How to secure your brokerage’s data – an interview with BOXX Insurance
Brokerages should review their data recovery protocols frequently
Some products back up data to folders that use default directory names that should be renamed
Ransomware creators can also gain access to published APIs and use them to encrypt existing backups
Brokers must secure their client data to protect their trusted advisor status, a cyber insurance provider has warned.
“What many brokers fail to realize is that when customers engage them as a trusted risk advisor, it implies they’re also trusting them with their data,” said Vishal Kundi, CEO and co-founder of Toronto-based BOXX Insurance, told Canadian Underwriter. “You can’t be a trusted risk advisor if your clients can’t trust you with their data.”
Many brokers aren’t doing enough to secure the data they collect, he added. If a broker doesn’t back up files properly and loses all records in a cyberattack, clients will be legitimately upset. “[A client] could argue that you’ve been advising them about their risk management controls for all these years but neglected to take your own advice,” Kundi said. “Now, you’re not only dealing with a costly data recovery mess but fighting to protect your reputation and client base.”
Further, cybercriminals are becoming increasingly sophisticated, making data recovery more difficult. “Simply backing up your data no longer provides an absolute guarantee that you can recover from a ransomware [or other] attack,” Kundi said. “There’s a lot more to it, like how frequently you back up data (you should be doing this daily), where you’re backing up your data (for example, in the cloud or on hardware), and whether you have a procedure to regularly test your backups.”
Three questions to ask your IT team
Kundi said brokerages should review their data recovery protocols and look at the latest techniques hackers use to perform ransomware attacks. Brokers should be asking their IT teams or providers the following questions to help determine backup security:
Can hackers find and encrypt our backups on network file shares?
Some products back up data to folders accessible over corporate networks. Many organizations use the default directory name created by these products to store their backups. However, the default names are readily accessible in publicly available documentation. “Some creators of ransomware figured this out a while ago, and as part of their malware that finds and encrypts data on production servers, they also probe corporate networks for these default backup directories and encrypt the backups in these directories. In so doing, they increase the possibility that companies can’t recover from backups,” Kundi said.
How well are our backups secured against ransomware “time bombs”?
When ransomware encrypts a brokerage’s data, the encryption generally occurs as soon as — or shortly after — the ransomware accesses the brokerage’s network. Newer ransomware, however, infects data immediately but does not encrypt it right away — thereby eluding immediate detection, Kundi explained. “After days, weeks, or even months go by, [the ransomware] initiates the encryption of the corporate data. This is the worst type of ransomware attack,” he said. “Not only is all of a brokerage’s production data encrypted, the broker thinks it has ‘good’ backups. [But] when it goes to restore the data, the restored data encrypts as well because it was infected when it was backed up. This may make it almost impossible for a brokerage to determine when it was initially infected and which of their backed up data they can reliably and confidently restore.”
Is our backup’s API safe?
A number of backup software editions have their own application programming interface (API) available to developers, including ransomware creators, who can also access these published APIs and use them to encrypt existing backups. “By taking the time to review how their client data is being stored and protected, insurance brokerages can ensure their client data is available at all times and, more importantly, take another step to protect their most important asset: their clients’ trust,” Kundi said.
Original Article Published by Canadian Underwriter
About BOXX Insurance
BOXX Insurance Inc. helps businesses and families insure and defend against cyber threats. BOXX Insurance Inc. is privately-held with headquarters in Toronto, Canada. BOXX’s vision is to help businesses, individuals and families stay ahead of, respond to and recover from cyber threats, putting their digital safety first.
BOXX recognized as Top 10 Most Innovative Insurance Tech Companies to Watch in 2022 – CIOInsights
Amidst booming digitalization, BOXX has landed its wheels on track with a promise to make Cyber Protection & Insurance smarter and simpler.
BOXX Insurance Canada Feature – Never too old to start up
BOXX Insurance co-founders Vishal Kundi and Mike Senechal open up about creating one of Canada’s first cyber insurtechs.
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.