TechInsurance Issues Spear Phishing Data Breach Prevention Tips for Network and Security Consultants
Spear phishing incidents increased 91% in 2013, with one in five small businesses targeted.
CHICAGO, July 15, 2014 /PRNewswire/ -- Symantec's 2014 Internet Security Threat Report shows a 91 percent increase in spear phishing attacks from 2012 to 2013, a trend TechInsurance warns affects network and security consultants. According to the report, one in five small businesses was targeted with a spear phishing email in 2013. For government offices and those in finance or real estate, the rate was even higher.
Further, Verizon's 2014 Data Breach Investigations Report shows that phishers have an 80 percent success rate (at least one targeted victim clicks the malicious link) when they send a campaign twice.
Ted Devine, TechInsurance's CEO, notes that spear phishing attacks can undermine the barriers network and security consultants put in place to keep clients' data secure. "A single email opened by an unsuspecting employee can undo months of work," he said. "And once a hacker gains access, the financial consequences can be significant."
Devine added that hackers use spear phishing to steal customer information, which constitutes a data breach. Recovering from a breach can be costly for both a business and any IT professionals involved. State laws may require the business to notify affected customers, offer credit monitoring services, or pay fines – all of which cost money. If a breached business doesn't have Cyber Insurance, it could sue to recover those costs from any parties it considers responsible for the breach, including network and security consultants.
TechInsurance suggests that network security professionals take three key steps to prevent client losses from spear phishing:
- Understand the evolving risks. Spear phishing emails pull information from social media to target their messages and increase the likelihood of clicks.
- Educate clients. Phishers often disguise malicious emails with words like "Re:" "Payment" and "Order." These aren't Nigerian prince emails – they're more sophisticated, meaning even savvy email users can fall prey.
- Update insurance. Professional Liability Insurance can pay for legal defense fees when a consultant is sued over responsibility for enabling or failing to prevent a spear phishing data breach.
For more information about spear phishing, see TechInsurance's blog post, Re: Your Recent Spear Phishing Attack.
About TechInsurance, an insureon Company
TechInsurance offers Professional Liability and General Liability Insurance to the country's smallest IT professionals, including network and security consultants.
Contact: Betsy Gregg, [email protected], 224-595-3323
SOURCE TechInsurance
Share this article