Are you making these password mistakes?

From leaving passwords written on sticky notes laying around to using simple passwords to not using proper technology to secure client data, employees and companies still have much to learn about data security, according to a recent report. And with new research showing that cyber incidents are the top global risk for businesses, the blunders highlighted are a lesson in securing personal, corporate and client data.

Dashlane, a credential management company that stores and manage passwords through a desktop or mobile app, recounted the biggest mistakes companies and people made over the last year when it came to securing various accounts via a password in its annual Worst Password Offenders list.

Its top offender was Facebook, which made two critical mistakes from which all companies can learn. The company admitted that it not only exposed passwords of hundreds of millions of users internally to its employees, it also breached user privacy by asking for the email passwords of new users and harvesting contacts without consent. Facebook also violated security best practices by storing account passwords in its internal data storage system for years in plain text.

The tech giant then left a server unprotected – meaning, without a password – leaving 400 million users’ phone numbers and record exposed.

Facebook’s series of security blunders kept Google in second place for the year as the company admitted that it, similarly to Facebook, had stored passwords as plain text … since 2005.

Some of the worst mistakes weren’t done by corporations, according to Dashlane, as people were also inadvertently exposing their own passwords. Their mistakes are also a lesson for many others.

For example, how many people in your office have a password on a sticky note attached to their computer or desk that anyone walking by could see? Dashlane called out actress Lisa Kudrow who posted a photo of an article about an upcoming role. But included in the photo was a password written on a sticky note attached to her computer monitor.

Simple passwords continue to be a thorn in the side of security experts. U.S. Congressman Lance Gooden was caught on camera unlocking his phone with the code “777777.” Talk show host Ellen DeGeneres admitted that her password skills were lacking following a hack of her Instagram account. She was using the password “password.”

Dashlane recommends the following tips to secure accounts:

  • Use a different password for every account. “Password reuse is an epidemic. Repeating the same password across your accounts is a lot like using the same key for your house or your car,” the company said.
  • Use two-factor identification. It adds an extra layer of security by using two of three verification methods, such as your password, biometrics and a smart card.

Source: https://www.canadianunderwriter.ca/insurance/are-you-following-these-password-blunders-1004172791/

Home Insurance Coverage You May Not Know About…

Most home insurance clients don’t know they could be covered for identity theft, Top Broker Summit attendees heard Monday.

“On the personal lines side, there have been a number of companies in Canada that have offered identity theft coverage for 10, 12 or 13 years. I think most Canadians don’t know it’s available,” said Paul Kovacs, founder and executive director of the Institute for Catastrophic Loss Reduction.

“Some insurance companies throw it in. Others charge for it. But it’s certainly not a topic that I think the public is aware of. Identity theft is a growing threat and there is an opportunity on the personal lines side to talk about the role of the industry,” Kovacs said while moderating a luncheon panel at Top Broker Summit, produced by Canadian Underwriter and held at the Ritz-Carlton in Toronto. “Most Canadians don’t know whether they have it or not.”

Identity theft is when a criminal uses a client’s personal information (such as a name, social insurance number, or credit card number), as defined by CAA Insurance, one of the many companies that offer identity theft protection with home insurance. In CAA’s case, the coverage can be added for $25 a year.

For business clients, cyber insurance can cover a variety of losses, such as legal costs and damages, if you are sued for a privacy breach. It can also cover the cost to restore or recover data caused by a breach, denial-of-service attack, or ransomware, Insurance Bureau of Canada reports.

What exactly gets covered depends on the individual policy.

“There is absolutely no standard,” said Patrick Bourk, principal and national cyber practice leader for Hub International Ontario, during the Top Broker Summit luncheon panel. “Every insurer will do things a little bit differently.”

Cyber is a profitable business for insurers, but it it’s also linked to a very high risk compared to other lines, said Kovacs.

Some insurers are concerned about a single catastrophic cyber loss that affects multiple victims, costing the industry billions of dollars’ worth of claims payouts, suggested Bourk.

Asked by Kovacs how he sees the cyber market in five to 10 years, Bourk suggested prices might increase as cyber losses mount. “I think there is going to be some insurers who will realize, ‘Okay, maybe this is not necessarily for our risk appetite,’” Bourk responded.

Also on the panel was Jacqueline Detablan, vice president of specialty at CNA Canada.

“How we underwrite those risks has changed significantly,” said Detablan, who was previously a vice president of financial lines at American International Group (AIG) Canada. “Back in the day, we would have a real IT engineer do a deep dive on almost every single risk. We still to that on more complex risks.

“But [now] it’s more of a volume play, because you are going to have losses and you need to have a larger pool of premiums to cover those losses.”

Source Article: https://www.canadianunderwriter.ca/insurance/the-home-insurance-coverage-your-clients-dont-know-about-1004171210/

Canada is #3 in Cyber Breaches

The importance of obtaining cyber insurance has again hit home, following the release of a report that found by mid-2018, Canada was the country with the third most cyber incidents in the world and ninth most exposed records.

Last month, Risk Based Security in Richmond, Va. reported data as of June 30 showing the United States had, by far, the most incidents per country at 1,074. United Kingdom was second with 62 and Canada third with 48 incidents.

Canada ranks 18th worldwide by gross domestic product and 38th worldwide by population, according to the CIA World Factbook.

Of the 48 breaches reported in Canada, a total of 12,551,574 records were exposed, with an average of 261,491 records exposed per breach.

That Canada had the third most cyber incidents in the world is not surprising considering Canada continues to be one of the most “wired” countries in the world, according to the Canadian Internet Registration Authority (CIRA). CIRA reported nearly 87% of Canadian households are connected to the Internet; Canada ranks 16th globally in terms of Internet penetration in 2013, up from 80% in 2010.

The country has seen several breaches recently. Air Canada reported in late August it detected “unusual login activity,” warning that 20,000 customers may have had their personal information improperly accessed due to a mobile app breach. In mid-May, Ontario’s Algonquin College had an incident involving “unauthorized and illegal access by hackers on one server infected with malware.” More than 4,500 students and alumni may have had information such as date of birth and home address exposed.

The healthcare and financial services sectors are typically at the top of the list in terms of industries affected by a breach. According to the Data Breach QuickView Report from Risk Based Security, globally, the finance and insurance sector saw the highest distribution of incidents (52 incidents, or 16.5%). This was followed by healthcare (62 incidents, or 14.7%) and public administration (92 incidents, or 12.5%).

Worldwide, 2,308 breaches were reported through June 30, exposing approximately 2.6 billion records.

 

Source: https://www.canadianunderwriter.ca/technology/canada-ranks-worldwide-cyber-breaches-1004136764/