email

Cyber Insurance

While cyber insurance policies have been around since 1997, only recently have they become popular. Many companies have started offering cyber policies. Because of the explosive growth of this industry and the diversity in policy coverages, it can be difficult to understand what you are buying. While there are professional agents that have taken the time to understand cyber policies, there many more out there offering policies without understanding what the polices cover. I will be doing a webinar on this topic later this month, but here is a brief summary of some key areas.

Policies typically contain 4 to 5 sections. They are the declarations, insurance agreement, conditions, exclusions and definitions. Knowing what is covered is just as important as knowing what is not covered. I can share many sad stories of companies that had cyber insurance, thought they were covered, but were unable to collect.

To help understand coverage, or lack of coverage, here is a brief summary of one of those sad stories that happened here in the Miami Valley.

The owner of a small business had his email password compromised. The criminals continued to monitor his email account for a while. The criminals were able intercept an invoice that included wire instructions. The criminals modified the invoice and changed the account number for the wire transfer. The business typically pays their vendors via wire and everything looked like business as usual. The business paid (wired funds to the criminals account) the invoice as instructed.

The company didn’t learn of the issue until their vendor asked for payment because they had not received it. By this time, it was too late, the money was gone.

The company notified the police, and their insurance company. They were not covered for this incident because it was not considered a theft. The owner of the company authorized the payment to the criminal. The language of the policy was specific on what would be covered and not covered. Because this was an authorized payment, they were denied coverage.

I can’t stress this enough, when shopping for cyber insurance, ask lots of questions and make sure you understand your coverage. It is always best to work with a professional!

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts

Firefox Private Relay Service

Firefox Private Relay ServiceLiving and working on the internet means exposing your email address to many opportunities for spam. A new service from Firefox aims to give users more control over the exposure of their email address. Firefox is testing a new browser extension named Private Relay Service. The extension would generate private, or ‘burner’ email addresses as needed, and forward the incoming traffic to the user’s actual email address. These burner addresses could be used to sign up for online services, or be used when a website requires an email address for access to content. Often these websites will use the email address provided to send a confirmation email, and then spam or sell the address to other services.

A burner email address could be turned off temporarily, or deleted all together if the user notices a lot of spam coming from a single outlet.

Private Relay adds UI to generate unique, random, anonymous email addresses that forward to your real address. You can use your relay addresses to sign up for apps, sites, or newsletters. When you’re done with that service, you can disable or destroy the email address so you’ll never receive any more emails from it.”

The service would also add a layer of security in the event a company’s database is compromised; giving users more control over who has their email address.

The Firefox add-on is currently in testing, but interested users can install the add-on to Firefox now and create a login to be available for the first round of invitations. Apple announced a similar service earlier in the year called ‘Sign in with Apple.’ This service is also currently in testing.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Feature Newsletter

Quanexus Q-News

This week we are featuring our current newsletter. In this newsletter we focus on Security Awareness Training, Long Term Digital Photo Storage, How Data Security Resonates with Customers, and What We Learned from the Equifax Breach.

Click here for the Newsletter

You can also subscribe to our email list and receive the newsletters when they are published. Read previous Newsletters and subscribe to our email list by clicking here.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless

Facebook Trend Gives Hackers Personal Information

There is a trend going around Facebook in support of this year’s seniors who missed out on prom and graduation due to the pandemic. Many users are posting their senior pictures along with the year they graduated, and the school they graduated from. The problem with this trend is it gives hackers information that is commonly used as security questions for banking or other high security websites. Even if a user doesn’t use these specific questions, it gives hackers a head start on information for spear phishing campaigns.

Last year we saw a shift from generalized phishing campaigns to spear phishing campaigns. A general phishing campaign sends out thousands of emails with the hope a small percentage of recipients will click on the link or attachment and become a target of the hacker. A spear phishing campaign differs because they target individual users. Instead of sending out thousands of emails, they are sending single highly detailed emails to known people in attempt to infect their computer or steal personal information. The hackers learn as much as they can about an individual person before sending a phishing email referencing personal information. The problem with this new trend is Facebook users are giving hackers their name, city, and graduation date from which they can infer a birth date. Then users are tagging the post #Classof2020, so the posts are very easy for hackers to find.

The Better Business Bureau raised concerns about this new trend. Below are some tips from BBB on staying safe on social media.

Resist the temptation to play along. While it’s fun to see other’s posts, if you are uncomfortable participating, it is best to not do it.

Review your security settings. Check your security settings on all social media platforms to see what you are sharing and with whom you are sharing.

Change security questions/settings. If you are nervous about something you shared possibly opening you up to fraud, review and change your security settings for banking and other websites. 

Source: Better Business Bureau News Release

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business