Performance Thinking

Expert information and solutions for your business.

Trends in Cyber Risk Prevention

Cyber Risk Prevention

In today’s climate, cyber risk is top of mind for business leaders.  Unfortunately, many still fail to understand the complexities involved and unknowingly leave their businesses vulnerable.

High-profile data breaches grab our attention on a regular basis – like the hack of Under Armour’s MyFitnessPal app earlier this year that was called “one of the biggest hacks in history,” compromising 150 million accounts.  When these incidents occur, businesses should turn the fear of “what if?” into action by evaluating their exposures and ensuring they are properly protected and prepared to deal with a breach should it occur.  

Earlier this year, Scott held an educational event in Raleigh featuring a panel discussion on the emerging trends surrounding cyber fraud and techniques for prevention.  One of the panelists at our event was Jeremy Gilbert, IT Advisory Manager at Dixon Hughes Goodman LLP.  Jeremy’s insights regarding this important topic are valuable, and the following Q&A can help your business as you work to build a strategy to combat the cyber risks that face your organization.

What are the main cyber risk threats facing mid-market businesses today?

GilbertMore sophisticated hacking tools continue to become available to lower-level cyber criminals.  In some ways, these tools have exceeded the defensive capabilities of typical mid-market businesses; however, they are not often employed because they are expensive and difficult to use.  Less sophisticated attacks, usually requiring a user to click a link or open an attachment, are far more common.

Attacks are typically aimed at one of three things:

1. Extortion; typically done with ransomware, a type of software that encrypts files. Following encryption, the criminals offer to sell the decryption key to the business.

2. Stealing valuable PII (personally identifiable information) such as name, date of birth, account numbers, and addresses of your business, your customers, or your employees. This type of attack is often referred to as a data breach and is usually the most financially damaging that a business can suffer.

3. Securing a jumping-off point for attacks against other targets. This typically takes the form of a compromised web server.

What can businesses do to prevent a breach or minimize their exposures?

Gilbert:  Mitigating the risk of a breach and the impact if/when a breach occurs requires frequent monitoring and examination of the threat landscape and your IT environment.  Establish a breach response team and hold periodic meetings to ensure new threats are mitigated and changes to your IT environment are analyzed from a security perspective.  This team should consist of representatives from IT, upper management, public relations and legal.  If you don’t already have a breach response team in place, this can seem a daunting task.  If you carry cyber insurance, and you should, your insurance broker can be a great resource to help you establish and manage this team.

What are some lessons we can learn from previous/recent events?

Gilbert:  Common attacks usually require action from an authorized user to become a successful attack.  This action could be opening a malicious attachment or link in an e-mail, downloading a malicious file, visiting a compromised web page, or answering a phishing e-mail.  Training your employees in good IT security practices is the most effective way to protect your business.

Typical IT security controls like firewalls, intrusion detection systems, encryption and password policies are important and necessary for good IT security, but the users in your IT environment are the weak link that cyber criminals will try to exploit.

Also, if you outsource any IT support, be particularly vigilant about clearly establishing who is responsible for IT security.  We have seen multiple companies breached that thought their managed service provider (MSP) was handling security while the MSP thought the company’s IT staff were handling security.

What resources are available to help business executives better understand the complexities of cyber risk?

Gilbert:  If you have cyber insurance, your first stop for resources to help you should be your insurance broker.  They have a vested interest in helping you secure your IT environment and they may have free or low-cost assistance available to you.  Also consider having an outside firm perform an independent assessment of your IT environment and systems to identify technical and operational vulnerabilities.

Many companies offer user training for IT security.  Dixon Hughes Goodman can offer customized, in-person training.  You might also consider the SANS Institute’s Security Awareness Training, which can be completed online.

When hiring for IT security positions, pay attention to which IT security certifications the candidate has earned.  There are many IT security certifications, so you can’t be familiar with all of them, but a quick search online should inform you as to whether a particular certification is valuable to your organization.

 At Scott, we understand the importance of developing a strategic approach to cyber risk, including making sure appropriate coverages are in place.  If you have questions about protecting your business from cyber risks, contact a Scott Risk Advisor to learn more.


Thanks to Jeremy Gilbert and Dixon Hughes Goodman LLP for their contribution to this blog.  Jeremy can be reached at jeremy.gilbert@dhgllp.com.

Written by Chad Duke

Chad is a Risk Advisor in Scott’s Raleigh office. He joined Scott in 2009 to assist in the growth of the Raleigh branch.

Call Chad at 919-341-0754 if you have any questions or need any additional assistance.

View Profile
LinkedIn

Affordable Housing Practice Group Engagement

Our Affordable Housing Practice Group team members are continuously engaged in the industry, staying up-to-date on the important issues impacting the organizations serving in this sector and ensuring that our clients in this space are receiving the best guidance and highest level of service.

Performance Thinking Webinar

In late May, we offered a webinar to provide insightful and actionable information regarding risk management issues of interest to affordable housing organizations.  The webinar provided an overview of the current insurance market, practical guidance related to certificates of insurance and strategic guidance for claims management.

If you would like to view the webinar recording, please email me at nkerr@scottins.com.

CAHEC Partners Conference

Members of our team attended the CAHEC Partners Conference in Greensboro, North Carolina.  This event provided opportunities for our team to connect with leaders in the industry and to learn about the current economic, legislative and regulatory issues impacting the tax credit industry. 

Jennifer Burchette, Senior Account Analyst for the Scott Affordable Housing Practice Group, had the opportunity to present on the topic of tax credit insurance. 

Jennifer Burchette and Rachel Bates at the CAHEC Partners Conference

HAND Annual Meeting & Housing Expo

The Housing Association of Nonprofit Developers held their Annual Meeting and Housing Expo in Washington, D.C. on June 12.  This is the largest convening of real estate and community development professionals in the region and was attended by 1,400+ practitioners. 

Congratulations to our client, Virginia Community Development Corporation, for receiving the Virginia Peters Nonprofit Friend Award for their Nonprofit Sustainability Challenge, an initiative helping nonprofit organizations across Virginia achieve long-term financial stability.

Virginia Housing Alliance Top 40 Network

Congratulations to Rachel Bates, Account Analyst, for her recent induction into the Virginia Housing Alliance’s Top 40 Network, a group of emerging professionals with demonstrated professional excellence and innovation in Virginia’s housing industry.  Rachel is a strong asset for our team and we are proud of her recognition and representation of Scott in this prestigious group.

Rachel Bates (center) at the Virginia Housing Alliance Awards Luncheon on June 14 with Monique Johnson from the Better Housing Coalition and Costa Canavos from Berkadia Commercial Mortgage who presented the award.


As Scott’s Affordable Housing Practice Group Leader, I am proud of our team of dedicated professionals serving this specialized industry.  We look forward to continued engagement and opportunities to utilize our expertise to help more organizations better understand and manage their unique risks. 

Property & Casualty Market Outlook for 2018-2019

Photo of graphs showing insurance trends.

At Scott, our clients often ask us for predictions on how their insurance costs will change year-over-year. While every company has unique characteristics that impact pricing, we can make some general observations and recommendations based on past and current market conditions that can help when preparing for the future. 

Read Full Story

National Benefits Benchmark Data

Decisions about your employee benefits have far-reaching and financially significant implications – for your business and your employees. At Scott, we empower our clients with detailed benchmark data to make informed, strategic decisions.

Each year, Scott Benefit Services, alongside a leading actuarial consulting firm, conducts a Mid-Market Benefits Benchmarking Survey to help guide employers as they navigate the ever-changing employee benefits landscape. 

Read Full Story

Dangers of Distracted Driving

Auto Coverage

Distracted driving is any activity that could divert your attention away from the main task of driving.1 It is something that is both dangerous and disturbingly common. In fact, an estimated 660,000 drivers are using electronic devices while driving during daylight hours.2 You may be surprised to learn that cell phones and texting are just part of the problem when it comes to distracted driving. While stowing your phone while you drive is an important safety step, other behaviors behind the wheel, from drinking coffee to using a navigation system, may also be putting you at risk. 

Read Full Story