Weak Controls: Threat Actors Welcome


Security leaders are advising businesses to tighten up basic cybersecurity practices and protocols, observing that malicious actors are exploiting fundamentally weak controls to break into businesses and wreak havoc with data and accounts.


Welcoming Threats In

Basic security mishaps are at the root of many incidents of cyber enabled fraud and theft that businesses are currently experiencing. As Construction Dive observes, remote workforces contribute to the complications: “Threat actors are taking advantage of poorly secured remote access software or virtual private networks that are vulnerable to sophisticated attacks.” According to experts at the National Security Agency, FBI and the Cybersecurity and Infrastructure Security Agency:“Malicious threat actors commonly take advantage of incorrect access privileges, unenforced multi-factor authentication (MFA) or unpatched software during the initial phase of an attack.” As the NSA’s director of cybersecurity sums up: “No need for fancy [zero]-days when these weak controls and misconfigurations allow [adversaries] access….”


Indeed, according to experts at Gartner Research, about 40% of breaches are caused by “well known misconfiguration of common control…Both advanced persistent threats (APTs) and common off-the-shelf malware exploit these configuration mistakes to compromise their victims….” The bottom line? Weak security practices and protocols are throwing out the welcome mat for cybercrime. Common examples of these weak practices include failure to enforce multi-factor authentication and continued use of   outdated software.


Increasing Protection

Whether we think we are in the tech business or not, we are. These days, the owners of even the smallest of businesses or start ups are likely to have customer information on their phones, billing information on their laptops and so on. That’s why legal experts recommend cybersecurity insurance for “just about every business,” noting:


Any business, large or small, needs cybersecurity insurance if it stores sensitive information such as cell phone numbers, credit card information, driver license numbers, social security numbers, or health information. In other words, just about every business, from hospitals to financial institutions to law, accounting, and other professional firms, should have cybersecurity insurance. Indeed, many of these businesses are required to have policies and procedures relating to cyberattacks, including legal obligations to notify regulators, law enforcement officials, or both.


Cyber liability insurance helps businesses prevent cybersecurity incidents from spiraling into disasters—and Colonial Surety makes Cyber Liability Insurance affordable for every business. Complete the easy, online application for our Basic Cyber Liability Insurance in minutes and immediately print or download the policy, which gives you:


  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring and other personal fraud or loss prevention solutions.


Obtain Basic Cyber Liability Insurance Here In Minutes


Essentials for Small Businesses

Cybersecurity is not just for big businesses—in fact, smaller businesses have a lot to worry about—and lose. The National Law Review shares this perspective on the scope of cybersecurity and the vulnerabilities of small businesses:


Cybersecurity is the practice of protecting networks, internet-connected devices, and data from unauthorized access and criminal use, and the practice of ensuring confidentiality, integrity, and availability of information over the life of this information. With the prolific use of devices and communications such as smartphones, laptops, tablets, and e-mail, and the related storage and transmission of sensitive information on and by these devices, the need to protect this information has become more critical than ever.


Cybercriminals consider small businesses, because of their size, perceived lack of sophistication, and lower investment in cybersecurity, to be particularly vulnerable. A single ransomware attack could have a severe impact on a small business. Therefore,  every business should consider implementing two measures: cybersecurity insurance and cybersecurity plans.


Protection is indeed important for every business—and those sponsoring retirement plans especially need to double down on their risk management efforts. With the intersection of ERISA law and cybersecurity unfolding in courtrooms across the country, retirement plan sponsors must take extra precaution to ensure that cyber breaches do not turn into fiduciary breaches. That’s why Colonial Surety offers an affordable Fiduciary with Cyber Liability Insurance Pack for retirement plan sponsors. Armed with this coverage, if you face claims of alleged or actual breaches of duty in connection with the employee retirement plan, you’ll be covered for defense costs and penalty limits up to $1,000,000. Plus, uniquely with this package, in the event of a cyber breach, your business—and plan—will receive support at every stage of incident investigation and breach response, as well as coverage against lawsuits or regulatory actions related to the breach. Obtain protection, conveniently and quickly, right here, today


Fiduciary and Cyber Insurance for Retirement Plan Sponsors.


Colonial Surety was founded in 1930 and brings deep experience and market expertise to every product and every customer relationship. Colonial Surety gives its customers the assurance that they, their businesses, and their clients are safeguarded with the right surety and insurance products at all times.


We make it easy for a wide range of industries and professions to buy the bonds and insurance products they need. Colonial Surety is a direct and digital insurer offering products through an online platform supported with exemplary customer service. The company gives customers a simple, direct, and instant service that takes the pain out of buying insurance and bonds. Colonial Surety is licensed in every state in the U.S., rated “A” Excellent by A.M. Best, and listed by the U.S. Treasury as an approved surety.