How to Get the Most Cost-Effective Cyber Policy

If you were to ask any company representative if cyber insurance is worth it, you’d undoubtedly be met with a resounding YES. The potential financial havoc that a cyber attack unleashes is significant enough for businesses both large and small to actively seek out cyber insurance coverage. The question therefore isn’t whether you require cyber insurance for your business. Instead, it’s: How much cyber insurance do I need?

Just like all insurance coverages, the answer is personal. You would not pay a higher level of homeowners insurance premium for a larger house than you own; so too should you not pay for more cyber coverage than your business needs. One-size-fits-all cyber insurance does not exist, and there are ways to drive the cost of coverage down by being proactive in your security efforts.

One business may need to purchase more cyber insurance, while others may need less. An organization that deals primarily online may have more potential exposure than another, for example. To get the most cost-effective cyber policy, do not just request a quote from the Internet. Instead, trust the cyber insurance advisors at W3 Insurance to learn about your company’s risks and to help you select a policy to mitigate them. 

Every day, cyber attackers become more savvy at draining company coffers. Those businesses who choose to pretend that they are not at risk stand to pay higher rates than those who actively protect themselves. Read below as we examine how cyber attack prevention can in fact be cost-effective and how a business can go about securing such coverage.

10 ways to reduce the cost of your cyber insurance policy

Think of this as akin to the ‘safe driving’ discount offered by some car insurance companies. If your business operates with safeguards in mind against cyber attack,  it is possible to reduce the cost of your cyber insurance policy. By reducing your risk, you also drive the cost of coverage down.

Some of these ways include the following:

1. Multi-Factor Authentication (MFA)

Are you who you say you are? That is the simple (yet effective) impetus behind multi-factor authentication. Also known as “two step” verification, this effective means to thwart cyber attack takes the standard ‘enter username and password’ command to a new level. Sure, you will need both of the above – and then some. Often, this added failsafe comes in the form of a code that is sent to a person’s cell phone. That way, even if a password and username are stolen, the attacker is stuck. 

2. Password managers

The days of the simple password are passe – pun intended. Password managers take complex combinations of letters, numbers and symbols and make undecipherable passwords that are nearly non-hackable. One of the type of cyber attack involves a hacker learning personal information about a mark on social media and then trying those elements as passwords. With password managers storing these intricate passwords, it’s not necessary to use the same one multiple times. 

The days of “I hate passwords 123” should be over. Thank you, password manager.

3. Keep your employees trained and up-to-date

In the event your business suffers from a successful cyber attack, don’t point fingers at the computer, because it is likely not the machine’s fault.. Nine times out of ten, security breaches are caused by human error. Cyber attack is a very human game, after all; human error is the reason many attacks do succeed. 

That’s why employee training is paramount. Have your employees been brought up-to-speed about the latest phishing attacks? Do they know not to respond to emails that demand sensitive information? Constant vigilance is required to fend off cyber attacks, and that means consistent, timely training for your employees about the latest threats and information regarding how to combat them.

4. Update your software when possible

Keep pressing ‘cancel’ when prompted for a software update? -Think again. Take a few minutes and let the software update; it most likely has built-in security protocols to protect against the latest cyber threats. Cyber attacks vary widely in their creativity and personalization; software updates can help thwart some attempts before they become a problem. 

5. Invest in cybersecurity tools

When it comes to protecting your business from cyber attack, cybersecurity tools are the weapons that can keep the threat at bay. Often, they are not exorbitantly expensive, either – at least, not in comparison to how much a successful cyber attack an potentially cause your business.

Consider the list below a good start:

  • Firewalls
  • Anti-virus software
  • Application whitelisting software
  • Intrusion detection/prevention systems
  • Managed detection and response systems

6. Create an adequate response plan

Even after all your best efforts, a cyber attack may crack your defenses and affect your business. Due to the ever-changing nature of cyber attack, this is a sad reality; knowing what to do if one occurs can minimize the damage. If you suspect your business has been a victim of cyber attack, first call your cyber insurance coverage provider. Then, use your response plan to move forward.

7. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are your friends

Plan for the worst and hope for the best. The adage is at the heart of business continuity planning (BCP) and disaster recovery planning (DRP). Have protocols in place as backups, and should a cyber attack occur, you may be able to continue business as (almost) usual while you work to restore prior workflows.

8. Continuously monitor your systems

Understanding what is normal for your business and what is not is a surefire way to spot a cyber attack. Watch for activity that is out of the ordinary, and if you spot something unusual in your data, dig into the cause. It may well be due to user error – or it may be a cyber attack in its infancy.

9. Hire a cybersecurity expert

Overwhelmed by the concept of cyber-securing your business? Professionals can assist you in deducing your business risk and implementing tools to address it. Consider hiring an expert to be an investment in your company’s wellbeing. The time you will spend to put all these measures in place may be better used elsewhere, and, if these protections are left undone, cyber attacks can have drastic fiscal consequences.

10. Be proactive

Simply follow the above advice, and you’ll be on your way to protecting your business from cyber attack. The proactive business owner understands that if it’s possible to prepare for an attack, fortifications should be made. Act early to prevent cyber attacks in the long run. What’s more, having these protections in place can result in a lower premium. After all, such a business is less risky than one that just buys coverage but does not put any safeguards into place.

Get an affordable quote from W3

The cyber advisors at W3 Insurance can help protect your business from cyber attack. For coverage that protects your business and advice that allows for personalization of your cyber policy, trust the W3 advantage. 

Cyber attack is a persistent threat. Contact us today for more information regarding how to protect your organization.

W3 Small Business Solutions

Owning a small business is no small feat. 

It can be difficult to know whether the solutions you’ve selected are right for your organization, and the time it takes to implement them without help could be better used flipping that ‘closed’ sign to ‘open.’ 

Luckily, our insurance experts at W3 make getting coverage and finding business solutions a seamless process. We’re here to offer answers for multiple small business scenarios.

When a small business owner asks how they can get the right small business insurance for their employees, or how they can improve employee retention, the answer is simple: discover the responses by partnering with advisors who have the best interest of your organization in mind and the tools to make a difference. 

Too many situations can arise within a small business setting for owners to be cavalier about coverage and processes. Entrust the experienced advisors at W3 to handle DOL compliance assistance, HR technology solutions, employee retention guidance and more.

DOL Compliance Assistance

Staying up-to-date regarding minimum wage and overtime requirements? Know every single Department of Labor rule and regulation? Even the most fastidious small business owner can’t do everything. Labor laws change periodically, and unless a small business owner devotes time on a regular basis to these updates, an oversight (or two, or ten) can happen. Labor laws exist to protect workers from unjust compensation. W3 Insurance can provide guidance to prevent issues that commonly arise when a small business does not keep up with these changes.

Common infringements in Department of Labor (DOL) compliance include:

  • Federal minimum wage and overtime requirements
  • Misclassification of employees (exempt versus non-exempt)
  • Employment law changes spurred by regulatory changes and court precedent

Even if you fully intend to be perfect in your DOL compliance, why take the chance that oversight could happen? There’s plenty more that you need to think about when it comes to running a small business than endlessly checking statutes. Knowing you are in compliance offers peace of mind.

Workers’ compensation

Even businesses that don’t demand a large amount of physical activity from their employees need coverage for workers compensation

Any workplace accident can trigger the need for ‘workers comp’; repeated injuries like carpal tunnel syndrome, a faulty chair that breaks at the last second, or a trip & fall. 

Truly, the list of possible mishaps is endless. Workers’ compensation offers coverage for workplace accidents like these and many more.

Workers’ compensation provides benefits such as lost wages and medical treatment incurred as a result of the workplace injury. Go without the right insurance as required by your state, and a small business could open itself to further fines and legal action. It’s important to note that the reason to carry workers’ compensation insurance is twofold. Not only does it help the injured employee, but it protects the organization as well. 

When should you elect workers’ compensation insurance? -Before you hire your first employee. Laws vary by state and industry, so a one-size-fits-all policy does not truly exist. To ensure you obtain the right coverage, enlist an insurance professional to evaluate your risk and recommend coverage options that fit your needs.

Mandated Federal Minimum Wage

A mandated federal minimum wage exists, but different states have their own qualifications as well. Partnering with W3 for compliance and legislation services takes the guesswork out of the equation. Instead of asking, “Are we really paying our workers according to law? You have a partner to advise the business and keep abreast of any changes.

It should come as no surprise that paying employees less than they are owed sets a business up for litigation (and an angry, under-compensated employee). W3 offers help to ensure that scenario never occurs.  

HR Technology Solutions

Streamline your human resource efforts and ensure the actions are compliant – W3 can help. Through various HR tech solutions, W3 partners with small businesses to make compliance easier. Benefits include hours of time saved with total clarity for employees, who can feel secure knowing their benefits and payroll are consistently tracked and rewarded.

Every small business needs HR tools that enable it to go about operations in a timely, organized manner. There is no need to do HR the old-fashioned way, with folders and collation and plenty of room for error. Instead, embrace the HR technology that continues to change the way we work.

W3’s advisors help businesses connect with these HR technology solutions:

  • HRIS – Access your employee reporting with just a few clicks of the keyboard. From keeping track of employee PTO to tracking new hires and making certain elements accessible to employees, it’s easy for HR to get (and stay) organized.
  • Payroll software – Pay your employees on time, every time. While you’re at it, secure tax information, create W2s, and integrate with your HRIS in real time – no cumbersome systems necessary!
  • Time & attendance – Link employees’ time worked with the payroll system and make it simple for your workers to log their time. 
  • Benefits administration – All of the tools for Benefits you and your employees need are found under this section. Instead of entrusting a Benefits consultant to explain every nuance of coverage, give employees agency by allowing them access to their personalized plan and more. 

Employee Recruitment and Retention

Attract and keep employees who make your small business shine. Employee Resources offered through W3 can help. When Employee Benefits are clear and concise, employees understand what they are entitled to. Rather than tasking employees to wade through laborious benefits package printouts with no support, why not personalize the offerings for them? 

Employee benefits guidance makes the right coverage choices clearer for employees. Being able to concisely explain the reasons employees should choose to work with your organization should help with employee recruitment and retainment.

Whether a business is small or massive, employees should never answer the question “What’s the value of working here?” with “I’m not sure.” Recruit and retain employees by understanding what is important to your workers and delivering on your promises.

Request A Quote from W3

Small business benefits can make the difference between success and failure for an organization. Though a business may be small, the goals it puts forth are lofty. Achieving those goals depends on a multitude of factors. Small business benefits is an important one.

W3 small business solutions exist to help small businesses stay compliant and run smoother. Call us at (941) 377-7283 ext. 233 to talk to one of our experts today.

Why Your Business Needs a Surety Bond

Do you plan to do work with a government agency in the future? Does your business calendar include appointments to bid on construction jobs? If so, you’ll likely need a surety bond to be seriously considered for employment. 

Surety bonds are a safeguard, and exist to assert confidence that your business will finish what it starts. They are required in multiple instances and across multiple sectors. Let’s talk more about them.

What is a surety bond? 

A surety bond is a promise backed by capital. This promise asserts that contract terms will be met by all parties, that agreements will be kept, and that all sides comply with the contract. 

Think of a surety bond as a handshake that holds legal weight. You or your business agree to complete a scope of work, and the entity employing you can have full confidence that this will happen. If it is not, recompense will be given to the slighted party.

The 3 parties of a surety bond

To understand how a surety bond works, you must first understand that each bond involves three parties. These are:

The Principal 

Often the owner of a small business, this bond purchaser opts to obtain a surety bond in order to enter a contract bid or do work. 

The Obligee 

If you require a surety bond, that means you’re the obligee. Obligees are commonly government agencies, but anyone looking for a solid guarantee of job completion can be one. 

The Surety

Someone has to guarantee this bond, and that is the surety, or insurance company. Think of them as the middleman: if the Principal neglects to hold up their end of the bargain, the surety steps in to remedy the situation. Completing the work is the overall aim, and the insurance company covers this as stated in the bond.

What do the terms licensed, bonded and insured mean?

These three terms are ‘the mighty three.’ A company that can list this trio has completed the triumvirate of items necessary to inspire ultimate consumer confidence. 

While a business can separately earn the designations of licensed, bonded and insured, there is a significant difference among the terms.

Licensed 

This is the bare bones, must-have designation for many industries. A company that is licensed meets some minimal guidelines for its sector. For example, it would be inadvisable to have an unlicensed stylist to cut your hair. The license hanging on the salon wall gives you confidence that the person holding the shears has completed some training as required by a licensing board.

Bonded

A company that says it is ‘bonded’ is simply sharing the information that a surety bond has been purchased to protect third parties doing business with it. If the agreed-upon project work is not completed, a claim can be filed for recompense.

Insured

A synonym phrase for insured is ‘transfer of risk,’ and that’s exactly what insurance does for a business.  An insured business commonly carries protection for workers compensation and general liability, though more coverage is available. Construction companies likely hold builders’ risk policies and property insurance as well.

What are the 4 types of contract surety bonds?

Bid bond 

Seen in the construction space, a bid bond guarantees that if a bid submitted by the contractor is accepted, that contractor will be entering a contract that involves an agreement of doing the work at the price given

Performance bond

An insurance company or bank stands behind a contractor in this situation, ensuring that a project is completed in a satisfactory manner. 

Payment bond 

A contractor opts for a payment bond, which is a surety bond that ensures subcontractors and those supplying materials are paid. Payment bonds are commonly seen alongside performance bonds.

Warranty bond 

This type of bond has an expiration date – consider it a limited warranty situation. Once that predetermined date has passed, the bond is no longer valid and active.

5 types of commercial surety bonds

License and permit bonds

Before you even apply for a permit or license in some instances, these bonds will be required. They act as a safeguard that the individual or business that obtained the license and/or bond will comply with applicable regulations and laws and that it can actually do what the license or permit details. This requirement discourages businesses that may not be completely able to perform the assigned work from agreeing to undertake it.

Court bonds

Whether one is the defendant or the plaintiff, it may be necessary to get a court bond. Included under the ‘court bond umbrella’ are the well-known bail bond, but bonds for appeal, attachment, replevin and injunction are available as well. 

Fiduciary/probate bonds

A surety bond, this type protects creditors, heirs and beneficiaries in the scenario of a trust. 

Public official bonds

If you hold a public office, you’ll likely be required to have a public official bond. These are designed to protect the public if the official does not perform as they are supposed to. It’s interesting to note the wide range of public officials who require surety bonds, including, but not limited to: treasurers, tax collectors, judges and more.

Miscellaneous 

Bonds can be personalized for nearly any situation. These fall under the category of miscellaneous, and do not fully comply with the already-mentioned common bonds. 

4 industries that need surety bonds

Auto dealers

Ever wonder why more lemons aren’t sold by well-known auto dealers? Surety bonds knows as auto bonds are a failsafe to make sure that auto dealers do not engage in fraudulent behavior. If the dealer lies about a vehicle’s age or condition or engages in another misleading claim, this surety bond protects the consumer. 

Construction contractors

If a construction contractor breaks laws and does not honor their contracts, a penalty 

lies ahead for them. That’s thanks to a contractor bond, whether residential, commercial or other. 

Financially responsible officer bond

Ethics is the name of the surety bond game here. A company’s FRO (financially responsible officer) is thus guaranteed to act becoming to a high standard. These bonds aren’t widely required. 

Healthcare providers

By now, you’ve likely learned that bonds ensure that an entity fulfills its contractual obligations. This is the same for healthcare providers, who may opt for a surety bond over an LOC (letter of credit). 

How much do surety bonds cost?

A variety of components factor into the answer to that question, including credit rating, industry expertise, riskiness of the undertaking and more. Consider a small construction company bidding for its largest project to date. It may need to pay more for a surety bond than, say, a larger company that has a proven track record of project successes. 

The best way to find out how much a surety bond will cost for your unique situation is to contact a professional, explain the scope of work, and let them do their due diligence.

How do I get a surety bond?

This answer is the most straightforward of all of them in the article: simply call our office at (727) 522-7777 to speak with one of the surety bond advisors at W3 Insurance. 

Whether you’re a Florida small business owner hoping to bid on a federal project or a contractor investigating the types of surety bonds necessary for the future, W3 has extensive surety bond expertise.

Cyber Insurance Coverage for Social Engineering Attacks

How many times has this happened to you: you’re checking your email and you find a message from a large trusted online company like Amazon or Facebook notifying you of some change to your account. But something doesn’t look right. Either the company’s never notified you this way before, or the email domain name is slightly off.

Suddenly you realize the message is a fraud: an attempt to get you to click a suspicious link or enter in personal information.

You’ve just been targeted by a social engineering cyber attack. And while sometimes these attacks are easy to spot, cyber criminals are getting more sophisticated every day. Read on to find out what social engineering is, what are the most common forms of social engineering attacks, and to find out how cyber insurance can protect you and your business from the risks these attacks pose.

What Is Social Engineering?

Social engineering is the use of psychological manipulation to get people to divulge private information online. The definition of social engineering is very broad, and it encompasses a wide variety of common cyber attack strategies.

Generally impersonation is the name of the game when it comes to social engineering. Instead of using an impersonal computer virus or other mode to obtain personal information, a thief using social engineering might impersonate a friend or a company to obtain sensitive data. In an age where personal credentials such as logins and passwords can mean the difference between emptying a bank account or keeping it secure, this means people need to be ever-vigilant about protecting their information.

For example, the social engineering swindle could involve a “repair person” who reaches out via email and asks for a credit card number in order to complete a renovation. Or a “supervisor” within your business requesting e-gift cards be sent to them. Or a fellow employee, who “forgot” the last four digits on the company credit card, and asks if you could please share those with them.

You get the picture. Within the façade created by social engineering, a thief may continue to ask questions of employees and build credibility until at least one person gives up the information. At that point, the jig is up. There are too many horror stories involving this type of swindle to name. That’s why it’s imperative that you double and triple-check any request, even if it seems that it’s coming from within your organization. Social engineers can be quite adept at procuring the items they seek.

Who Is Most Affected by Social Engineering Cyber Attacks?

It’s not just mammoth organizations that have to worry about cyber engineering as part of a cyber attack. Small to mid-sized businesses are frequently targeted. And the effects can be devastating: nearly 60% of small businesses victimized by a cyber attack close within six months.

Typically, cyber attackers employing the strategy of social engineering will target employees of small to mid-sized businesses who have initial access to a platform. They don’t necessarily reach out to those with the biggest influence. For instance, the target could be a receptionist who was just hired last week and hasn’t even finished onboarding, or an intern who is so quick to please that they respond quickly with log-in information without much cajoling.

But these are just the easy targets. Those most affected by social engineering cyber attacks are arguably businesses that have plenty to lose – but that doesn’t just mean the Googles or Microsofts of the world. Larger organizations usually have rigorous cyber policies that make them more impenetrable to attacks, but smaller businesses are often more lax with their security protocols.

Why Is Social Engineering a Common Cyber Attack?

Too few businesses have safeguards in place to combat cyber attacks, and that omission can be lethal. In fact, 98% of attacks are caused by employee error, and 65% of businesses don’t even enforce a password policy. That’s why social engineering attacks continue to happen – because employees have a lack of training regarding how to identify these threats and what to do when they occur. Social engineering is common as well because it exploits human nature. Depending on the swindle and the dedication of the cyber attacker, these attacks can be extremely well thought-out.

With the world going ever-more virtual, parasocial relationships affect the perceived validity of cyber requests. We pay our bills online, shop online and transfer money online – why not share sensitive data that way too? It’s in our automatic nature to do so in this age of quick transactions, and social engineering cyber attackers exploit this to their advantage.

What Are the 6 Social Engineering Attacks?

Phishing

Phishing is when a cyber attacker attempts to lure someone into revealing guarded information by claiming to be a representative of a reputable company. When sensitive credentials are revealed to a cyber hacker, the criminal may use them to spread malware or give access to websites that attack a company’s credibility and coffers.

Invoice Manipulation

This phishing-like scam involves the receiving party of the fraudulent request being a client. During this attack, the hacker requests payment of a client invoice, but the money never reaches the company who is seemingly requesting it. Instead, it goes right into the bank account of the criminal.

Baiting

“You’ve won $5,000 – click here to collect!” or “Enjoy a new computer, courtesy of _____ corporation!” – these are both examples of baiting. In the first giveaway scam, the cyber attacker collects personal or business information by claiming that the email recipient needs to provide that info to receive a prize. In the second example, software may be installed on the gifted equipment that uses trackers to transmit personal information such as bank accounts, etc. 

Pretexting

Some social engineering scams are more sophisticated than others. Hackers who take the long view (and take their time) employ pretexting, or gaining the trust of someone before asking for personal information. Within this scenario, a cyber attacker will swear by a story that makes them sound truthful. Later, when sensitive information is requested, the pretext gives the thief the social collateral necessary to convince others to answer his/her requests.

Scareware

Anyone who has ever had a warning pop up that their computer has been infected by a virus has experienced scareware. Designed to scare a person into submission, scareware is a type of cyber attack in which computer users are directed to purchase computer protection in order to avoid the loss of personal data.  

Business email compromise (BEC)

This is a targeted phishing attempt in which criminals pretend to be part of an organization in order to get what they want – usually goods, services, or – you guessed it – money. A business that has a “culture of caution” when it comes to cyber matters is better protected from this type of compromise, but sophisticated thieves still make it difficult.

How Can You Protect Yourself From Social Engineering?

Protect yourself (and, if at work, protect your organization) by being aware of the existence of social engineering in cyber attacks and preparing for their inevitability. This includes using password security and using a checklist when receiving email before responding.

This checklist includes:

  1. Checking the email address in its entirety. Is there an extra letter in someone’s name? Is the address not quite correct?
  2. Check the time stamp. Was this email sent late – after work hours?
  3. Does the email involve a request of sensitive information that usually would not be viewed as urgent?
  4. Is it possible to call this individual – and if their phone number is listed in the email, does it match the one I have saved in my phone?

Password Security

Keep track of passwords with a secure Password Manager. Remember: longer passwords are better. The days of being able to use your name plus 12345 are long over. Ideally, you should use a password that includes numbers, letters and characters more or less at random.

Using the same password for multiple devices? Change that practice immediately. Sure, they’re easier to remember. It’s also easier for a hacker to access every single one of them the moment they gain access to just one.

Business Security

Use multi-factor authentication (MFA) to require a password plus. That means every time you log on (or someone pretending to be you logs on) they will be asked at least two more questions in order to gain access. This will cost you a few more seconds before you’re able to access your device, but those seconds are worth it to protect your information. 

Protecting Your Business

There are two ways to protect your business from social engineering: on the front end and on the back. On the front end, you should put safeguards in place to lower the threat of ransomware, secure employees through training, and instill a cyber attack-aware employee culture. Ensure company websites are secure, lower the threat of phishing, and make sure to double and triple check any bank accounts or transfers. It takes a good deal of diligence, but you can lower the chances of cyber attack.

And if the protection you’ve put in place somehow fails and you find your business is a victim of a social engineering cyber attack, cyber liability insurance can cover you on the back end to help limit the damages and make your business whole again. 

With Wallace Welch & Willingham’s cyber liability insurance policies, you can protect your business from the fallout of a cyber attack. Cyber insurance helps your organization recover data, restore damaged equipment, and even pay legal fees and fines. It’s peace of mind in an age when cyber attacks show no sign of abating. Contact one of our cyber insurance agents at W3 Insurance to learn more about how to protect your organization. Request a quote today!

How Likely is Your Company to Be Cyber Attacked?

If you’re worried about how likely your company is to be cyber attacked, you’re not alone. As the world increasingly embraces the digital marketplace, valuable data is more at risk than ever, and it can be difficult to know whether a business is fully protected against a breach.

Just as you would secure your home against intruders, so too must your business be kept as secure as possible. Of course, a business is more difficult to protect than a physical abode. Lock the doors and windows of a home and enlist a solid alarm system, and you’re likely set. Conversely, cyber attacks enter the foundation of your business through tiny (and not so tiny) cracks in the online mortar left vulnerable by business owners and employees alike. 

While the likelihood that your company could get cyber attacked is out of your hands, how it affects your company is largely up to you and depends on how carefully you’ve prepared for the attack.

What is a cyber attack?

Cue the virtual mugshots: cyber criminals hide behind their PCs and Macs to forcibly extract data from other computers (or networks). Depending on the sophistication of the attack and how targeted it is, these criminals’ actions can result in the shuttering of the victimized devices completely. Other attacks just use that single compromised computer as a stepping stone for other attacks, and still others suck the data out of the device, compromising personal and financial information and sparking a whole onslaught of trouble.

Cyber attacks occur at every level of commerce (and are now even part of modern day warfare). Take, for example, the Apache Log4j vulnerability, which results in java-based web servers getting hitchhiked and used for a variety of ill effects such as the spreading of malware or ransomware.

Cyber attacks are now a regular part of actual war; for example, when the Russia-Ukraine conflict began, Ukraine saw cyber attacks directed at its military increase by 196%.  

Another well-known attack with a deceptively positive name is the Solarwinds Sunburst attack, which targeted more than 18,000 organizations by enticing them to download what seemed like a normal software update. Unfortunately, the ‘software update’ made it possible for cyber criminals to access data. This cyber attack is ongoing and extremely destructive.

These big cyber attacks are what make the headlines, and they could lead you to assume that only large organizations get targeted. But you’d be wrong. Every day, businesses and individuals suffer cyber attacks that never make the news. What should make the news is how devastating these attacks can be for small businesses: 60% of small businesses close within 6 months of suffering a cyber attack. That’s why it’s imperative to enact safeguards in the cyber realm on a consistent basis.

6 Industries at Risk of Cyber Attack

Small Businesses

Resist the urge to believe that a business that is small is not attractive to cyber criminals; the small businesses sometimes make the biggest targets. After all, what type of training does a small business offer to inform employees what data should and shouldn’t be shared with outside entities? Without proper security protocols, employees are more likely to download programs they don’t recognize or offer login credentials to cyber criminals posing as fellow employees.

The list of possibilities is long, and it’s tough for a training to cover all of them (and that’s assuming the small business has a training at all). That vulnerability makes a small business low-hanging fruit to cyber criminals.

Healthcare

COVID-19 made a mess of so many things in our world – the healthcare industry included. Lots of healthcare entities were targeted during the pandemic because the pandemic opened up new vulnerabilities, and ransomware has been rampant. This software puts a proverbial wall up between a person and their data, keeping them apart until a ransom is paid. Healthcare organizations see these attacks as virtual emergency situations. Not being able to access patient data or other important health information can literally be a matter of life and death. 

Government agencies

Cyber criminals who want to make problems for state and municipal governments have their weapons at the ready, and the results are costly. Ransomware cost the United States government $18.8 billion dollars in 2020 (estimated using cost of recovery, etc.). Education for government employees regarding cyber security is a definite necessity, given the popularity of this type of attack.

Financial institutions

Online banking is widespread, and with it comes the risk of online theft. All it takes is for a hacker to make a fake login page that looks legitimate and, voila! Sensitive information falls into the hands of those who seek to do harm. Trojan horses are widespread problems in this sector – and they don’t have anything to do with the ancient city of Troy.

A Trojan horse is a type of malware disguised as a legitimate program in order to gain access to a server. Data and server attacks upon financial institutions go straight to the sources of delicate information – ripping credit cards and social security numbers from supposedly ‘safe’ storage places and making them visible for hackers to exploit. In this type of cyber attack, malicious code is deployed to steal that information. 

Education

Online education platforms have drastically increased over the past few years (remember the online learning boom during the pandemic?). This use of technology for educational purposes has opened more schools up to cyber attack – specifically, to malware and spam. 

Energy and utility companies

If the United State’s largest fuel pipeline can be compromised due to ransomware, anything and anyone is at risk for cyber attack. In 2021 hackers shut down the Colonial Pipeline which originates in Texas and serves the southeastern U.S. The resulting gas shortages across the country resulted in an increase in fuel prices and a loss in consumer confidence. And while that example may be extraordinary, still there are (and continue to be) many other attacks on smaller utilities.

Cyber Attack Statistics

If you’re still not convinced of the importance of keeping your online data secure from cyber attacks, consider these figures:

  • 50% of all cyber attacks are against small to mid-sized businesses.
  • The average cost of a data breach for small businesses ranges from $120,000 to $1.24 million.
  • Between 2018 and 2020, over two thirds of all small to mid-sized businesses reported a cyber crime incident.
  • Cyber crime went up by 600% during the Covid pandemic.

Any web search of ‘cyber attack statistics’ will reveal the danger you and your organization are in on a daily basis. 

The 10 Most Common Cyber Attacks 

While there are many types of cyber attacks, the ones listed below are currently the most common. 

  • DOS and DDoS Attacks
  • MITM Attacks
  • Phishing Attacks
  • Whale-phishing Attacks
  • Ransomware
  • Password Attacks
  • SQL Injection Attacks
  • URL Interpretation
  • DNS Spoofing

Remember: a full-scale strategy to protect your business (and yourself) from cyber attack is the best strategy. Work with a professional who understands the risks you face and knows how to mitigate them. 

Is Cyber Insurance Worth the Cost?

Cyber attacks can be devastating – both personally and professionally. The cost of cyber insurance hinges on the type of business being protected and the level of risk it experiences. If the amount of personal data a business handles is significant, the cost will likely be more. One way to lower cost and protect the business at the same time is to put security protocols in place that lower your business’s risk for a breach. The coverage limits you select, along with the size of the deductible, will also determine the cost.

Just as with historical warfare, protection and preparation are important to a defense. Don’t be left vulnerable to cyber attack. Instead, have a clear and ongoing strategy to combat it. And if cyber criminals do slip through your systems and take sensitive data or release ransomware into the equation, know that you have cyber insurance to back you up.

Cyber insurance can protect different industries from popular types of cyber attacks. Contact Wallace Welch & Willingham to find out how our cyber liability insurance products can help protect your business. Request a quote today!

Home Business Coverage – Who Needs It?

From Etsy store owner to multi-level marketing mavens and every aspiration in between, plenty of business owners choose the home front as their business address. It’s conceivable that the coronavirus pandemic’s ‘stay at home’ directive has spurred a new wave of stay-at-home inspiration. After all, plenty of people are finding ways to work from home. How does this class of businesspeople protect themselves and the organizations they cherish?

Do home business moguls need to take insurance along for the ride as they build an empire?

The answer is likely ‘yes.’ Just because an office is a kitchen table and the commute involves a grueling six steps from the bedroom, that doesn’t mean that it’s time to neglect insurance coverage. Coverage is available for a wide variety of home-based businesses; opting for it is often a good idea. Here’s why.

  • The overbooked photographer scenario – Let’s say you’re a photographer who overbooks (gasp) a wedding. First, congratulations on being so popular. Secondly, be prepared for the possibility that you could be sued. The angry bride or groom-to-be who booked with you originally could sue you for the cost of a replacement photographer.
  • The home-based business accident – Do customers visit your home for business purposes? If so, it’s imperative to purchase insurance. Imagine the shock of the in-home piano teacher whose student tripped on a slick floor and broke his ankle, or the computer repairman who fell as he carried his overheated laptop up the driveway and needed multiple surgeries to repair a fractured hip. Guess who foots the bill for these medical snafus? -Hint: It’s often not the injured person.
  • Annihilated inventory – Are you a maker? A baker, crafter, or an all-around-artsy person? Do you store your products in the home? Don’t expect your homeowners policy to cover that collection that took you months to amass. Make sure that you have the correct coverage in place so that if something happens, you’re able to replace and rebuild. Business income coverage will go a step further by compensating a portion of lost income as a result of a covered accident.

So who is actually eligible to elect coverage? Crafters, jewelry makers, cosmetic/beauty sales consultants (Rodan + Fields, Monat, doTERRA), teachers/tutors, disc jockeys, bakers and photographers are some of the more common eligible professions. But even those that are commonly not eligible may find coverage through a commercial or professional lines form.

That’s why it’s so important to cultivate a relationship with an insurance provider who gives good advice regarding your personal and business coverage needs. And that’s where W3 Insurance shines. As an all-lines agency, W3 serves as your comprehensive coverage source. Contact an advisor today. Describe your business and its liability. A W3 advisor will advise you regarding coverage type and scope, so you can get back to what’s really important: focusing on your home business dreams.

The Equal Pay Act’s New Friend: Your EEO-1

Employers Need EPL Like Never Before

Employers: The time to elect Employment Practices Liability coverage is now. Component 2 of the EEO-1 is due September 30, 2019, and it dictates payroll data be disclosed to the EEOC, who enforces the Equal Pay Act.

But I don’t intend to pay my employees in a discriminatory manner, you say. Surely I’m not culpable for a pay disparity?

You are – and here’s why.

The Equal Pay Act is a strict liability statute, meaning there is no need for the employer to intend to pay in a discriminatory manner. Component 2 requires employers to provide hours and pay information by the same categories as Component 1, which includes the category of sex. To the extent that the EEOC finds your reported information persuasive, they will seek to use Component 2 pay data as admissible evidence in the event of an Equal Pay Act claim against your company. 

Dig into that payroll data, if you haven’t already, and check for objective disparity in your payroll that may give the appearance that it is based on sex. If it exists, check to see if there is a clear legitimate reason for each disparity (seniority, production, etc.). Find and fix any issues before someone else does.

Your next step? Contact W3 Insurance for an Employment Practices Liability policy. It’s our job to stay up-to-date regarding your employer requirements so you can focus on your ultimate goal –  your business.

New Call-to-action

Secure Your Business – Here’s How:

Thanks to all the news stories of businesses toppling amidst cyber attack, you’re likely convinced that the threat is real. As cyber insurance advisors, we can assure you that the battle is ongoing and that hackers and other miscreants show no sign of calling for a cease fire. How can you win the war? Besides purchasing cyber attack coverage, there are some relatively simple measures you can take to ensure your organization does not become a cautionary tale. Below is a short list of steps you can take:

  • Securely back up confidential information/important files in a remote location NOT connected to you business’s main network.
  • Update software as new updates are released to stay up-to-date with the latest security updates.
  • Be aware of logins and passwords
    • Take special care when dealing with passwords to portals that contain banking information, health insurance, PayPal information, etc.
    • Select long passwords with two factor authentication
    • Don’t reuse passwords
  • Always verify any change requests from vendors/clients by calling a pre-determined number. Never call the number ON the change request; it may be fraudulent
  • Keep employees current regarding all types of cyber scam techniques and the best ways to combat them.
  • Stay educated through reputable sites and share pertinent information with directors and officers, as well as employees. These include: iii.org, IC3.gov and idtheftcenter.org.
  • Recognize that prior to your business being targeted by phone or email, your computers likely will have been breached. Consult with computer technology experts and use updated cyber security software, secure Wi-Fi networks, and two factor authorization.

If you haven’t yet purchased cyber insurance, find your coverage here. All it takes is a few minutes to complete the application; afterward we’ll present you with a bindable quote. W3 Insurance is on your side in the fight against cyber attack. Thanks to extensive coverage options, we’re able to be part of the shield that keeps businesses like yours from becoming a statistic.

Every Business is Vulnerable to Cyber Attack

The business is a battlefield – and the attacks are coming from cyberspace. It’s a visible war with plenty of high-profile casualties. The Equifax data breach of 2017 revealed the personal information of 143 million people. The Yahoo breach left billions of accounts vulnerable; a recent disclosure revealed that every Yahoo account was affected. Uber customers totaling 57 million found a ride – and had their personal data stolen.

Many small and medium-sized businesses are not acting quickly to protect themselves. “My business is smaller than those mammoth companies,” owners say. “Can the risk really be that high?” The answer is a resounding yes. Small and medium-sized business owners who believe it won’t happen to us do so at their own peril. It’s not just the ‘big fish’ who are targets; two out of three cyberattacks are now directed at small businesses. The reason for this is clear: these entities often do not employ adequate security measures. Add an absence of insurance protection to the equation, and a breach can be exceptionally disastrous. It’s a problem of preparation AND protection. Without the proper security in place, a breach may occur with ease – and without insurance coverage to handle the aftermath, the result can be financially devastating.

Ready for your personalized quote?

The takeaway is this: the threat of cyberattack does not necessarily increase as the size of a business does. Companies of all sizes are at risk. For proof, let’s examine real-life cautionary stories of Tampa Bay Area small businesses as reported by St. Petersburg insurance agency Wallace Welch & Willingham Inc (W3 Insurance). In the below examples, the businesses affected lacked adequate crime coverage, which did not include cyber-related losses.

Scenario One: The Classic Hack

In hindsight, it’s obvious that the accounting software was ‘a sitting duck,’ as the saying goes. A hacker found a way into the payroll program and methodically added fake employees to the roster one by one, shuttling money to an outside account and leading to more than $200,000 in losses before the hack was discovered.

Scenario Two: The Patient Robber

Some cyber criminals are exceedingly persistent. This one did his homework in a major way, learning about the company’s employees and customers in detail. He then requested a wire transfer from a client to a fake email address that read suspiciously close to a salesperson’s address. The money was wired without a second thought, and the result was a loss of thousands of dollars.

Scenario Three: The Last-Minute Switch

Yet another criminal accessed a seller account on a transaction. He monitored the email exchange between the buyer and the seller. Just as the transaction was to close, he sent an email with fraudulent wire instructions to the buyer from within the seller’s own email account. The seller naturally assumed the wire instructions were correct – and wired $388,000 to the criminal.

None of the above companies had adequate cyber insurance coverage in place as a safeguard. What could have been a simple add-on to an existing policy is now ultimately viewed by these organizations as a huge lapse in judgement.

Regardless of how a breach occurs, the end result is the same: potential economic devastation. Businesses may store private customer information protected by law; a cyberattack can create havoc for a business owner from a first and third-party standpoint. The business owner could lose access to valuable data necessary to run their business, resulting in a temporary shutdown and perhaps even a ransom to restore it.

Cyber Liability InsuranceIf customer data is breached, the business could face lawsuits from third parties for not providing adequate protection of sensitive information, as well as government fines and penalties for certain types of legally protected data. After probable costs of legal fees, data forensics, public relations consultants, notification and data monitoring services are totaled, the loss is staggering. The 2018 average cost is $148 per breached record.

In this cyberattack battlefield, a two-pronged approach is necessary for the protection of businesses, no matter their size. By implementing loss control measures to avoid or reduce exposure to cyber risk and purchasing a cyber insurance policy specifically designed to cover this type of loss, organizations can avoid becoming a statistic.

Those who decline to prepare face a stark reality. Bankruptcy is a common occurrence for those businesses who choose to ignore the danger. The National Cyber Security Alliance states that a staggering 60% of small businesses close their doors for good within six months of a cyberattack.

It’s obvious that the need for cyber protection is dire, and there’s no one-size-fits-all answer for preparation and coverage. Encrypting important data is just one strategy, as is consulting with an insurance professional knowledgeable about cyber risk policies. Professionals like those at W3 Insurance examine the risk of each business and advise accordingly.

Based on reports of trillions of dollars being stolen from businesses, cyber criminals are winning this war. It’s time for all organizations to form a proper defense and to have a backup plan in the form of cyber security coverage if attacks do succeed.

Ready for your personalized quote?


  1. Federal Trade Commission, The Equifax Data Breach, https://www.ftc.gov/equifax-data-breach
  2. Natt Garun, Yahoo Says All 3 Billion User Accounts Were Impacted by 2013 Security Breach, The Verge (Oct. 3, 2017), https://www.theverge.com/2017/10/3/16414306/yahoo-security-data-breach-3-billion-verizon
  3. Mike Isaac, Katie Benner and Sheera Frenkel, Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data, New York Times (Nov. 21, 2017), https://www.nytimes.com/2017/11/21/technology/uber-hack.html
  4. Steve Strauss, Cyber Threat is Huge for Small Businesses, USA Today (Oct. 20, 2017), https://www.usatoday.com/story/money/columnist/strauss/2017/10/20/cyber-threat-huge-small-businesses/782716001/
  5. IBM.com, https://ibm.co/2Qiah9g
  6. Gary Miller, 60% of Companies That Suffer a Cyber Attack Are Out of Business Within Six Months, The Denver Post (March 24, 2017), https://www.denverpost.com/2016/10/23/small-companies-cyber-attack-out-of-business/

Cyber Attacks: Every Business is Vulnerable

Odds are high that your business will be affected by a cyberattack. We’ve all heard of the recent casualties of the Cyber War: an Equifax data breach revealed the personal information of 145 million customers. The Yahoo breach left 3 billion accounts vulnerable. Uber customers totaling 57 million found a ride – and had their personal data stolen.

But my business is smaller than these, you say. Is my risk really that high?

The answer is a resounding yes. According to USA Today, nearly two out of three cyberattacks are now directed at small businesses. Their vulnerability exists due to a perception they are not the target and the absence of insurance protection after the event. It’s a problem of preparation AND protection. Without the proper security in place, a breach may occur – and without insurance coverage to handle the aftermath, the result can be financially devastating.

Cyber insurance is likely necessary regardless of your company’s size. For proof, examine the following scenarios. Both are real-life cautionary stories from Bay Area small businesses.

Looking back, it’s obvious that the accounting software was easy to breach. A hacker found a way in and methodically added fake employees one by one, shuttling money to an outside account and leading to more than $200,000 in losses.

Another cyber criminal did his homework in a major way, learning about the company’s employees and customers in detail. He then requested a wire transfer from a client to a fake email address that read suspiciously close to a salesperson’s. -The result? Thousands of dollars lost.

Regardless of how a breach occurs, the end result is the same: potential economic devastation. Businesses may store private customer information protected by law, and a cyberattack can create havoc for a business owner from a first and third-party standpoint. The business owner could lose access to valuable data necessary to run their business, resulting in a temporary shutdown and perhaps even a ransom to restore it.

If customer data is breached, the business could face lawsuits from third parties for not adequately protecting information, as well as government fines and penalties for certain types of legally protected data. After probable costs of legal fees, data forensics, public relations consultants, notification and data monitoring services are totaled, the loss is staggering. According to the Ponemon Institute, the average cost is $154 to $158 per breached record.

Adequately protect your business with a two-pronged approach. By implementing loss control measures to avoid or reduce your exposure to cyber risk and purchasing a cyber insurance policy specifically designed to cover this type of loss, you can avoid becoming a statistic.

According to a 2016 survey conducted by Risk.net, risk management executives named cyberattacks as the top emerging risk to their business – and there’s no one-size-fits-all answer for coverage. Invite an experienced insurance advisor to examine your risk and recommend the correct course of action.

Gauge your company’s current vulnerability. Download the free Cyber Risk Exposure Scorecard and contact us to learn more about Cyber Risk Management services that protect your business.