Cyber criminals have all sorts of ways of gaining electronic access to your company. A favoured trick is hacking email accounts. The cheats steal the identity of the sender. And so companies receive payment instructions from apparently trustworthy partners such as customers and suppliers, perhaps even from their head of finance or CEO. The money lands in the cheat’s account.

Destructive Trojans

Another trap – emails with attachments or links to fake websites with instructions to download files there. Opening one of these files sends a Trojan into the internal IT system – with highly unpleasant consequences. Emotet, for example – currently considered one of the most dangerous cyber threats in the world – enables a malicious program such as the ransomware Ryuk to be downloaded. This not only encrypts data, it also deletes additional security copies. It is not just money that motivates cheats to this kind of attack – often it’s about pure destruction. This can lead to financial losses or claims that arise through data loss, data manipulation or data protection infringement. Insurers have now addressed this problem by offering tailored cyber insurance for companies. Helvetia not only compensates for claims through cyber crime, it also supports companies with a dedicated network of experts and security training.

Raising employee awareness

Experts estimate that currently 250 million different pieces of malicious software are active globally today. And every day they are joined by an estimated 300,000 new variants. Christoph Guntersweiler, Head of Technical Insurance at Helvetia: ‘Despite comprehensive organisational and technical security measures, it is very often humans who make the critical error.’ That’s why he believes that companies should confront this issue, continually and critically, and raise awareness of it among their employees. Conversely, it is ultimately people who see through an attacker and thus protect the company.

Protect yourself and your company

1. Make sure that you have installed the latest Windows security updates and patches.
2. Create regular back-ups that are stored in a location separate from the network system: Our backup strategy for your SME.
3. Install technical security measures, such as virus scanners, firewalls, etc.
4. Change standard passwords on your devices.
5. From time to time, networks should be segmented (separation of client/server and domain controller networks and production networks, each with their own isolated administration).
6. Only give access to users who truly need it.

And last but not least – keep a critical eye open for emails that seem strange, and if necessary, ask the supposed sender. And that way, you can spoil the hackers’ fun.