Merchants are all too aware of the risks of fraud and data breaches as more business goes online. In the Digital Fraud Tracker, Corvus Insurance’s Jason Rebholz explains why businesses must emphasize employee education and require partners to obtain cybersecurity insurance to make sure they’re protected and able to bounce back.
Technology has simplified consumers’ everyday lives in ways that may have seemed unimaginable even a decade ago. They now can pay bills, buy products, schedule rides and order groceries all from the comfort of their own homes, and the pandemic has brought on many other behavioral shifts, said Jason Rebholz, chief information security officer at Corvus Insurance.
However, as the online marketplace grew, consumers were not the only ones who recognized the benefits of digitization. Cybercriminals also noticed and developed more sophisticated ways to prey on user profiles.
“A significant increase in remote work and eCommerce shifted the focus of cybercriminals to where financial gain could be easily found,” Rebholz said. “This was found in increased phishing scams, targeting of eCommerce sites and ransomware.”
Protecting customers’ data from the rise in cyberattacks has required global lawmakers to introduce consumer data privacy bills that prevent businesses from unethically sharing sensitive data. In combination with perpetually evolving fraudsters, these stringent rules and regulations give security professionals much to do on the digital economy front.
Consumer data privacy is likely to be increasingly regulated in the future, but companies still can find ways to responsibly harness personal data today to enhance the customer experience and gain the upper hand over their competitors.
Insurance Verification Helps Protect Businesses and Their Customers From Cyber Threats
Companies often examine customers’ behavior when looking for gaps in their security defenses, but the pandemic-driven surge in remote workers contributed heavily to the growth in digital crime. Ransomware alone accounted for nearly 85% of cyberattacks last year, and these attacks can be catastrophic for businesses’ revenues and reputations if they lack sufficient insurance coverage.
“The consumer data privacy landscape is rapidly changing,” Rebholz said. “Corvus’ legal compliance teams and security teams work closely together to identify upcoming changes and align security controls to meet those demands. The complexities and ambiguity of some consumer data privacy bills can impede progress, as organizations without proper legal insights can struggle to determine the appropriate course of action.”
Businesses can protect themselves and their customers by not only investing in cybersecurity solutions but also requiring third-party vendors to obtain enough coverage for reparations and remediation efforts if fraud were to occur on their watch. No consumer or corporation is immune to cyber threats, but verification is one of the most effective ways for companies to defend against ransomware attacks, compromised data and other financial risks.
Employee Education Plays Critical Role in Cybersecurity
Customers’ digital hygiene practices have much room for improvement. While 92% of consumers are aware of the risks associated with reusing a password or a variation of it with two or more accounts, 65% still do just that. Consumers seem less knowledgeable about how certain behaviors can put their employers at risk of fraud, however.
Approximately 24% of workers believe clicking on an unverifiable attachment or link carries little to no risk, according to a recent report, and 69% do not believe sharing work-related devices with friends or family members heightens the risk of security breaches.
“Security awareness training is the first line of defense,” Rebholz said. “A single click of a link in an email can lead to a large security incident. Successful training provides the mindset of ‘look before you click.’ From there, consistent training and testing of employees helps to reinforce that mindset. Protecting sensitive data is a multilayered approach. It starts with users avoiding common security missteps.”
While some companies may express concerns about the cost of cybersecurity education, it is nothing compared to the price tag of a data breach. The risk of not educating employees continues to grow as more and more companies convert to online platforms.
Cybersecurity awareness training is proven to positively affect the return on investment (ROI), and customizing instructional materials for each employee’s specific role or department will boost engagement and result in constructive behavioral modification. Proper education, in conjunction with cybersecurity insurance, arms businesses with the necessary tools to fight fraud and protects them against potential legal repercussions.