We understand the importance of safeguarding your moving and storage business at Reason Global. So, as we step into Cyber-security Awareness Month, we shed light on some of the most prevalent cyber threats and how to limit your exposure to them.

Ransomware-as-a-Service (RaaS)

Ransomware attacks are increasing, and criminals are making it easier for others to carry out these attacks through RaaS platforms. Ransomware attacks involve encrypting a victim’s data and demanding a ransom for release. RaaS makes this nefarious tactic more accessible to cybercriminals, allowing them to rent ransomware tools and reducing the technical skill required. To safeguard your business, regularly back up data, update security protocols, and consider cyber insurance to mitigate the financial impact.

AI-Powered Attacks

Cybercriminals are increasingly using artificial intelligence to enhance their attacks, for example, by employing machine learning algorithms to craft highly convincing phishing emails, making it harder for users to discern legitimate from malicious messages. Educate employees on how to recognise AI phishing emails and consider employing AI-powered email security solutions to help detect and stop cyberattacks before they reach users’ mailboxes.

Supply Chain Attacks

Third-party suppliers can be vulnerable points of entry for cybercriminals, who can target a target organisation’s suppliers and service providers to gain access to their systems. For instance, the SolarWinds breach of 2020 compromised a widely used software provider, allowing attackers to infiltrate numerous high-profile organisations. Protect your business by vetting your suppliers’ security practices and implementing strict supply chain security measures.

Deepfakes and Disinformation

Deepfakes use AI to manipulate audio and video content to deceive viewers. The spread of fake videos and disinformation can harm your business’s reputation. Train your employees to recognise deepfake content and encourage them to stay vigilant.

Cloud Jacking

With businesses relying more on cloud services, securing your cloud infrastructure is crucial. Cybercriminals exploit vulnerabilities in cloud infrastructure to steal sensitive data or disrupt services. The Capital One breach in 2019 exposed over 100 million customer records due to a misconfigured firewall in an Amazon Web Services (AWS) server. Protect your business by utilising robust authentication methods and encryption for cloud data.

Insider Threats

These come from employees, contractors, or business partners accessing your systems. This happened in 2019 when a former Twitter employee exploited their privileged access to deactivate high-profile individuals’ accounts temporarily. You can implement access controls and employee training to minimise insider threats.

The moving and storage industry is not immune to this evolving cyber threat landscape. Fortunately, Cyber Liability insurance policies can provide different types of extensions to protect your business from cyber-attacks. Learn more about our Cyber Liability Insurance Cover.

Among the various forms of cyber-attack, phishing – a scamming method that tricks users into clicking on an unsafe link or giving away sensitive information that hackers can use to access important accounts or compromise data – repeatedly reigns as a top technique

Recent research revealed that 45 per cent of UK organisations have experienced a phishing attack in the past two years. This common scare can wreak financial and reputational havoc on any company, regardless of size or industry and expose not just your data, but data relating to your customers. With this in mind, it’s vital for any moving and self-storage businesses to have robust cyber-security measures in place to help prevent phishing attacks. 

Here are our four top tips on how to bolster your business against phishing attacks:

1. Promote staff awareness

The majority of cyber-attacks require human interaction to be successful. This highlights that although an organisation’s employees can be its biggest asset, they also have the potential to be its biggest risk. Utilise an effective training programme to that teaches your employees how to recognise and report phishing attacks. Download our infographic guide here ››

2. Implement proper protection software

Install anti virus and malware protection on all organisational devices and conduct routine software updates.

3. Filter company emails

Ensure your company’s email server has security features in place to filter emails from potentially malicious senders into the spam folder.

4. Establish a cyber-incident response plan

Ensuring your organisation has a robust cyber-incident continuity and response plan will help to limit the damages of a phishing attack. Review and test this plan regularly with your employees. Download our Cyber Continuity and Incident Response Plan Toolkit ››

Watch our short video for guidance on how to prevent phishing attacks in the workplace…

As cyber-attack trends and techniques continue to evolve, so should your cyber-insurance policy. Purchasing cyber-cover is the only way to ensure the ultimate protection against a costly data breach.

In recent years, cyber fraud has emerged as one of the most significant threats facing organisations of all sizes. Cyber attacks (such as data breaches and hacks) result in devastating damage to small and medium sized businesses, such as business disruptions, revenue loss, legal fees, reputation damage, and more. Although the average business loss is £35,000, it can vary widely with some UK companies reporting losses of up to £18.5million according to the nation’s fraud and cyber-crime reporting centre, Action Fraud.

As a result Cyber liability insurance has fast become an essential component to every businesses risk management programme. However, due to the considerable variation between cyber policy wordings, several misconceptions have arisen on what a cyber insurance policy does and doesn’t cover.

Does Cyber Insurance Cover CEO Fraud Email Scams?

One of the most common areas of confusion is around phishing scams that trick people into taking action or divulging sensitive or confidential information. A variety of cyber-attacks are considered to be phishing scams, but the CEO fraud email scam (also known as ‘bogus boss’, ‘whale phishing’, ‘insider spoofing’, company exec spam and business email compromise) can be the most expensive and problematic.

This is because cyber liability insurance coverage will address the first and third-party risks associated with e-business, the Internet, networks and informational assets – protecting your business against exposures arising out of online breaches and cybercrime. But phishing attacks – which involve a large element of human error – have the potential to trigger different insurance policies, not just Cyber Policies.

By understanding the risks involved with the CEO email scam, you can boost your defences to better protect your company from cyber-criminals…

CEO Fraud Case Study

The following case study based on a real-life medium-sized company that fell victim to a CEO fraud scam illustrates the insidious and subtle nature of the crimes.

An accountant at the company received a phone call from an unknown source, who told the accountant that she should expect to receive an email from the CEO with explicit instructions to conduct a financial transaction. The accountant then received an email that appeared to be from the CEO that explained the company was purchasing a business in Cyprus and that the accountant was to expect a phone call from a consultant, who would explain where to transfer the money.

The accountant received several more emails and phone calls, all of which demanded that she act quickly to ensure that the deal did not fall through. Due to the fraudster’s repeated urgings, the accountant authorised £372,000 to be transferred to the fraudster’s account. While the company’s bank held up three of the approved wire transfers, one worth nearly £100,000 was still approved. This all happened within three hours, which is typical of a CEO fraud email scam. Fraudsters will try to pressure employees to act quickly without hesitation.

In this situation, the financial loss from the fraud would be excluded from the company’s primary coverage provided in its cyber policies because there was no loss of tangible business assets such as the loss of customer data involved.
The fact that a fraud was carried out by email does not in itself make the financial loss a cyber-incident. In these circumstances, the Insured is a victim of crime in the same way it would be if the Insured is persuaded to transfer money as the result of a fraudulent telephone call, meeting or letter. Rather, this incident would be viewed as a crime as an accountant was persuaded to transfer the money via a fraudulent phone call and email.

If the policy included fraudulent instruction that covered against losses resulting from any payments made to someone impersonating a client, vendor or employee that is intended to mislead then the company would be protected from CEO email fraud. Likewise if the fraudster had sent the email from a genuine internal account then the security of the company network could have been compromised and then company would have had a case.

The moving and shipping industry suffered from its most damaging IT cyber attack in recent history when global shipping giant A.P. Miller-Maersk was targeted last week.

In the second major ransomware attack of this year, the new Petya ransomware virus started to affect companies across Europe early on Tuesday 27th June, before spreading to the US and South America. Maersk were forced to shut down their website and large parts of their global operations to halt the spread of the virus, with major ports including the Port of New York and New Jersey on the US East Coast and Rotterdam, Europe’s largest harbour, temporarily closed when the virus affected multiple AP terminals.

With a fleet of over 600 container vessels, Maersk handles over a quarter of all containers shipped on the busy Asia-Europe route and inevitably the attack had a huge knock on effect across the moving and shipping industries, affecting shipment booking and communications between companies. Following an official statement by Maersk on Wednesday confirming “IT and communications infrastructure have been impacted and we have proactively shut down as a security measure,” the group took to their website and social media channels to keep customers updated.

Terminals in the UK were not directly affected by the attack, but without access to Maersk systems, many moving firms were unable to issue quotes or accept new bookings. Leading moving company Pickfords also issued a statement on their website and social media channels to keep their customers informed of the situation.

By the end of the week, Maersk was ‘progressing towards technical recovery’ with online bookings, cargo loading and cargo in transit all operating normally. Nevertheless, this recent attack highlights yet again how Cyber security is among the most pressing issues facing our business today and that no organisation is immune to the threat.

Dan Reynolds, Director at Reason Global said, “We are talking to our clients wherever we feel appropriate regarding the growing threat of Cyber and the potential exposures. It is a growing concern for many industries but can still be seen as something that doesn’t really affect ours. However, this latest incident shows how issues in supply chains can cause strong knock-on effects to our own clients and their customers in turn. Unfortunately, the threat continues to grow as seen in the news far too often recently. It is now a reality that Cyber exposure needs to form part of a company’s overall risk management programme.”