the change of characters, the better. As in, if your password is football10!, that is a password a hacker can crack manually, it’s so straightforward. Now imagine it being “Mile High Miracle 512!” That’s 21 characters compared to 11, which makes the computers check for 10 factorial more possibilities. Simply, that means “football10!” Is a mid-sized fish in a river, “Mile High Miracle 512!” Is a krill in the Pacific.

Example of good Passphrases

Also, football is too simple, and there’s no change after football. Being as specific as possible is best. Take Mile High Miracle 512! Mile High Miracle is a nickname for a specific famous game that my favorite team, the Baltimore Ravens won (it’s a reference to them beating the Denver Broncos in Denver). Next, the 512 part. The game is mostly famous because of one play. The Baltimore quarterback, number 5, threw a last-gasp touchdown to Baltimore wide receiver number 12, to tie the game. 512 is incredibly more random than 10, yet feels more memorable. See how easy that was?

Concluding Thoughts

My point is that passphrases are easier to remember than those one word and 2 number passwords. Especially if they’re close to your heart and mean something. That could mean a song lyric/title/album, or a movie phrase, or a famous sports moment. So if you are a big music fan, next time you are resetting your Chase account, take a minute before you rush to put “RockFan12345.” Think about passphrases, and try something more along the lines of “St41rway 2 Heav3n” instead. Trust me, the time it’ll take to remember which e becomes a 3 is the difference between a bank account compromise and having your financial records safe.

Still confused? Want to learn more about passphrase protection? Or just about cyber security in general? Contact a risk advisor today at 914-357-8444 or visit our website here.

Cyber Liability Insurance, HR Challenges, Risk Management

Cybercriminals Are Targeting HR Depts. With This Resume Scheme

Trojan malware attacks are resurfacing since businesses are starting to return to work embracing a new normal in a post-COVID-19 world. Organizations have started to resume their hiring practices by posting job opportunities on their website, across job boards, and on LinkedIn to reach as many potential candidates as possible.

Some of these businesses are streamlining their hiring process by requesting that resumes are directly emailed to their HR department. Streamlining this process is creating new exposures in cybersecurity due to a cybercriminal’s ability to socially engineer the situation. 

 

 

Cybercriminals are sending emails with attachments posing as resumes to HR departments. The premise of these attacks is a modern-day Trojan Horse.  A threat posing as a harmless gift. Trojan malware is not a new cyberattack, but it is one of the most unsuspecting. 

If your HR Department fields dozens of resumes a day, there is a significant chance that one of the resumes they open could contain malware. If the file does contain malware, your organization could be allowing keylogging software or ransomware onto your server to attack unencrypted files. 

Without the HR department’s knowledge, a cybercriminal can attach a malicious file to an email that mirrors any other job seekers’ resume. The cyberattack can download ransomware or keylogging software onto the HR department’s computer or infect the entire network. 

 

Ways to Avoid A Potential Trojan Malware In Your inbox.

 

  1. Avoid Resumes sent as Word documents. Have job candidates submit their resumes as plain text within an email or as a PDF. Word Documents are the 2nd most likely file type to contain malware. ZIP and program files are the most likely. 
  2. Do not click social media links embedded into the email. If an applicant shares a link to their social media accounts, don’t click the link. Type out the full URL to ensure the social media account exists. Or search the social media website for the user name your applicant has given you.
  3. Use a recruiter. Working with a trusted recruiter is one way to reduce the number of random emails with attachments that end up in your HR department’s inbox. A trusted recruiter will share only the resumes that are the best fit for your organization.
  4. Have resumes submitted as plain text files instead of as an attachment. If you’re using a web form, have applicants upload their resume as plain text right into a response box instead of having applicants attach a document to an email or upload a document.
  5. Have applicants fax or mail their resumes. Paper wins against malware every time. Submitting a resume through Fax or the regular mail, this ensures there is no way that the submitted resume can contain malware.

These are a few ways to negate the risk of Trojan malware attacking your organization. For more information on how to protect your organization from cyber risks Contact a Risk Advisor at 914-357-8444.

Source Article: Hackers  Targeting Employers- Forbes

 

 

Cyber Liability Insurance, HR Challenges

The SHIELD Act : How It Affects Your Business In New York

Due to the increasing concern about the security of personal information, many states feel the need to implement data and cybersecurity laws to protect private information utilized by these malicious hackers. On July 26th, the governor of New York signed the SHIELD Act to protect the state’s resident’s data and broaden New York’s security breach notification requirements. The SHIELD ACT or Stop Hacks and Improve Electronic Data Security Act requires in the state of New York that any person, business owner’s computerized data which includes the private information of a resident of New York (“Covered Business”) to not only implement but maintain reasonable safeguards to protect the confidentiality, security, and integrity of the private information but to have proper breach notification requirements.

Every NY business owner must comply with the SHIELD Act because “private information” includes a lot of sensitive data. It is imperative to understand what the definition of private information means as it includes, but is not limited to a username or email address in combination with a password, a name, phone number, driver’s license number, CC number, etc. This does NOT include publicly available information that is lawfully available. This act also expands the definition of Breach, as Breach now includes unauthorized access, rather than solely unauthorized acquisition.

To be compliant with the SHIELD Act’s data security requirements, a business must implement a data/cybersecurity program that has reasonable administration safeguards, reasonable technical safeguards, and reasonable physical safeguards. These reasonable safeguards must be appropriate and align with the size/complexity of a business. This act highlights the importance of HR professionals and in-house employment involvement in their organization’s information security. This act adds an important aspect that requires there to be breach notification requirements. 

For example, if an HR Professional accidentally emails private information to the wrong employee containing “private information” the employer must document this as inadvertent disclosure which won’t result in misuse and maintain this documentation for 5 years. If the information contained more than 500 New York residents the employer would have to submit documentation to the attorney general within 10 days. If you fail to comply and notify the attorney general, there are $20 fines per notification with a maximum penalty of $250,000 (Effective Oct. 23,2019.)

This is extremely important for employers to understand in order to comply with the law. The responsibility employers, HR professionals, and employees have regarding properly handling data can impact a business tremendously. The fines associated with mishandling data can lead to millions of $$$ in losses. Make sure you understand the laws, make sure you protect your data, and make sure if your company experiences a data breach you have proper risk management strategies in place to pay for the losses.

Download our SHIELD Act Guide Here

For More Information on the Shield Act and how your organization can be compliant, contact a Risk Advisor or call 914-357-8444

Cyber Liability Insurance, Loss Control, Risk Management

Capital One Data Breach: Assessment and Prevention

 Last year, after the Capital One Data breach, Capital One agreed to terms with US regulators to pay $80 million dollars in fines because of a data breach. The hacker accessed approximately 100 million credit card applications. Maintaining online security for a small or midsized business can be a hassle. There is a lot that goes into maintaining good security practices, and the truth is, it’s hard to keep up with all the new rules and regulations. The last thing you need while trying to grow your business is for someone to somehow steal your information. In the case of someone hacking into your business, YOU are responsible for the lost data.
The fines are to address the lack of security that allows a breach of this scale to happen. Also to address the issue of the bank not solving the problem on time. This gives the opportunity to steal and distribute credit card information, social security numbers, and the potential for large scale identity theft. Capital One claims to have tightened up its online security system. According to the OCC, the bank will take additional steps to show its computer system has bettered its security.

So what do I do as a business owner to protect myself from a data breach?

Purchase cyber liability insurance. If there is one thing that I have learned from my time working at a risk management firm, it’s that it’s better to be safe than sorry. US regulators have the ability to fine your business into the dirt after a single breach. It is a huge money saver in the long run to buy cyber liability insurance. One of the primary costs of data breaches is notifying affected users of a hacked online resource. The cost of maintaining a data breach notification system can be very high. It has only increased and only will increase since the escalation of hacking in recent years. Without cyber liability insurance, a company is liable for all of the costs associated with creating and maintaining a breach alert system.

 
Hacking is only becoming more prevalent in our society. Soon, cyber liability insurance will become a necessity, and most likely more expensive. Before we know it, all businesses carrying different varieties of data will be required to purchase cyber liability insurance. Don’t end up like Capital One, paying millions of dollars in fines because you skimped on your security system to “save money.” In the long run, the best way to protect your business and save money is to do right by your customers.
If you still have questions, you can contact a risk advisor today at 914-357-8444. Or, you can visit our website here.

 

Cyber Liability Insurance, Line of Insurance

12 Requirements For PCI-DSS Compliance

Online transactions have become commonplace for many companies across all lines of industry. With the rapid growth in acceptance of online payments, many companies underestimate or are not even aware of requirements to maintain Payment Card Information (PCI) Data Security Standard (DSS) compliance.

 

What is PCI-DSS?

 
Payment Card Information (PCI) Data Security Standard (DSS) is a security standard developed and maintained by the PCI Council. The PCI Security Standards Council (PCI SSC) is a global forum. Payment industry stakeholders develop and drive the adoption of data security standards and resources for safe payments worldwide. The primary purpose of PCI-DSS is the assist in securing the payment card network.

 
Photo courtesy of pcisecuritystandards.org
 
Having one’s own data stored is a necessity, but risky. Having third party data stored brings on a whole new aspect of risk which requires its own assessment and treatment. Data breaches are a regular occurrence to which we have become desensitized. Recognizing this, the need for PCI compliance has never been more paramount.

What are the 12 requirements of PCI DSS?

 
We know, hearing there are 12 requirements sounds daunting. First, dive into the list and you will find the company is complying with some of these without knowing it. Additionally, the tips below can serve as a starting point for a self-assessment.
 
 
  • Install and maintain a firewall configuration to protect cardholder data
 
  • Configure unique passwords and settings. Do not use vendor-supplied defaults for system passwords and other security parameters
 
  • Protect stored cardholder data
 
  • Encrypt transmission of cardholder data across open, public networks 
 
  • Use of anti-virus software or programs
 
  • Develop and maintain secure systems and applications
 
  • Restrict access to cardholder data by business need to know
 
  • Assign a unique ID to each person with computer access
 
  • Restrict physical access to cardholder data
 
  • Track all access to network resources and cardholder data
 
  • Test security systems and processes. Conduct vulnerability scans and penetration tests
 
  • Maintain a policy that addresses information security for all personnel. Constant documentation and risk assessment are a must!
 

What if Our Organization is Non-Compliant?

 
If your organization is in non-compliance with the PCI-DSS standards, you could be looking for trouble. Non-Compliance will be directed by your Payment Card Agreement (PCA) in force with the credit card company. Additionally, non-Compliance can result in penalties. Fines are imposed ranging from $5,000 to $100,000 per month by the Credit Card companies.
Next Steps
 
Meeting these requirements ensures your compliance. And also protects the company and its client base. Separate yourself from the competition. Give your clients peace of mind with the ability to stand behind PCI Compliant Practices. Contact one of our Risk Advisors to begin taking steps towards PCI DSS compliance and peace of mind.
Claims Management, Cyber Liability Insurance, Loss Control, Risk Management

Cognizant Gets $400 Million Payout After Cyber Attacks

Technology consultant firm Cognizant fell victim to cyber-attacks caused by a ransomware attack last April. The hack disrupted thousands of employees from accessing networks from their home during quarantine. Clients also disallowed Cognizant to use their networks in case of further breach, causing major revenue and clientele loss.

Cognizant losses total $50-$70 million in lost sales, higher premiums, and defense/legal costs. Without cyber insurance however, the losses would be catastrophic.

Cognizant had out extensive money into cyber insurance premiums with multiple carriers. Insurance insider reports this investment turned out to be a good decision as they earned $400 million in cash reserves from their carriers, another huge loss for carriers in the cyber market. Carriers have been hard with higher loss ratios and claims frequency in the cyber market recently.

What is the overarching message? Right now, allocating resources towards cyber protection is no longer recommended but required. Cyber insurance of some form is necessary to protect against ransomware attacks and saving your company millions. However, insurance is not the only resource that needs investment. There is no way to fully protect yourself against cyber attacks with just insurance. We recommend proper employee training, duel-factor password authentication, and data encryption software.

Stay ahead of the curve and protect your company’s invaluable data. Invest properly and do not be afraid to spend a little extra for full protection. The premiums upfront may prove cheaper in the long run.

Still have questions? Contact a risk advisor today at 914-357-8444 or visit our website here.

Cyber Liability Insurance, Loss Control, Risk Management

What is Cyber Insurance and How Does it Work?

What is Cyber Insurance and How Does it Work?

With the vast majority of companies’ sensitive data being online, the vulnerability for data breaches is obvious, especially now that cybercriminals are becoming more tactical and clever with their hacking approach. These factors have played into the upbringing of cyber insurance, where companies can manage their risk by buying policies to cover potential losses from data breaches. However, there are many speed bumps that come with buying cyber insurance. These are the 6 main questions that come with buying cyber insurance.

  • How Do Companies Decide What They Want Covered?

Before companies fill out applications to buy cyber insurance, they first need to find where they need to be covered. To do this, they need to find where their highest risks of data breaches are located and how much they need to be covered in each part. Some companies use the likes of private, experienced network security specialists to figure out where they need to buy insurance.

What Prices do Brokers Charge for Cyber Insurance Premiums?

Usually, there are 3 or 4 main questions insurance companies ask potential insureds before pricing a cyber insurance premium:

First Question: Industry

  • What industry is your company in? Usually, insurers want to know what type of work your company does. This gives a clue to how much data you may be storing and how valuable that information may be. For example, an IT firm may have more quality and valuable information stored in their networks than a trucking company.

Profit

  • How much is your company’s annual revenue? More income from a company attracts more cyber-criminals to their information stored online.
    What kind of data do you have online and where? Insurers want to know where you are storing this data, and on how many different networks. Based on their judgment, the easier it is for cyber-criminals to extract this valuable information and more of it at once, the more the insurance premiums will cost.

Current Systems

  • How much security does your company have installed to protect your sensitive data? What kind of security protocols do you have in place other than insurance to protect your security? How much training do your employees have from professionals to keep phishing scams and ransomware at bay? These types of questions are frequently on insurance applications as the insurers can gauge two things. How seriously a company takes cyber-security? How much are companies willing to put into top-notch cyber-security in terms of people, money, time, and resources?

  • What Type of Claims/Cyber Attacks do Insurers Usually Keep Out of Policies?

Typically, insurance companies will not cover thighs such as preventable security breaches, cyber-attacks due to negligence to maintain proper cybersecurity, an employee mistake with sensitive information, or any attack from an employee within the company. Other than that, there are other policies that may or may not be excluded, it is up to the individual broker for how much, if at all, they want to cover that policy.

  • So if the Company/Insured is Liable for any Breach, they Will Not be Covered?

In some cases, this is true, but not in every situation. An insurer may not cover an employee mishandling sensitive information, but the insurer may cover a simple mistake. This may include losing a device with information on it or losing information due a phishing scam. Every situation is different, and that is why insurers investigate every claim thoroughly. This is especially in cyber security as there may not be any physical evidence.

  • Speaking of Liability, What Constitutes First-party Liability vs. Third-Party Liability?

The difference between the two is who actually loses the data and who is actually responsible for the losses. In first party-liability policy, the insured is covered for any data breach they are liable for within their open company. To make it simple, if a company had their own sensitive information stolen and had a first-party liability policy, they would be covered. This is different from third-party liability, which is coverage for an insured that is liable for the data breach of information kept by another person or company. For example, if an IT company makes their money by creating private networks and software and encryption programs to protect their client’s private information, they may buy third-party liability. In this case, if their client has their data hacked, the IT company is liable. But third-party liability may cover them.

  • Not All Companies Know They’ve Been Hacked Instantly. When do Companies say that Their Coverage for a Specific Claim has Expired?

This is up to the insurers to determine when they feel it is within the proper scope of time after the insureds REALIZED the hack. This is important because it is not when the hack or attack actually occurs, since it may take a small-market company over 200 days to realize their systems are compromised. Insurers go by when the insurers have figured out they had lost sensitive data and information, and the timeline begins on that date. Insurers know that the first thing on companies minds is not to file a claim. Companies want to figure out the exact damages, enforce accountability, and re-secure/change the data security program first. Then, many companies will file a claim within a reasonable time frame. Most insurance brokers say about 6 months before carriers hand down warnings and coverage for that claim expires.

To Conclude

With cyber-attacks increasing significantly in the last 2 years through Ransomware and Business Email Compromises (BEC), having your data not only protected but insured is crucial in today’s modern corporate environment. Hopefully, these tips have helped with the frequently asked questions about the confusing intricacies of cyber insurance.

 

For more information about Cyber Liability Insurance contact a Risk Advisor or call 914-357-8444.

Cyber Liability Insurance, HR Challenges, Risk Management

Password Security for Cyber Protection

Implementing Proper Password Security For Better Cyber Protection

Picture this: it’s the end of the month, and you sit down at your computer to check your bank account balance, there’s only one thing, you forgot your password. What is it again? qwertyuiop1? No, qwertyuiop15? Eh, I’m not sure; I’ll just reset it.

Almost 40% of people deal with issues related to forgotten passwords on a monthly basis (Entrepreneur). This doesn’t only include bank accounts, but with social media and email passwords.

I’m not the only person who struggles to remember all his passwords, and I know I can’t be the only one changing my password every week because I can’t remember if I capitalized the first letter or not. Needless to say, my passwords are lacking in complexity in part because I never realized how risky using a common password can be. Cyber criminals have endless ways to use your private information. Opening fraudulent bank accounts, shopping online, applying for loans, and identity theft are only some of the most common uses of your data. The worst part is, I feel secure after changing my password from Football3! to Football4!. This change is almost completely insignificant to a hacker and most definitely isn’t going to prevent a hacker from getting into one of my accounts.

As a result of my new cyber security paranoia, here are some tips for better password management:

  • Make sure your password is at least 12 characters; it’s better to be safe than sorry. When it comes down to it, adding four characters to your password can be the difference between security and losing your account to cyber criminals.
    • An almost random combo of letters, numbers, and symbols is your best bet for creating a password that hackers will struggle to crack. The longer your password is, the better.
  • Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red House” is also very bad.
    • In other words, stay away from any passwords you think someone else may be using. Think of something original, and don’t use the passwords “123456” or “password.”
  • Another easy way to keep your passwords secure is to keep them private, as in not sharing them with your coworkers, friends, or relatives.
    • Almost 50% of Americans have shared their passwords with another person. A significant part of these shared passwords occurs on streaming sites like Netflix and Hulu. Why is that important you ask? According to the Ponemon Institute, the average person uses the same password for approximately five accounts. Make sure to remember when you’re giving your boy or girlfriend your Netflix password, you may also be giving him or her access to much more.
  • Change your passwords every month if you want to be safe from cyber-attacks. This effort may sound hard to the average person who changes passwords once a year or not at all. But putting the extra time aside to change your passwords is a great way to ensure your cyber security.
  • Multi-factor authentication is a safety method that grants access to an account after presenting two pieces of evidence to an authentication mechanism. By using two-factor authentication, you can protect yourself against almost all cyber attacks; two-factor authentication is one of the most effective ways to combat cyber criminals.
  • Keep your passwords safe and organized by using a password management application; there are plenty of apps that offer free password help. If you’re old fashioned, write passwords in a notebook and keep them in a secure location. Write dates next to your passwords to help you keep track of when to change them.

Final Thoughts

People as a whole have too many passwords: and what comes of all of them? Serious fatigue, to the point where resetting our passwords, is easier than remembering them. But you have to be careful in resetting your password, though it may make you feel safer to change your password every month or two, this still allows hackers a long period of time to get into your account if they’ve already targeted your account. The most important step to having proper password security is making the password long, with almost random strings of letters, numbers, and symbols.

As a result, people like me do dumb things, creating a few password variations to help an untenable situation. Or we do even dumber things, like use passwords such as “password” or “123456.” Or we create a “base” password and add a variation for each site. We know it’s stupid, but we’re driven to these solutions because we are lazy/our memories can’t remember all those passwords. So do yourself a favor and follow those tips to increase your password security.

 

If you have any further questions, contact a Risk Advisor or call 914-357-8444 today!

Cyber Liability Insurance, Risk Management

Buying Cyber Insurance Does Not Protect Your Organization From Cybercriminals

Buying Cyber Insurance Does Not Protect Your Organization From Hackers

 

Understand that purchasing Cyber Insurance does not protect your organization from hacking. It simply finances pieces of the loss. A recent report by cybersecurity company Barracuda reported that Google-branded Spear Phishing attacks are up significantly since the start of 2020. These attacks only accounted for 4% of the total cyber attacks in 2020 so far. Barracuda reported over 100,000 form based attacks since Jan 1. 2020, 65% of them were branded to look like a Google form. These Google-branded attacks are significantly more prevalent than other branded competitor attacks.  Microsoft was the 2nd most impersonated account at 13% of the total spear-phishing attacks (1)

 

With 43% of all cyberattacks targeting small businesses (2), and the attacks increasing by 73% since the pandemic we encourage your company to build out a cybersecurity plan. At Metropolitan Risk we called our initiative “Operation Lockdown”  after we read a Wall Street Journal article on how cybercriminals are increasingly attacking small businesses and holding their work files for ransom. Cybercriminals understand that many small and medium-sized businesses haven’t the focus, the budgets, and the staffing to defend against these cyber attacks. They are in effect low hanging fruit and easy prey. 

How is your Company Vulnerable?

Further many businesses now are even more vulnerable due to the recent mobilization of the workforce from the physical office. This is because home networks aren’t secure, the data doesn’t sit behind a firewall or is not encrypted like in the office.  While newly remote employees were struggling to create routines, employers focusing on this new shift in workflows, cybercriminals know the back door is unlocked.

 

Here are two really important concepts to understand assuming we have your rapt attention with respect to the soft underbelly of your org. Understand that locking down your company from a cyberattack doesn’t guarantee that you won’t be hacked and won’t suffer damage. What it does do is significantly lower the probability that such an attack will be successful or cause much damage. A friend of my Nick Lagalante from Tenable Cyber Security explains it this way. “Your goal is not to outrun the bear, your goal should be to outrun the slowest runners”. In essence, by making it more difficult to penetrate your systems and employees, cybercriminals should in effect move on quickly. 

 

Here’s the second big picture item to understand; Cyber Insurance is NOT cyber risk management. Cyber insurance functions as a way to finance the loss you incurred from the hack. It’s a safety net when plan A (Operation Lockdown) fails. Cyber Insurance should NEVER BE PLAN A. Here’s more good news. If you’ve been hacked, the chances of you being hacked again are exponentially higher. Insurance carriers know this which is why the Cyber Insurance policies increase significantly in cost once you have been hacked as the carriers’ exposure to loss increases if they decide to insure you! 

Learn More: Conducting An Organization-Wide Phishing Test

This is why we built this case study on how at Metropolitan Risk took this challenge on for ourselves. It’s not the holy grail of cybersecurity prevention, and we don’t want to lead you to believe it is. What our case study does do is make you a bit faster than most of your competitors who will suffer a hack and the corresponding costs that go with it. At Metropolitan Risk our goal is to keep you cost-efficient and cost consistent. When you read our Case Study it gives you an idea of how to organize the challenge, and address each item incrementally. 

 

The last point, this is a big one. You don’t have to figure all this out on your own. As a reminder, we built a full-on Cyber Assessment built for small to medium-sized businesses that assess your current systems, protocols, and security measures. Upon completion, you get a report that gives you a green light for things you have done well, yellow for items that need to be tweaked, and red for let’s jump on this ASAP. 

 

Then we suggest we get you a really solid cyber insurance policy as a Plan B just in case. Our cyber polices are 25% less expensive IF you execute our assessment and tackle the items in red. 

 

How do you eat an Elephant? Piece by piece. CLICK HERE to take the Cyber Assessment.