Have You Reviewed Your Cybersecurity Insurance Policy?

Coverage Loopholes

Cybersecurity rates are increasing while coverage is decreasing. Per the Wall Street Journal, “Direct-written premiums collected by the largest U.S. insurance carriers in 2021 swelled by 92% year-over-year”. Most of the increase is due to the sophistication of the attacks, higher ransomware payment demands, and the number of attacks. The State of Ransomware 2021 global survey (per Sophos) includes the following chilling facts:

  • The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now ten times the size of the ransom payment, on average
  • The average ransom paid was $170,404. While $3.2 million was the highest paid out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more
  • The number of organizations paying ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all their data.

All this bad news results in cybersecurity insurance increases for your organization. 

Steps you can take to get the most value out of your cybersecurity insurance

Review your cybersecurity posture – take a self-assessment against theCIS Critical Security Controls (CIS Controls). Seeing how your organization ranks against the control can provide a snapshot of focus areas for improvement before obtaining or renewing your cybersecurity policy. If you aren’t sure where to start with the assessment or need help implementing improvements, Dewpoint’s cybersecurity experts are here to assist.

Review your data – the more highly sensitive data your organization holds, the more risk. Taking the simple step of reviewing your data can reduce your premium. Determine if you need the data to conduct your business and review the best way to safeguard it through additional security and limiting access to critical employees. If you need to print the information, make sure the paper is kept in a locked cabinet and office and destroyed in a secure method. If it is all virtual, use encryption software for email and limit file-sharing capabilities. 

Review your policy for loopholes – most insurance policies do not cover “an act of war.” If a ransomware attack occurs because of the current Russian invasion of Ukraine, would you be covered? It’s an excellent question to ask your provider, given the uncertainty in our world, and determine the definition of “war.” For more information on different types of insurance and what they cover, click here.

What’s Next?

Navigating through the cybersecurity insurance maze can be a daunting task. Dewpoint can help by starting with an assessment to identify gaps in your current environment and recommendations to reduce those gaps. Organizations with poor security controls may be uninsurable or unable to afford a policy if available. Reach out to one of our security experts to help you get the most value out of your cybersecurity insurance and increase your overall security posture.

Are You Taking Full Advantage of Your Microsoft Products?

Increase in Subscription Rates Across the Board

Microsoft rolled out a significant price increase on March 1st. This increase impacted some of the most common Microsoft 365 Business and Office 365 subscriptions. However, Microsoft has added additional value through numerous applications and features such as Microsoft Teams, Power Apps, Power BI, Power Automate, Stream, Planner, Visio, OneDrive, Yammer, and Whiteboard. 

The price increases can be significant to a small or midsize enterprise’s bottom line; thus, reviewing your subscription options is critical. Microsoft offers a la carte options, small bundles or suites, and larger bundles composed of smaller ones. Finding the right fit for your business is more important than ever.

Current Price Changes with More to Come

Below are the price changes effective March 1st: 

  • Microsoft 365 Business Basic (from $5 to $6 per user)  
  • Microsoft 365 Business Premium (from $20 to $22) 
  • Office 365 E1 (from $8 to $10) 
  • Office 365 E3 (from $20 to $23)  
  • Office 365 E5 (from $35 to $38)  
  • Microsoft 365 E3 (from $32 to $36) 

These increases were applied globally with local market adjustments for specific regions. Microsoft also announced some changes for month-to-month subscriptions coming in October (more details to follow), so it will be important to use this opportunity to optimize your licensing. 

How to Get the Most Value Out of Your Microsoft License

At Dewpoint, we ensure you get the most out of all these great applications and features. As your Microsoft Silver Partner, we are as committed as ever to helping our clients and the broader business community make the best technology decisions for their organization. That includes ensuring you get maximum value from your Microsoft subscription investment through our support. Below are specific areas where we can help:

  • Advanced Email Protection – comprehensive, multi-layered protection against malware
  • Backup for Microsoft Office 365 – protect your users against data loss through regular backups across the entire 365 tenant
  • Email Archiving – tamper-proof archiving with unlimited storage
  • Email Encryption – protect sensitive email communications automatically
  • Microsoft Teams – review and provide training to your staff on Teams to make sure you are using all of its capabilities
  • Power BI – transforming your data into easily readable reports and dashboards for quick analysis

One Size Does Not Fit All

We can help you identify the best license for you based on specific employee requirements. Typically, employees fall into one of four categories:

  • Frontline employees: Workers who are not usually assigned a traditional desktop computer
  • Basic corporate employees: Workers who are tied mainly to one location and have essential productivity and collaboration needs
  • Advanced corporate employees: Those working in multiple locations or who need access to more-advanced Office suite functions, collaboration services, email archiving, or legal hold
  • Specialized corporate employees: Similar to advanced corporate employees, but need more-specialized services such as business intelligence, archiving, or e-discovery

Contact us if you need help determining whether lower-level suites or a la carte options could reduce your costs and fulfill your requirements more effectively without compromising productivity.

Are you Attending the Grand Rapids IT Symposium?

Symposium Focused on IT Professionals

The IT Symposium on May 26th, hosted by the Information Technology Management Association (ITMA), is the premier single-day event designed exclusively for the IT executive community. The symposium incorporates topics that you want to hear about. Some of this year’s agenda topics include “Leading Cyber Aligned IT Risk Reduction,” “It’s Ransomware, a CIO’s Nightmare,” “Diversifying the Source of the IT pipeline,” and “Conquering the Great Resignation.”

Dewpoint – the Wi-Fi Sponsor

We are proud to be the Wi-Fi sponsor for the 2nd year. Be sure to stop by the Dewpoint booth to learn how we can help you on your IT journey and a chance to win a great prize. If you are interested in attending the Grands Rapids Symposium, register today. Click here to learn more about how ITMA brings local IT leaders together to share ideas and knowledge. Of course, you don’t have to wait until the symposium to discuss your IT needs with Dewpoint; reach out to us today.

Will Your Business Survive a Ransomware Attack?

Most Small and Midsize Businesses Won’t Survive an Attack

Ransomware attacks are on the rise. Over 46% of the world’s total attacks are targeted against the US. Unfortunately, new research from CyberCatch, a cybersecurity platform provider, shows that 75% of small- and midsize businesses would be forced to close if a bad actor demanded a ransom. It is not a question of “if” an attack will occur for most companies but “when.” You can take steps to mitigate your risk and prepare for an attack.  

To Pay or Not Pay

Even if your business decides to pay the ransomware demand, it does not guarantee that you will recover your data in a usable format. Remember, you are dealing with criminals; thus, there is no code of ethics. Per the available research, 58% of extortionists attempted a second ransom after receiving payment, and 42% did not decrypt the files after payment, so the data was still unusable. Furthermore, if you pay in Bitcoin, the transactions are public and traceable. If used for any illegal transactions, they could be traced back to your business.

Even if you pay and recover your data, it takes an average of 16.2 days to remediate an incident. Think about having your business interrupted for more than two weeks. Not to mention the damage that is done to your reputation and inability to service your customers. The devastation done to one Illinois College is causing them to shut down indefinitely. In Michigan, Kalamazoo Community College was forced to close its campus after an attack. These are just two recent examples of attacks.

What Happens if Attacked

If your business becomes a ransomware target, these steps can help your business survive.

Assess the attack

Take a picture of the infected device’s screen before unplugging it. Pay attention to the payment deadlines or the number of days. Many times, the longer it takes to pay the ransom, the more the ransom demand. Check all of your systems to see if your network is compromised or if the attack is localized.

Immediately call your experts

This could be your internal IT team or a trusted IT vendor to supplement your team. In addition, if you have cyber insurance, contact them, and you may want to involve local law enforcement.

Determine the data you can recover

once you have identified what is infected, check on your backup systems to assess what data is recoverable. If you determine you need to pay the ransom to recover your data, have a clear communication plan on when and what you will pay.

Reset your systems

immediately reset all passwords. Ensure you have the latest software versions and run any patches to strengthen your security. Watch for backdoors that bad actors could further exploit.   

Do you have a Ransomware Plan?

We can help. Dewpoint has the security and infrastructure experts and experience to mitigate your ransomware risks and create a recovery plan in case you’re attacked. By taking simple cybersecurity steps, you can reduce the probability of an attack and its impact. Like in sports, we believe the best defense against an attack is a great offense. Contact one of our cybersecurity experts today.   

Is Your Organization Prepared for World Password Day?

Cybercriminals continue to exploit password weaknesses

The ninth annual World Password Day is May 5th. Intel initially created this event to raise awareness about the importance of strong passwords. Even after reminders and the organization’s updated security policies, per a Google/Harris survey, 52% of users reuse the same password for multiple (but not all) accounts; 35% of users reuse the same password for all of their accounts, and only 13% use a different password for all accounts. In addition, over 82% of employees admit to recycling passwords.

In 2020, the top type of information stolen worldwide was credentials. – over 60% of data breaches involved cracking or using stolen or recycled credentials. Although your organization may have strict password policies, that doesn’t mean your end-users aren’t reusing passwords for their Facebook, personal email, or Amazon accounts. 

Emphasizing and enforcing good password policies

Require confidentiality

ensure your employees understand the need for password confidentiality. Remind them regularly that sharing or having “post-it” notes with passwords is not allowed.

Use block-listing

automatically prohibit specific passwords or password strings like the famous “123password”. 

Set a minimum length

typically, a minimum of eight characters and symbols is required, but your organization may want to use a longer length.

Set a password history

don’t allow the reuse of previous passwords (going back at least four to six prior passwords) to discourage people from cycling through changes to revert to a familiar password. Monitor password changes and investigate employees who make changes within a short period. They may be changing to “outsmart” the password history requirement.

Don’t use password hints

although helpful in reminding your employees of their password, the ‘hint’ is often something familiar that a hacker can easily find out from social media.

Implement Multi-factor authentication (MFA)

according to Microsoft, MFA can stop  99.9% of threats to passwords. It can be implemented in various ways, from phone calls, text messages, or codes. MFA is a simple yet effective roadblock to accessing an account and strengthening overall data security. 

Reinforce password standards

training and reminding your staff about password guidelines should be part of your overall cybersecurity plan. Include password training as part of your security awareness training. Sending a “password reminder” is as easy as sending out this article to your team and recognizing national password day.

Password policies are just one step

Reinforcing good password policies is a simple way to increase your organization’s cybersecurity posture. However, it is crucial to evaluate your organization’s overall IT security to keep it safe. Contact Dewpoint today to set up an evaluation and take the additional steps to increase your IT security and reduce threats.