Tag Archives: Hack

A hack is when someone gains unauthorized consent to sensitive data.

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Why Passphrases are the Future of Logins

Every so often, whether it be for a company software program like MOZ, a school database like blackboard, or even a personal social media account on twitter, you get one of the two ominous messages.

The Unwanted Messages

You get the “time to reset your password” right after you slowly got used to your new password. Now you have to create a new password that’s memorable but is also hard to crack. Yes, it is a measure of security and caution from the website that is admirable. It is a pain at best for the user.

Then there’s the other message: “oops, you forgot your password too many times. Let’s reset it!” This one is arguably worse because of two things. One, you have to create a whole new password just like the mandatory reset times. But, you have to make it easier to remember than your last one, since you just forgot it. That makes hacking for these passwords so easy.

Where we are with Passwords

While there are some awesome dual-factor authentication apps and tricks as well as new biometric security measures, hacking password details could not be easier right now. Soon, we’ll be strictly using biometric passwords like eye scanning and finger pad touch. Or just using dual-factor using an app like duomobile. But for now, passwords are becoming ever so easy to hack for cyber criminals. They have more advanced technology that can run dictionary hacks and algorithm checks at 1,000,000,000 searches a second. And the only thing standing between your account with credit card info and their supercomputer is the password “qwerty12345.” All jokes aside, that password is extremely common, and there’s simpler derivatives of that password that make the 25 most common passwords of 2020.

Passphrases

While waiting for that futuristic physical password technology, allow me to introduce you to a better password type: pass-phrases. Pass-phrases are exactly what it sounds like. It’s not a word with numbers and symbols, it is a whole phrase that may include further numbers and symbols. While some say it is only a small step of improvement over passwords, let me tell you why they are much more protected.

Benefits of Passphrases

First, the guideline check is simple. They’re just as protected against password guidelines on the vast majority of sites. They are also supported by many sites as well, meaning you will be able to use these wherever you can use your normal pass-word.

They’re more secure. It’s that simple. The more characters and difference in the change of characters, the better. As in, if your password is football10!, that is a password a hacker can crack manually, it’s so straightforward. Now imagine it being “Mile High Miracle 512!” That’s 21 characters compared to 11, which makes the computers check for 10 factorial more possibilities. Simply, that means “football10!” Is a mid-sized fish in a river, “Mile High Miracle 512!” Is a krill in the Pacific.

Example of good Passphrases

Also, football is too simple, and there’s no change after football. Being as specific as possible is best. Take Mile High Miracle 512! Mile High Miracle is a nickname for a specific famous game that my favorite team, the Baltimore Ravens won (it’s a reference to them beating the Denver Broncos in Denver). Next, the 512 part. The game is mostly famous because of one play. The Baltimore quarterback, number 5, threw a last-gasp touchdown to Baltimore wide receiver number 12, to tie the game. 512 is incredibly more random than 10, yet feels more memorable. See how easy that was?

Concluding Thoughts

My point is that passphrases are easier to remember than those one word and 2 number passwords. Especially if they’re close to your heart and mean something. That could mean a song lyric/title/album, or a movie phrase, or a famous sports moment. So if you are a big music fan, next time you are resetting your Chase account, take a minute before you rush to put “RockFan12345.” Think about passphrases, and try something more along the lines of “St41rway 2 Heav3n” instead. Trust me, the time it’ll take to remember which e becomes a 3 is the difference between a bank account compromise and having your financial records safe.

Still confused? Want to learn more about passphrase protection? Or just about cyber security in general? Contact a risk advisor today at 914-357-8444 or visit our website here.

Construction Practice Group Content, Cyber Liability Insurance, Food & Beverage Practice Group Content, General Liability Insurance, Human Services Practice Group Content, Line of Insurance, Loss Control, Practice Groups, Risk Management, Transportation Practice Group Content

The 21st Century Solution for Business Protection: Cyber insurance

Ordering a pizza, listening to music, getting a mortgage. All are examples of normal activities that have adapted with the emergence of computers. It is no wonder that insurance has also taken part in this advancement into the new era. However, this new, innovative idea that combines insurance with computers holds a name that the average person may find overwhelming and hard to understand: cyber insurance. On the surface, cyber insurance is very similar to most other insurance. Carriers take on your risk for a price in order to limit your losses in a case regarding cyberspace. However, since this is new, there are a lot of questions about coverage and how to purchase a plan.

Cyber Policies

Cyber attacks can cripple a company as so much of a business is done through computers these days. For that reason, it is imperative that companies become acquainted with cyber insurance, as it will  cover against these devastating hits. Cyber insurance mitigates the risk involved with doing online business which allows for companies to take part in a new growth area while still being protected against the heightened risks involved with doing business online. It is also important to understand what each policy covers as there are some pretty complex rules that carriers follow when determining their exposure to certain events.

With a whole new category of insurance in place, it is important for businesses to understand what exactly is incorporated into their cost of insurance premiums, so they can take the resulting steps to reduce these costs as much as possible. A few factors that affect a cyber insurance premium are annual revenue, industry, and network security. So although cyber insurance will be an additional cost incurred for a company, there are ways to reduce this cost while still reaping the benefits of diminished risk surrounding cyberspace. Even with this additional cost, it still makes sense to take advantage of this new insurance. Hacking can disrupt business dramatically while causing costs to skyrockets and the company’s reputation to plummet.

FAQs

What needs to be covered?

It is important to understand what the biggest risk areas are. After determining the largest risk areas based on potential reputation damage, restoration costs, and reimbursement from regulatory fines, it would be logical to cover as much as possible starting with the largest risk areas.

What are the different types of cyber liability insurance?

Cyber liability insurance falls into two main categories: first-party and third-party. First-party insurance covers the holder’s direct losses from cyberattacks while third-party insurance covers companies that allowed a client network to experience a data breach. Some things that first-party insurance would cover include data theft, compensation for lost income, costs of notifying customers, and the cost of repairing a company’s reputation. An example of third-party coverage would be the following. A company made a website for another company and hacker took over the website. The creating company might receive legal fees and compensation for settlements or damages in court cases.

Exclusions of cyber incidents from coverage?

There are a few issues that most providers don’t include in coverage. Some of these include cyber issues resulting from failure to maintain a minimum level of cybersecurity, the careless mishandling of sensitive information, and malicious acts by employees. All of these examples should be avoidable through careful management and decision making.

In the case that it’s the company’s fault, do insurers still pay?

The short answer is that it depends on the situation and policy. Depending on what the coverage agreement is, insurers may still cover issues that are the company’s fault.

How long does a company have to report the breach?

Insurance companies like for companies to report the breach when practical. They understand it might take time as a company’s first priority may be to fix the problem. They also know they may need to provide clarity to all affected. However, the insurance company might become concerned if the issue is reported a long time after it is discovered as that might come off as fishy and affect the settlement deal.

Pricing of cyber insurance?

The main factor in pricing cyber insurance is the company’s annual revenue, as more revenue correlates to higher risk exposure. In addition to revenue, insurance companies also look at industry type. It is important how much network security there is in order to price insurance premiums.

For more information book time with
Risk Advisors or call 914-357-8444