Call us today for help! (925) 771-2334

Cybercrime, e.g. phishing, ransomware, hacked password, network breach, cyber attacks, needs cyber liability insurance, said Rick Callaway commercial insurance.

Business Executives: Be Serious About Cybercrime!

Cybercrime costs are often a lot more expensive than the premiums for cyber liability insurance against breaches, says Rick Callaway.

The following is a slightly edited transcript for the podcast interview of Rick Callaway, on Mon, Jan 23, 2023 12:15 PM • 30:51

Listen to the podcast

SPEAKERS

Richard Callaway, Maurice Washington

Maurice Washington  00:28

Hello, my name is Maurice Washington. I want to welcome everybody to another episode of executive talk. Those you’re watching live, and also those of you watching on Roku or listening on podcasts, thank you guys for being here. Today’s episode is about cybercrime. Obviously, things are in the landscape and business has changed quite a bit. And businesses are under attack and also people are under attack a lot more frequently than we normally have been. And so, in order to talk about this topic I have Rick Callaway of Rick Callaway Commercial Insurance with me to discuss this, so let’s go ahead and welcome in Rick, how are you doing today, Rick?

 Richard Callaway  01:05

Just great. I think we have a good show today, cybercrime is becoming the hottest topic anywhere from business to business, anywhere you hear what’s up with this cybercrime stuff.

Cybercrime is predicted to inflict $10.5 trillion damages annually by 2025, mostly to small businesses, – an exponentially larger amount than damage inflicted by natural disasters in a year.

 Maurice Washington  01:18

Yeah, that’s exactly right. And I want to go ahead and just hit everybody with the article right now because this has bothered me and I should set the stage for everything that we’re talking about here. Let me go ahead and share the screen for everybody. For those who are listening to podcasts this article is from Boise state.edu. And this is a cybercrime to cost the world 10.5 trillion annually by 2025. So in this article, you will learn about how much cybercrime can cost a company. Cybercrime is predicted to inflict 6 trillion USD and damages globally in 2021, and will reach 10.5 trillion USD annually by 2025. An exponentially larger amount than damage inflicted by natural disasters in a year. And so, Rick, will you hear that? I don’t know what comes to you.

 Richard Callaway  02:09

It’s a big number. But realize that a big number isn’t made up of cyber attacks on huge corporations. There are a bunch of little bitty attacks on small businesses, if you have an email, or website, whatever, you’re vulnerable, if liable for that attack. All the way back in 2016, there was a New York Times bestseller, lights out a cyberattack on a nation unprepared for surviving the aftermath. Ted Koppel reported on it and said that America’s power grid is subject to being hacked. And it’s not if it’s when. So cyber attack is here.

 Hacking is prevalent on social media and on internet

Maurice Washington  02:50

And just bring up a few examples. And I think everybody recognizes some but so for example, I have a friend of mine, she’s on Facebook just recently. And this sounds like a small attack. But nonetheless, work with me on this. So she had her Facebook account hacked, and they changed our profile picture. And obviously, if you get hacked, all your information is right there behind. You know, for the hacker to actually access. There’s a level of branding that comes with it that comes part of this attack. For her personally, her own personal brand is under attack. And she’s not a business owner. But nonetheless, her credibility is online for what she’s posting. Now, do you see that often here,

Richard Callaway  03:33

Well, I hate to admit it, but I didn’t get hacked, but my LinkedIn account got blocked because something strange was going on. Nobody got any of my information. But it took me almost a month to get it back up. And I’ve got a lot of information in their contacts, hosts all of that stuff. So it can happen to anybody. Fortunately, this was just a glitch in the LinkedIn system, not a cyber attack. My son had his Facebook page hacked. And he’s gotten a ton of stuff in there. So apparently Facebook wants to be vulnerable to attack, somebody has figured out a way to get in there. And they’re sending out posts, you know, people think they’re getting a post from one of their friends, they’re getting approached, sitting behind a computer in Russia.

Our dependence on technology makes cybercrime a growing “business”

 Maurice Washington  04:19

or anywhere at this stage. I mean, and that’s the thing about technology. In a lot of our shows that we discuss here, Rick, technology has become much more than convenience and it has become a dependency for us. And I feel like those and it’s almost like I felt like cybercrime is almost a business in and of itself and why am I tracking that correctly?

Richard Callaway  04:39

It’s a business. Why should I go to work and do real work and raise money when I can sit in my little office and hack into your business to steal information, steal money, send out a bunch of emails and get somebody to click on it. It is a business. They’re getting bigger based on the numbers we’re looking at.

Maurice Washington  04:58

Based on the numbers we’re looking at, let me go ahead and talk about that a little bit deeper because we’re talking about the reasons for cybercrime and the same cybersecurity for businesses and it says Why do cyber attacks happen? I think everybody will find this very intriguing. So business financial details, customer financial details, sensitive personal data, customers or staff email addresses and login credentials. See customer databases, client lists, IT infrastructure, IT services. Now, here are some of the insiders which kind of baffled me in this article. 

Insider attacks, remiss procedures, disgruntled employees

So if you have a business owner, you’re talking about some of the insider attacks, so trusted employees accidentally misplacing information, careless employees, remiss policies and procedures, and also disgruntled employees and ex employees intent on damaging your business. malicious insiders with legitimate access to critical systems and information now, so that’s insiders. I’m going to take you guys to outsiders, organized criminals or criminal groups, professional hackers, whether malicious or not, amateur hackers, sometimes known as script kills, or I’m sorry, script kiddies. So did you hear that information? How does that jive with you?

Richard Callaway  06:21

Yep, all of those things are exactly what they are. They’re trying to get something that they can make money off of, except that the disgruntled employee may hurt your business by shutting you down. Because I don’t have my computer I can’t work the script kiddies watch the reports. Guess when those attacks start increasing? Oh, Christmas, when they’re out of school, oh, sorry, summertime, when they’re out of school that piece goes down. And that doesn’t mean that just kids getting in there and messing with your systems are trying to get into theirs, you know, they’re more malicious attacks, rather than trying to steal something they want to see if they can, it’s a challenge. They want to see if they can get in there and do it. And unfortunately, they’re smarter than I am and they get hidden there.

Maurice Washington  07:13

That’s true. And you know, that whole thing with employees. So let’s talk about that for a minute. Because I, I feel like small business owners are under the impression that they’re not, you know, people are not going to come for them, you know, there’s nothing of worth or value there. You know, and as a small business owner, I think, you know, this because I have two employees, nothing’s going to happen. Well, that thing, just that article just said disgruntled employees. So you’re still exposed as a small business owner, just with your personnel,

Small businesses are more attack prone for cybercrime

Richard Callaway  07:43

As small business owners, probably more unprepared, or more attack prone. Because if I’ve got to hack into Amazon and steal all their information, that takes a long time, because they’ve got a lot of security. Yeah, when I get in there, I’ll make a lot of dollars. But I can sit and hack that 50 small businesses and get 1000 bucks 500 bucks each and a whole lot less time and for a whole lot less work. So small businesses are much more vulnerable. Because the hackers realize that a small business doesn’t have an IT I checking all their stuff and paying attention to the stuff and a small firm with two or three employees. You trust everybody, you assume everybody’s doing what they’re supposed to do for security. And as a small business owner, unless you deal with computers, you don’t know what the hell you’re doing, protecting yourself or not. But you got I don’t have to worry about it. I don’t need an IT guy to help this. I can fix it myself and your business owner running a business, you don’t have time to go in there and pull with computers, you need somebody to take care of it for you. And you need to be prepared. And obviously I’m in the insurance business. If you can’t fix it, you better have that insurance to take care of those costs.

Large businesses are vulnerable for cybercrime with hybrid workspace

 Maurice Washington  08:59

That’s right. That’s right. So okay, so that’s small business owner. So let’s talk about your larger businesses. And in typically with your larger businesses, we have the hybrid workspace environment now, where obviously you have the opportunity to go into the office and work plug in to their system plug into their network, where’s generally more secure because there’s a budget set in place for IT security. But then you have the hybrid workspace where you’re going to go to, I don’t know, an arrow bread over here in Colorado. That’s one of my favorite spots. I’ll go over there and use a computer every now and then. But now there’s an access point there. And I want to go ahead and read this article. For everybody here. It says that the hybrid workspace workplace creates risk. With employees splitting time between the office and offsite location. They’re constantly moving in and out of the company network. When they’re operating outside the office. They often lack security for s & c. Using work laptops on public networks, where they may get exposed to malware, which in return, they may bring into the corporate network where they can return to the workplace and log back into the network for a corporate network. So Rick, Have you seen that often? 

Richard Callaway  10:15

How often do you see somebody like a Panera Bread or right here Pete’s coffee they’re in, they’re working away on their laptop. That’s what’s called a public network. So if I can connect to it, you can connect to it so I can, if I knew how to do it, I can move around and get to your computer. And I can either steal information, or put a piece of malware in there, or ransomware in there. When you connect to the home office network. Bingo, you just drag that piece of information into the network. Cyber Security sounds real technical, and you have to have technical people unpacking the biggest cause of cyber breaches are us human beings, we click on a link we’re not supposed to click on.

Maurice Washington  10:58

That’s right. That’s right. And that is true. I mean, because when you go to these open slots, when you’re trying to do your hybrid workspace and just stop off and do some emails, before you get home, where it might be a little bit noisy, you’re gonna do that. But those are open, secure networks. And typically, all you’re looking for is that convenience of getting on their network, doing your work for a little bit, you know, grabbing some coffee, or whatnot, and then going home. But just for that access point of the internet, we forget to take those risks and actually pay attention to those risks that were exposed to by joining an open network. So it’s very easy.

Richard Callaway  11:35

There’s a new product out, I just didn’t advertise yesterday or the day before, I haven’t had a chance to really look into it yet. But it allows you to establish your own VPN or private network. So you’re on the public network and Panera Bread. Dissing creates a tunnel. So you’re communicating one to one with wherever you’re going, you’re not getting all this feedback in from that side. So that’s a new product. And that’s probably going to be helpful. When I go on, when I do work from my office, I go in through a VPN. So there is direct communication. And I think that’s going to become a popular product. And IT companies are going to be promoting that all over the place. You have to know if you can keep people from getting in there by just being out in the world. That’s a big plus.

Top five cyber security threats small businesses face and how to stop them

Maurice Washington  12:19

Yes. All right, yeah, we’ll have to make note of that. Make sure people have access to that information. Thank you for sharing that. And so since we’re talking about security threats, let’s talk about some of the top five ones out here. I have this article for us as normal. And this blog is coming from expert insights.com. So the top five biggest cybersecurity threats that small businesses face and how to stop them. And so we got phishing attacks, we have malware attacks, ransomware. And then we have weak passwords. And also insider threats, as we discussed. So talk to me a little bit here about ransomware. Rick, Have you have you seen a lot of businesses with business insurance, run into this

 Ransomware

 Richard Callaway  13:08

knock on wood, none of my clients have been ransomware yet. Fortunately, I have good IT people that I refer to to take care of that stuff. But it’s a small business that gets hit with the ransomware that gets in your system, locks your files, and you have a business. I need that stuff up. Imagine how quickly they’re going to jump on the problem. If a hospital gets hacked, and has ransomware on it, are they going to pay that ransomware right away, they’re going to bring because they need patient files, the ransomware is there holding you for ransom. And it can be pretty vicious, depending on your business. If your business happens to have everything backed up and not attached to your network, you can restore it, you don’t have a problem. But then, you know, it’s interesting, these people that do ransomware I guess they’re honest or moral. They say Hey, pay me 500 bucks. Now give me your network back. First thing that comes to mind is I give them the 500 bucks, I’m never gonna see him again. But they give the network back and never hit you again, I guess they’ve learned as part of their business model. Since it’s now a business that we tell you, we’ll give you the network’s back, pay the money because otherwise, someone else is gonna get ransomware and no us paying these guys, I’m not gonna get this stuff back. So I better figure out a way to do it. So they realized when attacking small businesses, just hit them going to the next one going to the next one. Keep the money coming 

Maurice Washington  14:30

  1. So that’s one of those things that again, where the difference between a large and small business owner is the thought process, the small business owner is not really realizing that discipline. 500 bucks constantly over and over again is where, you know, cybercrime. That’s what their projection is. That’s how they’re doing their revenue. Sure. I feel like the small business owner is going to look at the big big business and say okay, well, you’re probably holding them for ransom for 200,000. You don’t want to deal with me. But he’s just there’s there’s still, the moral of the story here is that either way is a specific, specific cybercrime, depending on the size of the business,

Richard Callaway  15:10

it’s a specific crime and it’s a business, they don’t go out there one day and decide, oh, I’m going to hack into a couple of computers just for fun and collect some money. They’ve figured out their strategy that I can get into this type of business I can get into relatively easily. And I’ve got a bunch of people that click a link like they’re not supposed to do. And the ransomware is sitting there and you get the screen that says your files are locked. Please click on this link to pay us ransom. And they also now do it. Cryptocurrency so then you gotta go to the trouble to get a crypto account, figure out how to get the money into the crypto account so you can pay the ransom Warga?

Phishing

 Maurice Washington  15:53

Yes, they are. Yes, that’s right. Hip to crypto is a big one. That is very true. Um, treasure? Yes, that’s right. That’s right. Yeah, forgot about that. Thanks for the reminder. So anyway, the site on your site, right, I wanted to go ahead and bring up an example, because he brought up five examples. And one of those examples is phishing emails, and as far as an attack is concerned. So for those listening here on podcasts, it’s this a Netflix account saying payments at Netflix help or dash help.com. So tell me what’s wrong with this, Rick, and I’ll explain to everybody how this works.

 Richard Callaway  16:32

First of all, a phishing attack is an email sent to you that says, You’ve got to change your account password, we need you to update your credit card information, et cetera. And if you look really carefully, you look at this quickness as payments at Netflix now show Oh, that looks good. But look real carefully. It’s a net fix as obviously not Netflix. And whenever you get an email about Give me your credit card information or change after change that verify from another source, a bank will never send you an email, it says you gotta change your password. If you haven’t, nobody know I’ll, I’ll get an email from I’ve got a bunch of things that I pay online. And every once in a while credit card expires, and you don’t change it, I’ll get an email from a company and say, We need to update your credit card information. I won’t click the link on the email that comes in, I’ll go to my account, and verify that this is actually true. So word to the wise, don’t click on links to tell you to go here and change this or change that. If you know you have an account with Amazon, or audible or any of those people, that you pay things automatically online, go into your account, look at the account, look at your credit card, say hey, this is right, or go in there and click update and it says Hey, you’re good. Do not do not click on links to change. The biggest issue in cybercrime is people. We click on things that we’re not supposed to do.

 Maurice Washington  18:08

And I want to. I’m glad you brought up that example. Because there you’re utilizing trusted sources, something that you’re currently doing, which is you have an account with him already. Because it’s very easy to say, oh, yeah, I forgot my expired card is up for me. Go ahead and just renew it. I forgot all about it. Let me just go ahead and handle that. Well, next thing, you know, it’s just that one character that’s off. Is that that was from it’s like this weird account is a weird person. And you’re not paying attention just because again, convenience has overridden our, our insight, if you will, and it just makes us just kind of just act. And so we’ve become so numb to convenience that things are trickling in. And then you have your phishing attack.

Credit Card Thefts

 Richard Callaway  18:52

And they know with credit cards, they’ll just go in and take small amounts, multiple times. Because they know if you know, they go in there and go for $1,000 or whatever the number is fraud. People on the credit card company go. This is weird. Somebody logged into your account from Tijuana. Trying to buy something. I mean, if you travel very much I used to travel. If I forget to tell the credit card company, hey, I’m going to Arizona today. I tried to make a charge there and it declined. And I wonder why there was a decline ago. Oh, I forgot to tell them that I’m out of the state and automatically flagged it. So credit card companies, banks, all those types of people are trying to protect you on their end as well. It’s very annoying. Sometimes when you’re sitting with a client, your credit card gets declined. Figure out why. That’s

Passwords

 Maurice Washington  19:49

also in that article. Let me bring this up just to make sure that we clear this but we talked about passwords and we go ahead and give an example here. Go ahead and actually I want you to explain this and how this shows up.

 Richard Callaway  20:01

Okay, you want a strong password, password, that’s password 1234 probably isn’t a good idea because hackers try those right away. On the other hand, you have to be able to remember the past where you create some weird thing, you’re never going to remember it. So pick, pick a phrase, I used to backup something, stick a phrase.

Richard Callaway  20:25

Like, if you still get the bottom crazy, hackers can’t guess my password 1510 anymore. So you use those letters. And you can remember that and use it. And the first one is pretty interesting. I’ve never used this one, but you use a bunch of different items, you pick an animal, like an animal. And then instead of everybody capitalize the first letter in their passwords, because it’s easiest to capitalize the second or third letter instead. And then another part of the password is how many letters are in the envelope, eight. So that eights in there, how many vowels for that another part of the password, and then you put in, you know, a $1 sign is classified, or any of those things. Anything that is you can remember, and it’s not common, like I said, Everybody’s password 1234. Try not to use the same password multiple times on multiple accounts. I’m guilty that I’ve got 1500 odd websites, they go to that I have to log into, I actually have a password manager that keeps my passwords in there. And it’s never been hacked. I’ve never seen any stories of these passwords being hacked. But be careful where you get the password out, it might be accurate and set up a website for you to download a password protector, it works just fine except for the fact that sending the password off to someone else.

 Maurice Washington  21:52

That’s it. Let’s reiterate to the people that are watching here. Let’s be very, very clear. Because we’re at convenience, it means that you have an account at Amazon, you have an account at Kohl’s you have an account over here you have an account over here you have 20. So even if you’re not a business owner, you have a ton of accounts open. And so the tendency to want to repeat your password is there because that’s just as convenient as going to shop online. And so if we consider that this is where we get lazy with our passwords, and this is how even again, the hackers understand that that habit of folks, and that’s where things tend to happen.

Richard Callaway  22:31

You have to have it then you have to change it every now and then. I don’t agree with it because Microsoft put out a paper saying I gotta change it every month. I think that’s a little too much, then you’ll forget the damn thing. And then you’re locked out of your accounts. And let’s see, all my passwords. I’m gonna write them down on this piece of paper instead of my desk. Janitor walks by and picks up your notebook. Well, guess what, he’s got a whole bunch of new passwords. So changing it every month, I do not recommend it to the experts. I apply that old term to common sense. I change this once a month, I never remember what the hell it is. I don’t want to run it down and leave it sitting out for someone. So change it maybe maybe every six months every quarter, I think that would be ample. 

Okay, and have all the software, they’ll have the software installed on the computer that scans for ransomware malware and all those kinds of things. And I can’t emphasize it enough. And I’ll probably say it 100 more times, do not click on links to take you to some account, go to that actual website, look at what they’re asking for. You don’t recognize the email that you sent, don’t click on it. I mean, I get emails that say whatever the title is, but they’ve got a link and nothing else. And I know exactly what it is. It’s a phishing link or they’re trying to get information. His hackers aren’t silly. How much does it cost to send out 1000s of emails, probably not a whole lot. So they can send us around. And they only need to get one person to click on it. We have a program that we run that sends out. I think it’s quarterly. I don’t know how often it goes on anymore. It sends out a bogus phishing attack to get you to click on a link. And then you go okay, go talk to so and so and so and so on and so on. So they did it again. They clicked on the link, that’s invariably the same people over and over again and it’s education to prevent cyber attack. I was , do you have to have the fancy IP stuff, but you have to educate staff.

Maurice Washington  24:34

Yes, that’s right. That’s right.

 Richard Callaway  24:36

Don’t let them in the front door make them find a way in the back door.

 Maurice Washington  24:39

I know that’s right. Well then, I’m glad you brought that up because we do need some solutions and I’m gonna go ahead and share this article with everybody. See what they have and see what you agree upon. This is from broker.com. So with here they are suggesting that we have got way more involved. So just like you’re saying, so yeah, this is good. Because what between the breaches and everything that’s going on? And we’re going to come back to that here in a minute. Because what do you suggest that’s, that’s actually the most important value, forget what they’re talking about, because I know you have, you have a suggestion,

Cyber Insurance protects businesses

 Richard Callaway  25:30

they will, obviously, like you all to purchase every policy because no matter how good you’re doing stuff, stuff happens, just like you buy auto insurance, but you never plan on crashing, but it happens. So buy a good policy work, definitely work with a broker and understand them because they’re changing to breach coverage. And very important if you’re like a retail person or something like that, because you do business on the internet, you do it in all 50 states, every state has a different rule and regulations on how you have to notify the client and what you have to do, their information has been compromised. I don’t know about you, or any of our viewers, I don’t have time to read every single one of those rules and regulations and figure it out, I would cost me more money than saying The heck with it, as opposed to paying an insurance premium of anywhere, depending on the size of your company now $2,000 to hundreds of 1000s of dollars. But then they have to handle all that notification stuff. That’s one of the more costly parts of this whole thing. Obviously, ransomware for that amount of money. That’s a lot. But notifications are expensive.

 Maurice Washington  26:35

And so also, I feel like this is one and this is where this article is finally showing up. But it says develop a breach response plan. How many companies do you know are developing that breach response plan?

Develop a breach response plan

 Richard Callaway  26:49

Personally, I don’t know exactly how many are doing it. I know how many people should do it, everyone. But it’s how, and having a good cyber policy helps with that. Because there are folks that, okay, if you ever breached, we have to look at how we’re gonna get your system back up online. How we’re going to notify people, oh, how was that damaged your company name. Got a media PR person that has to be dealt with? Yeah, you notify the people, you notify this and a bunch of people go, I’m never doing business again, those people they don’t take care of my data. Things that you don’t think of are affected by, you know, an attack on your system. You know, you think, well, if they hack my system, I gotta get my system up online. Yeah, that’s one piece. And you got two or three more pieces that have to be dealt with. Oh, and then what happens when you go on someone’s site and because of your computer, your grass, their system, and they’re out of business? Guess who they’re gonna come after? Hey, you owe me. I just lost a lot of our money. Guess what, I’m only an attorney that works for free. So you better have an insurance policy to pay that premium.

 Maurice Washington  27:55

Yep. Final thoughts here, right. And I’m gonna leave us off with a couple of thoughts.

 Richard Callaway  28:03

Final thoughts are, take care of your system, have an outside IP company, if you’re a really small company, there’s plenty of folks that will do it. Have your hands inspected annually, quarterly or whatever, as much as they think is appropriate. It’s an expense. You need to train your people to educate, educate, educate, do not click on links. I mean, I feel like putting that on my headline, do not click on like, and call me and buy cyber policy. So you’re taking care of

 Maurice Washington  28:34

in the story. You know, for business owners, for everybody out here, as a matter of fact, this is a SWOT analysis. moment in time, we went from your business’s strength when it’s operating, and it’s moving forward and everything is going in the direction that you’re looking for. Even if you’re testing Weaknesses, Opportunities, at least it is still an area where strength can be at its all time high. This is one of those threats that we’re talking about. This is why we’re talking about this, why the topic is getting serious about cybercrime because this is a straight out threat. And it can change all that strength, all that opportunity that you developed and really shift gears on you, your business’s creation, as we all know. And so when you have threats in there, you’re aware of these threats. take precaution. I know we are and we have changed to a more convenient society. But that doesn’t. But the more convenient we get, the more relaxed we get. Seriously think about these things. Think about these passwords. Think about this data response plan. Think about hiring a CMIT Solutions company or whatever to get your business insurance as well. And stay on top of these things because these are as we started off as a $10.5 trillion industry. Rick had talked about cryptocurrency at one point. These are all things that are happening in real time and things are changing beyond us. And so instead of waiting for things to happen less, get more in tune with things and stay on top of our stuff business owners so that way we can keep on serving our clients that we are helping and also make sure our employees have a place to go to. I want to thank everybody for joining us. Those are Roku podcasts what not just thank you guys for being here, but recognize we actually have to get back to work

Subscribe by Email


By submitting this form, you are consenting to receive marketing emails from: Acrisure CA LLC, 363 Civic Dr suite 100, Walnut Creek, CA, 94523, http://hosprop.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Subscribe for the latest update


By submitting this form, you are consenting to receive marketing emails from: Acrisure CA LLC, 363 Civic Dr suite 100, Walnut Creek, CA, 94523, http://hosprop.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact