![](\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/05\/phone-100724187-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Selena J. Linde, T. Markus Funk, Todd M. Hinnen and Jonathan G. Hardin| Date: Tue, 30 May 2017 04:35:00 -0700<\/strong><\/p>\n The widespread WannaCry attack<\/a> demonstrated the acute vulnerability of computer systems to ransomware attacks. There is no reason to think that larger, more sophisticated attacks aren\u2019t already being planned \u2014 the perpetrators of WannaCry reportedly profited handsomely \u2014 and companies that have not assessed and addressed the risk posed to their systems by such attacks may remain vulnerable.<\/p>\n Companies can take prophylactic steps to protect their systems against ransomware, focusing on improving data security hygiene, establishing effective governance and raising employees\u2019 awareness of the threat.<\/p>\n Patched systems have a better chance of avoiding the consequences of an attack. Before WannaCry struck, Microsoft had released a security update in March that addressed the Windows vulnerability exploited by the ransomware in May, and it released additional security patches after the attack. In a statement released on May 12, Microsoft said, \u201cThose who are running Microsoft\u2019s free antivirus software or have Windows Update enabled are protected. Given the potential impact to customers and their businesses, Microsoft released updates for Windows XP, Windows 8, and Windows Server 2003.\u201d<\/p>\n Companies can improve their security posture tremendously if they review their in-service software and replace out-of-date software that is no longer supported by the developer.<\/p>\n They should also implement strong IT policies and procedures, including:<\/p>\n As the U.S. Department of Homeland Security stated on May 12: \u201cIndividual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school.\u201d<\/p>\n Many people are simply not aware of the ubiquity of threats. IBM estimates that ransomware is present in 40% of spam emails. A study done by Nuix showed that 84% of hackers utilize social engineering while carrying out their attacks. Ransomware is most commonly spread through attachments in emails (.pdf, .doc, etc.).<\/p>\n Education of company personnel \u2014 impressing on them the importance of not clicking on unfamiliar links, continually reviewing security policies with all employees and training employees on how to recognize and prevent phishing \u2014 goes a long way toward preventing breaches.<\/p>\n Of course, even companies that have taken all of these precautions can still be hit by a ransomware attack. What do you do if that happens?<\/p>\n If you have not identified a law enforcement point of contact in your incident-response plan, contact your local FBI field office directly (www.fbi.gov\/contact-us\/field provides a list of office by location) or file an online complaint with the FBI\u2019s Internet Crime Complaint Center (IC3) at www.IC3.gov<\/a>. Regardless of the option you choose, be prepared to provide the following information:<\/p>\n Many policies within your company\u2019s insurance portfolio may respond to a ransomware attack. Below are examples of insurance coverage your company may have to help with ransomware losses and tips for policyholders to maximize all available insurance:<\/p>\n Policyholders should not be discouraged when policy exclusions initially appear to preclude coverage. The case law in this area is still in its infancy, insurance case law varies by state, and many policies contain ambiguous language that should ultimately be construed in favor of coverage. If in doubt, notify your carriers.<\/p>\n Once you have determined which policies will respond to your loss, provide the carrier with prompt notice in accordance with the requirements of the language in the particular insurance policy. Each policy\u2019s notice section may require different information or method of delivery. If the information you are required to disclose is sensitive, you can provide broad notice, explaining the sensitivity of the information and requesting the carrier to sign a nondisclosure agreement prior to sending the sensitive details.<\/p>\n Every policyholder needs to be careful in explaining how the ransomware attack occurred, what happened in the aftermath, and what steps the company is taking to prevent future attacks. What is communicated to the carrier may be the difference between having a claim covered versus having it denied.<\/p>\n Maintain a single cohesive message with insurers and your broker by identifying a single point of contact in your company who will communicate with the insurance companies and broker, along with outside counsel, throughout the life of the claim. This is usually the risk manager or in-house counsel.<\/p>\n One mistake companies often make is not carefully managing the forensic consultant\u2019s scope of work. The work should be limited to determining how the attack occurred, restoring the computer system and files, and, if necessary, how your company\u2019s computer system was breached. Expanding the forensic consultant\u2019s work beyond specific details of the current fraud could provide information your insurance carrier could use to deny your claim or even rescind your policy.<\/p>\n Maximizing your insurance coverage is not easy. Taking the steps above is a great start, but in complex or expensive claims, your company should hire outside insurance recovery counsel to help navigate the coverage. Outside coverage counsel works with risk managers and in-house legal counsel to ensure that a policyholder meets its reporting obligations without compromising any potential coverage. When multiple policies respond, the policyholder may be faced with strategic decisions. Are there applicable \u201cother insurance\u201d provisions within the potentially responsive polices that dictate which policy is primary and which is excess? Do the policies allow the policyholder to choose which policy responds first? Experienced coverage counsel can assist your company in parsing out which coverage exists and your company\u2019s best path to obtaining a total recovery.<\/p>\n Selena Linde<\/strong> is a partner in Perkins Coie\u2019s Insurance Recovery Practice. She can be reached at slinde@perkinscoie.com<\/a>. <\/em>Markus Funk<\/strong>, who served with the U.S. Attorney\u2019s Office in Chicago and the U.S. State Department in Kosovo, is the firmwide chair of Perkins Coie\u2019s White Collar & Investigations Practice. He can be reached at mfunk@perkinscoie.com<\/a>. <\/em>Todd Hinnen<\/strong>, who served as the acting assistant attorney general for National Security at the U.S. Department of Justice, is a partner in Perkins Coie\u2019s Privacy & Security Practice. He can be reached at thinnen@perkinscoie.com<\/a>. <\/em>Jonathan Hardin<\/strong> is a counsel in Perkins Coie\u2019s Insurance Recovery Practice. He can be reached at jhardin@perkinscoie.com<\/a>. This article was adapted from a May 15, 2017, Perkins Coie Update, \u201cRansomware: How to Avoid It and What to Do If You Have Been Hit.\u201d<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Selena J. Linde, T. Markus Funk, Todd M. Hinnen and Jonathan G. Hardin| Date: Tue, 30 May 2017 04:35:00 -0700<\/strong><\/p>\n<\/p>\n