Tag Archives: Cyber Liability

Being liable for the loss of sensitive cyber information.

Cyber Liability Insurance

Risk of a Common Password and Ways to Avoid it (Infographic Inside)

Using a common password leaves your organization at risk for cybercriminals to attack your account. Let’s add password protection as a major component in your organization’s cybersecurity plan.  The risk of a common password is tremendous, and you should avoid having one at all costs.


Did you know:

  • 4.7% of users have the password password;
  • 8.5% use as their password : password or 123456;
  • 9.8% use as their password : password, 123456 or 12345678;
  • 14% have a password from the top 10 passwords used.
  • 40% have a password from the top 100 passwords used.
  • 79% have a password from the top 500 passwords used.
  • 91% have a password from the top 1000 passwords used.

 

What does this tell you? Think twice before you make “abcdef” your next password. According to a study from SecurityCoverage Inc., if a password contains just six lowercase letters, especially if it’s a common word or combination, a cyber-thief can figure it out in 10 minutes!

However making a six-character password that has numbers AND symbols boosts complexity enough that a skilled hacker would need 16 days to break it, the study found. A task that is most likely not worth doing for that hacker.

Some sites now require a password with at least 1 uppercase letter, one number. and maybe a symbol as well. This is a step in the right direction even if it makes remembering your password just a little tougher. A simple and easy to remember example of this would be “Money17$.”

The real security of course comes from those dreaded passwords that are generated for you. They contain a longer password, of at least 8 characters, with a random order of letters, numbers, and symbols. These are nearly impossible to remember. However, an eight-character password with random letters, numbers, and symbols will take 463 years to break according to the same study. Nine random characters will take a whopping 44,530 years.

“People are careless because they don’t understand the threat said Ed Barrett, VP of marketing for SecurityCoverage.” LinkedIn was compromised in June and had 6.5 million passwords leaked. Yahoo had 6 million passwords stolen as well.

Another important consideration, don’t use the “show typing function” as you type your passwords. Many hackers don’t bother hacking at all but rather infect your employees’ computers with a virus that shows their keystrokes, thus the passwords.

The fact is you can either use strong complex passwords and have trouble remembering them or use simple, weak passwords and suffer from the risk of being hacked. We are not recommending a password of “nif$g*u3ng64dsf7” like a security expert would love as we understand the frustrations and hassle of remembering 20 passwords. We are advising that the next time you make a new password, especially for an important account, that you add some complexity to it. Go back to your most important accounts, like your bank account, and add a few numbers. It will greatly help in reducing your risk.

For a FREE comprehensive Cybersecurity evaluation, CLICK HERE.

Cyber Liability Insurance, HR Challenges, Risk Management

Cybercriminals Are Targeting HR Depts. With This Resume Scheme

Trojan malware attacks are resurfacing since businesses are starting to return to work embracing a new normal in a post-COVID-19 world. Organizations have started to resume their hiring practices by posting job opportunities on their website, across job boards, and on LinkedIn to reach as many potential candidates as possible.

Some of these businesses are streamlining their hiring process by requesting that resumes are directly emailed to their HR department. Streamlining this process is creating new exposures in cybersecurity due to a cybercriminal’s ability to socially engineer the situation. 

 

 

Cybercriminals are sending emails with attachments posing as resumes to HR departments. The premise of these attacks is a modern-day Trojan Horse.  A threat posing as a harmless gift. Trojan malware is not a new cyberattack, but it is one of the most unsuspecting. 

If your HR Department fields dozens of resumes a day, there is a significant chance that one of the resumes they open could contain malware. If the file does contain malware, your organization could be allowing keylogging software or ransomware onto your server to attack unencrypted files. 

Without the HR department’s knowledge, a cybercriminal can attach a malicious file to an email that mirrors any other job seekers’ resume. The cyberattack can download ransomware or keylogging software onto the HR department’s computer or infect the entire network. 

 

Ways to Avoid A Potential Trojan Malware In Your inbox.

 

  1. Avoid Resumes sent as Word documents. Have job candidates submit their resumes as plain text within an email or as a PDF. Word Documents are the 2nd most likely file type to contain malware. ZIP and program files are the most likely. 
  2. Do not click social media links embedded into the email. If an applicant shares a link to their social media accounts, don’t click the link. Type out the full URL to ensure the social media account exists. Or search the social media website for the user name your applicant has given you.
  3. Use a recruiter. Working with a trusted recruiter is one way to reduce the number of random emails with attachments that end up in your HR department’s inbox. A trusted recruiter will share only the resumes that are the best fit for your organization.
  4. Have resumes submitted as plain text files instead of as an attachment. If you’re using a web form, have applicants upload their resume as plain text right into a response box instead of having applicants attach a document to an email or upload a document.
  5. Have applicants fax or mail their resumes. Paper wins against malware every time. Submitting a resume through Fax or the regular mail, this ensures there is no way that the submitted resume can contain malware.

These are a few ways to negate the risk of Trojan malware attacking your organization. For more information on how to protect your organization from cyber risks Contact a Risk Advisor at 914-357-8444.

Source Article: Hackers  Targeting Employers- Forbes

 

 

Claims Management, Cyber Liability Insurance, Loss Control, Risk Management

Cognizant Gets $400 Million Payout After Cyber Attacks

Technology consultant firm Cognizant fell victim to cyber-attacks caused by a ransomware attack last April. The hack disrupted thousands of employees from accessing networks from their home during quarantine. Clients also disallowed Cognizant to use their networks in case of further breach, causing major revenue and clientele loss.

Cognizant losses total $50-$70 million in lost sales, higher premiums, and defense/legal costs. Without cyber insurance however, the losses would be catastrophic.

Cognizant had out extensive money into cyber insurance premiums with multiple carriers. Insurance insider reports this investment turned out to be a good decision as they earned $400 million in cash reserves from their carriers, another huge loss for carriers in the cyber market. Carriers have been hard with higher loss ratios and claims frequency in the cyber market recently.

What is the overarching message? Right now, allocating resources towards cyber protection is no longer recommended but required. Cyber insurance of some form is necessary to protect against ransomware attacks and saving your company millions. However, insurance is not the only resource that needs investment. There is no way to fully protect yourself against cyber attacks with just insurance. We recommend proper employee training, duel-factor password authentication, and data encryption software.

Stay ahead of the curve and protect your company’s invaluable data. Invest properly and do not be afraid to spend a little extra for full protection. The premiums upfront may prove cheaper in the long run.

Still have questions? Contact a risk advisor today at 914-357-8444 or visit our website here.

Cyber Liability Insurance, Risk Management

Buying Cyber Insurance Does Not Protect Your Organization From Cybercriminals

Buying Cyber Insurance Does Not Protect Your Organization From Hackers

 

Understand that purchasing Cyber Insurance does not protect your organization from hacking. It simply finances pieces of the loss. A recent report by cybersecurity company Barracuda reported that Google-branded Spear Phishing attacks are up significantly since the start of 2020. These attacks only accounted for 4% of the total cyber attacks in 2020 so far. Barracuda reported over 100,000 form based attacks since Jan 1. 2020, 65% of them were branded to look like a Google form. These Google-branded attacks are significantly more prevalent than other branded competitor attacks.  Microsoft was the 2nd most impersonated account at 13% of the total spear-phishing attacks (1)

 

With 43% of all cyberattacks targeting small businesses (2), and the attacks increasing by 73% since the pandemic we encourage your company to build out a cybersecurity plan. At Metropolitan Risk we called our initiative “Operation Lockdown”  after we read a Wall Street Journal article on how cybercriminals are increasingly attacking small businesses and holding their work files for ransom. Cybercriminals understand that many small and medium-sized businesses haven’t the focus, the budgets, and the staffing to defend against these cyber attacks. They are in effect low hanging fruit and easy prey. 

How is your Company Vulnerable?

Further many businesses now are even more vulnerable due to the recent mobilization of the workforce from the physical office. This is because home networks aren’t secure, the data doesn’t sit behind a firewall or is not encrypted like in the office.  While newly remote employees were struggling to create routines, employers focusing on this new shift in workflows, cybercriminals know the back door is unlocked.

 

Here are two really important concepts to understand assuming we have your rapt attention with respect to the soft underbelly of your org. Understand that locking down your company from a cyberattack doesn’t guarantee that you won’t be hacked and won’t suffer damage. What it does do is significantly lower the probability that such an attack will be successful or cause much damage. A friend of my Nick Lagalante from Tenable Cyber Security explains it this way. “Your goal is not to outrun the bear, your goal should be to outrun the slowest runners”. In essence, by making it more difficult to penetrate your systems and employees, cybercriminals should in effect move on quickly. 

 

Here’s the second big picture item to understand; Cyber Insurance is NOT cyber risk management. Cyber insurance functions as a way to finance the loss you incurred from the hack. It’s a safety net when plan A (Operation Lockdown) fails. Cyber Insurance should NEVER BE PLAN A. Here’s more good news. If you’ve been hacked, the chances of you being hacked again are exponentially higher. Insurance carriers know this which is why the Cyber Insurance policies increase significantly in cost once you have been hacked as the carriers’ exposure to loss increases if they decide to insure you! 

Learn More: Conducting An Organization-Wide Phishing Test

This is why we built this case study on how at Metropolitan Risk took this challenge on for ourselves. It’s not the holy grail of cybersecurity prevention, and we don’t want to lead you to believe it is. What our case study does do is make you a bit faster than most of your competitors who will suffer a hack and the corresponding costs that go with it. At Metropolitan Risk our goal is to keep you cost-efficient and cost consistent. When you read our Case Study it gives you an idea of how to organize the challenge, and address each item incrementally. 

 

The last point, this is a big one. You don’t have to figure all this out on your own. As a reminder, we built a full-on Cyber Assessment built for small to medium-sized businesses that assess your current systems, protocols, and security measures. Upon completion, you get a report that gives you a green light for things you have done well, yellow for items that need to be tweaked, and red for let’s jump on this ASAP. 

 

Then we suggest we get you a really solid cyber insurance policy as a Plan B just in case. Our cyber polices are 25% less expensive IF you execute our assessment and tackle the items in red. 

 

How do you eat an Elephant? Piece by piece. CLICK HERE to take the Cyber Assessment. 

 

General Liability Insurance, Other

Conducting An Organization Wide Phishing Test

Remote operation of your business means that protections your office building had, your employees’ homes may not. Cybercriminals are taking advantage of this situation by phishing out your employees’ data. Take the time to educate your employees on cyber safety. This safety training needs to expand beyond just email safety but also include cyber safety within the office. 

How To Conduct An Organization-Wide Phishing Test: 

Notify and train your employees on what phishing is:

If you don’t notify your employees how are they going to know what is going on? Let your employees know that you will be conducting an organization-wide phishing test. Teach your employees about the risks of phishing and how they can be better at recognizing the signs and stuff. 

Employees need to know that phishing is more than a link asking for login credentials. Phishing scams can an email sent company-wide from an unknown sender containing an attachment that is actually malware. 94% of malware was delivered via email in 2018. 

During this initial training session, define your organization’s cybersecurity expectations. Your employees can’t read your mind. Communication from management and the IT staff can help with educating your employees on cybersecurity best practices. 

 

READ MORE: Phishing Attacks Can Jeopardize A Business Of Any Size

 

Engage all relevant departments and managers on why phishing is a threat to your organization

Work closely among staff members such as managers, HR, and IT to develop and engage an organization-wide cybersecurity plan. If customer service is leaving the door open at the end of the day, your engineering department might be at risk for a cyber attack. 

Create an alias email account for your employees to report potential phishing scams.

An alias email allows for your organization to streamline your phishing reporting. The alias email address can be as simple as “Phishing@yourcompanysite.com”. This email address can redirect to the IT department or whoever is in charge of the network. 

This email address will allow your employees to forward the scam email right to an internal IT log specific for Phishing instead of going to the IT team and getting lost among other technical issues like website problems or a lost password. 

READ MORE: What You Can Do To Protect Your Business From Cyber Security Threats

 

Plan your phishing test

Plan to test your entire organization to see if there are any weak links in your cybersecurity. This means including senior management in your phishing test. To plan your phishing test, you can hire a 3rd party contractor to run the test and then measure things like link clicks,  which employees leaked information, the number of employees who reported a phishing email. 

 

 

 

Analyze important key metrics  

After running a phishing test, work with IT staff members and team managers to analyze key metrics. 

Key Metrics to keep track: 

  • The number of employees who click the link in the testing email
  • Number of employees who download a file from the unknown email address
  • The number of employees who report a phishing email to your IT staff or their manager. 

Take Action With Employees Who Failed The Test

Is there a portion of your staff who have continuously failed cybersecurity tests? Sit down with HR and IT to see what measures you can take to further educate and protect your business.  Work with HR to develop a plan for employee failure on every level. A breach in security is not a joke, but a high-level employee releasing admin information is a more serious offense than a low-level employee who only has access to email. 

Provide Your Entire Organization With Additional Information on Cybersecurity 

All of your employees can benefit from additional information on cybersecurity. Educate your employees on best practices to keep both business information and private information safe from hackers. This can include resources on different types of anti-viral software, best practices for end of day 

 

READ MORE: Ransomware is Evolving: Has Your Business Interruption Coverage? 


Retest Your Organization 

Test, test, and then test again to make that your organization understands what is at risk with their unsafe digital activity. Every 6-months to 1 year, a random phishing test should be sent out throughout your organization. This consistent retesting keeps employees on their toes and helps employers determine which employees may be at risk of falling prey to an outside phishing attempt. 

 

 

Still want more info on how your organization can better protect itself from cybercriminals? Contact one of our risk advisors at 914-357-8444. 

Resources

2019 Data Breach Investigation Report by Verizon

 

Claims Management, Cyber Liability Insurance, Loss Control, Practice Groups, Risk Management

Disturbing Hacking Trends

Security experts commonly say that there are only two types of companies these days. There’s companies that have been hacked, and those that don’t yet know that they’ve been hacked. Here are some important hacking trends given by a statistical study.

Verizon’s 2020 Data Breach Investigations Report counted 3,950 CONFIRMED data breaches last year in addition to more than 32,000 “security incidents.”

Victims spanned a wide range of 16 industries with these 4 having the largest number of cases:

  • Professional Services – 7,500 incidents, 325 breaches
  • Public Administration – 6,850 incidents, 350 breaches
  • Information – 5,500 incidents, 360 breaches
  • Financial/Insurance – 1,500 incidents, 450 breaches

*Totals slightly off due to rounding

 

Any business that operates online is at potential risk of suffering a data breach. Doesn’t matter how small your business is either.

According to Verizon’s report more than 3 out of 4 breaches are done by profit-minded criminals for financial gain. 

Other alarming stats:

  • Only 30% of data breaches were the work of insiders.
  • 86% of data breaches occur due to financial profit of hackers
  • Also, 58% of victims had personal information compromised
  • In 17% Verizon said the attackers installed malicious software on the victim’s systems, whereas the more common tools are spear phishing, ransomware, or business email compromise.
  • In 22 percent of breaches, the attackers leveraged social tactics, such as spear phishing, in which a tailored e-mail to the victim purports to come from a friend or business contact. The e-mails contain malicious links or attachments that, when clicked, give the attacker a foothold in the victim’s computer network. See below image for an example of what NOT to click.

Photo from Wikimedia Commons

The good news? The Verizon report highlighted the lag between the breach and the time of breach realization. This year, companies and external third-party software experts were able to improve that time. 81% of the time, it takes only days to contain a breach. Compare this to years past, where it is months, maybe even a year. In previous yearly reports, Verizon sates things like “The compromise-to-discovery timeline continues to show in months and even years, as opposed to hours and days.” No longer is this trend true. Don’t be another cog in one of the larger hacking trends currently ongoing. Click the link below or call 914-357-8444 today.

Click here for advice on preventing hacking theft or if you are still interested in a crime policy to protect your assets.

Cyber Liability Insurance, Line of Insurance, Loss Control, Practice Groups, Risk Management

Business Interruption and Ransomware

Ransomware is a type of malware designed to deny access to a person’s computer unless they pay the hacker ransom. The NY Times reports that these attacks have grown over the past year with a 41 percent increase in 2019. Ransomware attacks are a growing problem, not only in the severity of the attack but the duration of time an organization is under attack. Also, the time lost from the point of the attack to the backup security.

 

Cybercrime continues to evolve with the changes in technology. Ransomware attacks have always targeted organizations with lax cybersecurity. Today cyber criminals can embed ransomware onto an organization’s server or website and the ransomware can lay dormant on a machine/server for months while collecting data on the organization.  

 

Business owners should take the time to understand their coverage in their business interruption policies. Since ransomware attacks are becoming easier for cybercriminals to execute, business owners should look into fortifying their digital assets and make sure that they have Business Interruption Coverage in the event their business is attacked. It is scary to think that nothing can be done when faced with a cyberattack, but being prepared for the potential loss revenue/income during downtime due to an attack is just as important as preemptively assessing what cybersecurity measures your organization has in place. 

 

Business Interruption Coverage

Business interruption coverage is only going to help your organization regain some of the financial loss that will occur with a security breach. It is a response to an incident that has occurred, not a proactive approach to stopping a breach from occurring.  Without business interruption coverage your organization would not be able to report a claim to help rebuild your business’s lost data. Business interruption insurance covers any income lost due to a disaster, in this case, a disaster would be a ransomware attack or any other type of cyber attack. 

A Proactive Approach

Recognizing weak spots in your organization’s cybersecurity is one way to proactively protect your organization from cyber-attacks. Digital has become the new normal. Taking a few extra steps will protect your business assets and save your organization by avoiding a cyber-attack. A few things for your organization to consider are:

  • Select trusted and reputable telecommunication & telework software for your organization. With more organizations moving to remote work, there has been an uptick in fake telework companies.
  • Keep an eye out for Business Email Compromise (BEC). This type of compromise can be associated with fake new clients & phishing schemes targeting your employee’s personal data like business logins and banking information.
  • Use multi-factor authentication when accessing organization sites, resources and files. We previously released an article with our suggestions to prevent SIM-Hacking. Click here to read the guide and learn more about multi-factor authentification.
  • Ensure all computers & mobile devices have up to date antivirus software installed. Keep all software up to date, including website plugins, browsers, and document readers.
  • Don’t open attachments or click links within emails received from unknown senders.

 

Cybersecurity Measures To Take

Another thing an organization does is make sure your employees have the training to recognize ways that criminals attack. Ransomware doesn’t just end up on a server. They place it there through downloaded files or phishing websites.

Train your employees to recognize the signs of a phishing attack. Regularly schedule phishing tests to test whether your employees are practicing safe internet behavior. 

 

Still have questions? Still want more info? Take the proactive approach and contact a risk advisor or call 914-357-8444 to discuss how your organization can protect itself from a ransomware attack and ensure that your organization has business interruption coverage to protect yourself if an attack occurs. 

Cyber Liability Insurance

Phishing Attacks: Know the Signs!

Beware of Phishing!!!

Hackers will start with low-level employees first, making their way to executives’ accounts.

Hackers are constantly trying to find ways to hack into company accounts. They start off by sending trust-worthy emails to their employees, directing them to a scam website where they ask for them to input their username or password. Once the hacker is able to access the employee’s account, they are able to move towards sending phishing emails to higher-positioned employees, which can potentially compromise the company. 

With this access, they are able to leverage the company’s domain and send emails to others. Scammers compile phishing attacks by jeopardizing small, vulnerable businesses and compromising their trust with business partners that they work with. 

 

In phishing, it’s all about gaining the trust of the recipient, so that they click on it. 

 

There is another phishing scheme that resurfaced called “typosquatting”, or URL hijacking. With this, attackers buy domains that are slightly misspelled of popular websites, like goggle.com or yuube.com. “Spear phishers”, another term for hackers, can sometimes put in various amounts of effort into targeting a specific person. Hackers try a number of different things like creating multiple misleading webpages/websites, create fake social media pages, or fake personal blogs to trick their targets. They create these fake sites that mimic the login screens of trusted services, to get information like email addresses & passwords. 

Sophisticated hackers are willing to sell their services to specific organizations, individuals, or nation-state entities who want to steal information from someone. Some phishing providers offer networks of bots that produce fake websites, while others sell phishing toolkits to clients. 

 

Signs you’ve received phishing emails and how to Spread Awareness:

Check the Web address! Just because the address looks OK, don’t assume you’re on a legitimate site. Look in your browser’s URL bar for these signs that you may be on a phishing site: 

  • Always confirm the sender’s email. Sometimes the sender email will look legitimate until you actually click on it. When clicking on the email, you will see if the sender is actually coming from the website stated as shown. 
  • Incorrect company name. Often the web address of a phishing site looks correct but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look for tricks such as substituting the number “1” for the letter “l” in a Web address (for example, www.paypa1.com instead of www.paypal.com).
  • “http://” vs. “https://”  at the start of the address on Yahoo sign-in pages. A legitimate Yahoo sign-in page address starts with “https://” ― the letter “s” must be included. So check the website address for any Yahoo sign-in page.
  • Be leery of pop-ups. Be careful if you’re sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.
  • Give a fake password. If you are not sure if a site is authentic, don’t use your real password to sign in. If you enter a fake password and appear to sign in, you’re likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because the website rejected your fake password, don’t assume the site as legitimate.
  • Use a Web browser with anti-phishing detection. Internet Explorer, Google Chrome, & Web browsers other have free add-ons (or “plug-ins”) that can help you detect phishing sites.

 

For more information about Phishing & preventing a cyber-attack contact a Risk Advisor or call (914)-357-8444

 

Other

Losing Your Identity Through Your Phone Number: How SIM-Swapping Attacks Can Leave You Vulnerable

SIM-swapping is the latest way cybercriminals & hackers are performing attacks on your cell phone.  Could you be next?

Picture this: It’s Friday and you just got paid. You go to the ATM to withdraw $100 for the weekend. The message on the screen says your account is overdrawn and no funds are available. You march into the bank to discuss what must be an obvious error. This is only to find out that all your money has disappeared from your account. How did this happen? Your cell phone was hacked, cell account stolen & your bank account passwords reset which was how they swept your bank account. SIM Swapping is very real and very effective. Here’s how it goes down. 

What is SIM-swapping?

The term SIM swap refers to the tiny “chip” that your cell phone uses to store your number and account information. This may include pictures, texts, emails, contacts, apps, etc, usually located on the inside of your phone.

SIM-Swapping is a relatively new attack where criminals steal a victim’s telephone number. They have figured out that your most important accounts, like bank accounts, are using two-factor identification when resetting your passwords. From identifying your cell-phone number they are able to find out any personal information about you. SIM swappers use the “Forgot my password” tool for online services with the intent to take over your online accounts. Within minutes of access into your accounts, these hackers are able to look through old email messages looking for access to financial accounts. These include not only financial accounts but cryptocurrency accounts, social media, bank accounts, and even IRAs. Investigators have also seen SIM swapping used to compile photos for money and blackmail, resulting in an awful violation of privacy.

 

“You want to protect your accounts from being able to reset simply because somebody has your phone number.” -Mr. Selby, NYPD

 

Once inside your accounts, these criminals change your passwords to your most important accounts & lock you out. They switch your security settings so that your accounts can’t be reset when you’re finally able to recover your phone number. These criminals use an app called “Authenticator” designed by Google. You can still get locked out of your accounts through this app, even if you’ve recovered your phone number. 

The law-enforcement task force, Investigators with the Regional Enforcement Allied Computer Team, stated they know more than 3,000 victims, accounting for $70 million in losses nationwide. Worse is the rate at which this technique is growing because it’s so powerfully effective in stealing your identity. 

 

“ If the richest man in the world had his cell phone hacked, where does that leave the rest of us?” Charlie Warzel – NY TIMES

 

WAYS TO PROTECT YOURSELF

FROM SIM CARDS HACKS : 

    1. Do not post online that you are leaving for vacation, to avoid calling attention to an empty house filled with valuables. Social media not only presents an opportunity for criminals; it provides them with more personal details about you, which allows them to create the mosaic they can use to impersonate you.
    2. Call your cell phone carrier and ask to add a passcode on your phone account. Make sure to remember your passcode! 
    3. Try the “Forgot my password” option on your most important accounts and see what the process is for that.
    4. Get a password manager to store all of your passwords. CLICK HERE for Best Password Managers from CNET.  If you want extra security protection, use applications such as Yubikey or Google Titan, which allow for one-time passwords and two-factor authentication.
    5. Turn off SMS authentication. For Android Phones CLICK HERE. For Apple Phones CLICK HERE. Make sure to remember your passwords if you do this, as sometimes you may not be able to recover your accounts
    6. People hired to help you, like accountants and lawyers, can innocently provide a way into your financial life, especially if THEY are hacked. The best that people can do is verify everything through basic human interaction that will slow and eventually stop hackers.

 

 If you’re interested in reading the whole article on SIM-swapping, click this link here.

 

For more information contact a Metropolitan Risk Risk Advisor or call 914-357-8444.