Personal Cyber-Security Planning Guide
This article was first published on IRMI.com and is reproduced with permission. Copyright 2018, International Risk Management Institute, Inc.
By Kurt Thoennessen, CAPI
Everyone wants to feel safe and secure when they are at home with their doors locked and the alarm system activated. They want to know they are protected from danger.
Today, the Internet has added another dimension to the world of individual safety and security. It has taken us from the physical world, where fire, flood, and earthquakes are the typical causes of catastrophic damage, into the digital world where identity theft, ransomware, and computer viruses have the potential to be just as destructive.
It is no longer sufficient to simply lock your doors and turn on the alarm system. Today, your personal information is at risk from criminals who can attack at any time. This means your information needs to be protected, locked up, and alarmed; just like your home.
This article will help you:
- Assess your cyber risk level
- Understand the different types of cyber risks
- Learn practical strategies to improve your security while online
- Discover software solutions and services to assist you with loss prevention and post-loss response
- Understand the cyber insurance coverages available today
What is Your Risk Level?
Cybercrime is a massive problem. According to Steve Langan, chief executive at Hiscox Insurance, over $450 billion in global economic losses was recorded in 20161. The Equifax data breach of 2017 exposed over 147 million social security numbers and there were over 1,500 other recorded breaches in 20172. Everyone has the potential of being a victim of cybercrime, but there are factors that can cause your risk level to increase.
Some of those factors are:
- Your level of wealth
- The number of connected devices you have in your home
- Your level of fame/celebrity
- If you have domestic employees
- The number of trades you make per year in the stock market
- If you run a business out of your home
The more risk factors you have, the higher your level of risk is, and the more you should consider taking action to protect yourself. Once you have an understanding of your risk level, you can determine the actions you need to take to mitigate your risk of becoming a victim of cybercrime. A self-assessment is a good start, but having a cyber security professional work with you is a viable option as well.
Cyber Risk Overview
The average household today has 10 to 20 Internet enabled devices in their home3. Laptops, smartphones, Internet TVs, security systems, thermostats, and other connected devices are all part of the intricate web of technology that is expanding exponentially in homes across the US.
These devices hold valuable information such as passwords, dates of birth, and travel schedules. They may control critical functions in your home such temperature control as well. Each of these devices connects to the Internet to derive value for the user, but in so doing also creates an entry point for nefarious hackers to access the devices and the information they hold. Once a criminal hacker gains access to these devices they can easily transfer funds from bank accounts, unlock doors that use smart locks, and install harmful ransomware on your computers to hold them hostage.
Criminal hackers use many different strategies to cause physical, emotional, or financial harm. Here are some of those strategies:
- Email Phishing – This strategy involves email scams looking to dupe email recipients into clicking a link that can install harmful software onto the recipient’s computer.
- Identity Theft – Criminals use personally identifying information (address, name, birth date, social security number, etc.) to sign up for credit cards, open bank accounts or initiate other transactions using your personal information.
- Cyber-Extortion – Hackers coerce victims to pay large sums of money when they take control of their website, servers, computers or other digital assets and hold them hostage until their demands are met.
- Cyber-Bullying – Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation4.
- Unauthorized Payment or Transfer – This strategy involves hackers gaining access to your banking and credit card information and illicitly transferring money or making fraudulent purchases.
- Social Engineering – Cyber criminals use deceptive tactics to trick people into giving them access to sensitive information through phishing scams, pretexting, and baiting.
Practical Cyber Protection Strategies
Everyone is at risk of being affected by cybercrime, whether it is a direct or indirect attack. There is no surefire solution that will guarantee your data is secure, but there are strategies you can implement to make it more difficult for hackers to gain access to your information.
The list below offers some of the strategies you can implement to improve your security on the Internet.
- Protect your WiFi network at home with a strong password. One that contains more than 6 digits (longer passwords are more secure) and uses special characters (i.e. $%$#@), lower and upper case letters, and numbers.
- Change your passwords every 6 months
- Use passphrases instead of passwords. A passphrase is a string of words used to control access to a system. They are easier to remember and could be more secure than passwords (Example: JohnisSIttingon2Largechairs).
- Set up a guest network at home with a separate password for guests to use rather than giving them the password to your primary network.
- Use multi-factor authentication whenever possible. This is a security protocol that uses a secondary device to verify you are who you say you are. Verification codes are sent via text or email for you to enter during the sign in process.
- Store your passwords in a secure location, such as a password manager. Lastpass.com and Dashlane.com are websites that you can store all your passwords in to help improve your security.
- Use one network for connected appliances and gadgets, and a separate network for your computers, tablets and phones. This way, if someone hacks your device network, they will not be able to access your accounts5.
- Download software updates as soon as they are available.
- Avoid connecting to unsecured public wifi networks such as those in hotels, airports, and other public areas.
Software and Service Solutions
In additional to the practical steps you can take to protect yourself, there are software solutions and services to assist you with building your cyber protection strategy. These solutions can help you detect suspicious intrusions into your network as well as monitor for fraudulent activity.
Here are examples of software solutions and service providers who specialize in working with individuals to help them with cyber security.
- CyberScout.com – CyberScout offers a full suite of services to improve your cyber security including: identity management tools, credit monitoring services, breach response services, and data privacy consulting.
- Norton.com – Norton provides software that identifies viruses and malware and blocks them from causing damage. They also offer other related services including a router device that monitors and protects everything within a connected home network.
Cyber Risk Services
- Rubica.com – Rubica.com developed a technology for your tablets, smartphones, and computers that helps you avoid being the victim of a cybercrime.
- K2Intelligence.com – K2 Intelligence is a full service cyber defense consultancy that brings enterprise level cyber security solutions to the private client and family office markets.
Even with the best security practices in place and all the practical risk mitigation strategies being utilized; there will always be a risk of loss. That is where insurance comes in. Cyber insurance not only offers financial protection when a loss occurs, but it also may include complimentary or discounted access to software tools and services like those mentioned above.
Today, a handful of insurance companies offer cyber insurance policies for individuals to purchase. Some are in the midst of developing a solution and others are in the planning stages. Most companies offer Identity Theft coverage as part of their Homeowners policies, but that coverage falls short with covering most of the cybercrimes happening today. Although the cyber insurance products are relatively new, they are very broad in the coverage they offer.
Here is a list of coverage highlights from a few cyber insurance products on the market today:
Cyber Extortion & Ransomware
Provides reimbursement for money paid by an insured to terminate a cyber extortion threat. Insureds have access to expert cyber consultants to assist if a criminal demands a ransom in exchange for the insured’s data.
Covers related costs as a result of an insured or family member being victimized by cyber bullying. Related expenses include professional digital forensic analysis to aid in prosecution; professional cyber security consultant services; loss salary due to wrongful termination; public relations service fees; and temporary relocation.
Provides protection against the loss of funds stolen from an account due to a cyber-attack.
Provides coverage if your authorized account user – such as a personal assistant or family office manager – is deceived into wiring money from your account.
Provides coverage for the cost of a professional to reinstall damaged software, remove malicious code, reconfigure your device or system and replace electronic data that has been lost or corrupted.
Crisis management / Reputational injury
Provides reimbursement and access to crisis management consultants to protect an insured from reputational harm.
Provides support in dealing with a cyber-attack that prohibits the clients from accessing their home, or interrupts their incidental business operations in their home.
*Coverages above are representative of those found in Cyber Insurance policies offered by AIG Private Client Group, Chubb Personal Risk Services, and PURE Insurance.
Coverage limit options vary from company to company with options ranging from $50,000 to $1,000,000 per occurrence. Prices range from $250 to $2,500 per year depending on the coverage limits selected, the coverage options included, and the company offering the coverage.
Insurance is a tool that can be used to help protect your wealth from cyber risk. Adequate coverage should be obtained to match the maximum financial loss. However, it is also important to use the practical strategies, software products and services mentioned above to protect yourself from cyber risks and to develop a plan of action should an incident occur. To learn more about cyber insurance options for successful individuals and families or to discuss this topic in more detail, please feel free to contact Kurt Thoennessen at firstname.lastname@example.org or 203-405-2645. ___________________________________________
- 1 – Cyber-crime statistics – https://www.cnbc.com/2017/02/07/cybercrime-costs-the-global-economy-450-billion-ceo.html
- 2 – Equifax data breach statistic – https://www.forbes.com/sites/nickclements/2018/03/05/equifaxs-enormous-data-breach-just-got-even-bigger/#2898d3d753bc
- 3 – Number of connected devices in our homes – https://cio.economictimes.indiatimes.com/news/Internet-of-things/households-have-10-connected-devices-now-will-rise-to-50-by-2020/53765773
- 4 – Cyber-bullying definition – https://www.stopbullying.gov/cyberbullying/what-is-it/index.html
- 5 – Practical strategy #6 – https://www.usatoday.com/story/money/personalfinance/2017/10/08/personal-cyber-insurance-deploy-case-attack/720073001/
Kurt is a Senior Advisor with Ericson Insurance Advisors and a Certified Advisor of Personal Insurance (CAPI). He works with high net worth individuals and families to design and implement risk management and insurance programs.