Cyber Liability

iPhone attacks from the App Store?

Apple is facing Masque Attack II, a major vulnerability that allows malicious apps to leverage existing, legitimate ones to spread malware. Unlike the first variation of the Masque attack, this iteration includes iOS URL scheme hijacking, which allows it to be propagated directly through the App Store. [continue reading…]

Treasury Troubled by Smaller Firms Not Buying Cyber Insurance

While the overall cyber risk insurance market is growing tremendously, larger corporate clients have driven much of the expansion. Smaller companies, on the other hand, have not followed suit, Deputy U.S. Treasury Secretary Sarah Bloom Raskin said recently. [continue reading…]

Critroni Ransomware Masquerades as Google Chrome Update

The ransomware threat known as CTB-Locker (aka Critroni) is making fresh rounds, sneakily infiltrating people’s machines via emails purporting to come from Google. The mails warn that “your version of Google Chrome is potentially vulnerable and out of date,” but clicking the download link executes malware instead. [continue reading…]

Data Breaches: 3 Hidden Signs You’ve Been Hacked

In my life, I have had all three of these happen to me. It cost me hours of headache, and money out of my pocket. I continue to struggle to keep up with this every changing cyber society. The article below from FOX Business is a good one for me. [read article on Business News Daily…]

Survey: Businesses Slow to Boost Cyber Insurance Coverage Despite Risks

While a majority of U.S. finance executives now see high-profile cyber-breaches as a major risk, many still have inadequate cyber insurance coverage, a new survey found.

That finding comes from the Association For Financial Professionals’ survey of executives in corporate treasury, finance and banking at its annual conference in Washington, D.C. Results are based on the 970 responses generated by the survey. [continue reading…]

Self-Employed? Why Your Identity Might Be at Risk

When you’re self-employed, getting work depends heavily on how well you advertise yourself. This often means posting your personal information — full name, email address, phone number, geographic location, work history, etc. — on multiple websites and social media accounts. [continue reading…]

P/C Insurers Rush to Meet Rising Demand for Cyber Insurance

Insurers flush with capital are rushing to grab part of an expanding cyber coverage market that’s been spurred on by high-profile hackings at JPMorgan Chase & Co. and Home Depot Inc.

Sales are set to double this year from about $1 billion in 2013, according to Bob Parisi, head of the network security and privacy practice at Marsh, the insurance brokerage arm of Marsh & McLennan Cos. The policies can protect companies against lost revenue, lawsuits or even damage to their reputation or brand. [continue reading…]

Insurance Will Absorb Some Costs in Home Depot’s Giant Privacy Breach

Home Depot Inc. Thursday said some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than last year’s unprecedented breach at Target Corp. [continue reading…]

U.S. Businesses On Alert After Data Breaches

While the number of companies affected by data breaches is on the rise, so, too, is awareness of the problem, new research finds.

Even though major retailers like Target and Home Depot made the most headlines in the past year because of data breaches, companies of all sizes face similar dangers. Overall, 43 percent of U.S. businesses suffered at least one cybersecurity incident this year, up 10 percent from 2013, according to a study from the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, and Experian Data Breach Resolution. [continue reading…]

Keeping Customers Means Keeping Customer Data Safe

Published May 08, 2014


If your business’s data security strategy involves crossing your fingers and hoping for the best, it’s time for an upgrade. New research suggests that, in 2014, keeping your customers means keeping customer data safe and sound. After recent data breaches at major retailers— like Target and Neiman Marcus— and in light of last month’s widespread Internet security flaw, Heartbleed, several new reports serve as a wakeup call to businesses that store consumer data. One report, a March study by market research company GfK, found that 60 percent of U.S. Internet users are more concerned about the security of their data now than they were this time last year. And this mounting concern over data security isn’t limited to just one age group. The majority of Internet users in all age groups, from college-age kids to baby boomers, said their concern over data security had increased at least moderately over the past 12 months. [10 Ways to Prevent a Data Breach] As eMarketer reports, consumer anxiety regarding data security can have huge implications for businesses. A December 2013 polling by Radius Global Market Research found that more than 75 percent of Internet users said they would stop using a service or product— or stop doing business with a particular retailer— if they felt their privacy was violated. And 51 percent of those surveyed said they’d already stopped purchasing products from certain retailers because of privacy concerns. The Radius poll is one of several reports that prove that consumers aren’t taking threats to their data lying down. As FoxBusiness reports, a new study from Javelin Strategy and Research also found that, across industries, consumers are abandoning businesses that do not safeguard their data. One-third of consumers surveyed by Javelin said that they will shop elsewhere if their retailer of choice is breached. Nearly as many respondents (30 percent) said that, if their hospital or doctor’s office doesn’t protect their data, they’ll find a new health-care provider. And 24 percent  said they’d switch to a new bank or credit card provider if their current financial institution is breached. While these new reports highlight growing consumer distaste for data-related mishaps on the part of retailers, they also shed some light on what businesses can do to restore consumer confidence. Seventy-eight percent of respondents to Radius’ Internet poll said they do business with brands and retailers that they trust. And more than two-thirds of those surveyed said that, if a business or retailer has demonstrated a capacity for protecting consumer data, they’re willing to shop there. Fifty-three percent said they were even willing to pay more for a product or service if the company behind it valued consumer privacy. Originally published on Business News Daily.

Cyber Security is a difficult subject for businesses. It becomes more difficult when our government changes laws to keep pace.

Below is an article published on June 2, 2014, 6:15 PM, called Cybersecurity the Latest Area of Regulatory Scrutiny by Shasha Dai.  This shows how fast the virtual world is changing from attacks to law making.

Alleged cyber espionage and data breaches at major retailers seem to suggest that no business is immune to virtual threats. For private equity firms, these lingering threats are not just endangering their financial interests and reputations, they are also prompting increased regulatory scrutiny. The Securities and Exchange Commission and the Financial Industry Regulatory Authority have both moved recently to conduct so-called cyber exams of broker-dealers and investment advisers. The Federal Trade Commission, which has historically remained relatively quiet on cybersecurity issues, asserted its authority in a 2012 lawsuit against publicly-traded hotel chain Wyndham Worldwide Corp., alleging that Wyndam failed to protect its customers’ privacy and personal information. In April, a judge affirmed the FTC’s authority to bring the suit but didn’t rule on the merits of the suit itself. A Wyndham spokesman said in an emailed statement last month that the FTC doesn’t have authority to bring such lawsuits, and that the agency “is attempting to hold a private business to nonexistent standards.” The suit highlighted an issue companies and their private equity owners face while seeking compliance with cybersecurity regulations: There is little clarity as to which federal agency has primary oversight over cybersecurity. State and international regulations may also complicate matters. Eric Feldman, director of information technology at small-cap buyout firm Riverside Co., admitted that regulations in countries where the firm invests constitute “a moving target.” Accordingly, Riverside has been developing an in-house information security program over the last year and a half. “We are not putting our head in the sand,” said Mr. Feldman. “This is serious.” For more about cybersecurity and private equity, check out the June issue of Private Equity Analyst. Write to Shasha Dai at Follow her on Twitter @ShashaDai1.  Copyright 2014 Dow Jones & Company, Inc. All Rights Reserved.  This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit

Malware Targets Retailers Using Cloud-based PoS Services.

Today I found this interesting article on the Infosecurity website, dated June 13, 2014.  Please give it a good read.  As you can see threats continue to be developed and they like to attack businesses.  If you are a business and have concerns, please give Zitek Insurance Group a call.

Large point-of-sale-related breaches continue to dominate security press headlines, but new dangers threaten to exacerbate the situation by compromising the small to medium-sized bracket. A fresh cloud-based point-of-sale (PoS) malware – dubbed POSCloud – has been spotted carrying out targeted attacks on software deployed by grocery stores, retailers and other small businesses using web browsers like Internet Explorer, Safari, or Google Chrome. The new malware family was identified by IntelCrawler, a Los Angeles-based cyber-threat intelligence firm, which noted in an analysis that front-office systems support integration options with credit card readers, barcode scanners, cash drawers and receipt printers. Meanwhile, back-office systems utilize cloud-based PoS services. It means that merchants are able to store data and reporting in public infrastructure, which is accessible remotely via PCs, as well as through mobile devices. “Compromised cloud-based PoS service providers allow alterations to gift card information, even the ability to create gift cards for themselves and discount vouchers for any customer,” the firm explained. “In addition, bad actors have the ability to gain access to employee management subsystems, which could be also used for internal fraud.” Several cloud-based PoS systems allow the storage of credit card details for further use by customers, as well as personal identifiable information (PII) for customer loyalty campaigns. Even if the data is encrypted, the bad actors can successfully collect this data when the operator is working with the software via installed key-logging malware. The extracted PII is then sold to underground identity thieves and also used for cyber-espionage against large number of customers from different countries. “Identified command and control systems show bad actors using specific type of malicious code, acting as targeted compact loader, which downloads and unpacks additional modules designed to intercept forms and credentials and to detect if the compromised PC has network connection with specific cloud-based PoS providers,” IntelCrawler said. The firm predicts an increasing number of infections in future. For now, its team has notified the identified compromised retailers and small businesses, and delivered the information to global law enforcement.

Commercial Lines

Lakeville MN Business Insurance banner

Small Business

5 Keys to Running a Successful Business

There are a handful of principles that work in virtually every situation when you’re trying to establish and grow a business. They work if you’re trying to build an email list or close a sale. If you ignore them, you are almost certain to fail. If you do them halfway, you will soon be standing there watching your business as it is eclipsed by someone who is following all the principles, all the time. [continue reading…]