With the pervasive use of digital technology in our everyday lives, the vulnerability to scams and fraudulent schemes has significantly increased. We encourage our members to exercise the utmost caution and embrace proactive strategies to safeguard their financial security and protect the confidentiality of sensitive information. It is important for RMA Insurance members to regularly educate themselves and understand how to implement preventative measures to combat cyber threats.
Recently, the City of Hamilton was targeted by a cyber-attack, causing mass disruptions to city services and demanded a $18.5 million ransom. The company insuring the city did not cover the loss due to a lack of multi-factor authentication on their systems.
Throughout the month of October (Cybersecurity Awareness Month), RMA will be posting tips to help inform and keep you aware of how to combat cybercrimes.
As we navigate through the rise in digital technology, maintaining vigilance and exercising caution in financial transactions is imperative. By remaining wary of unsolicited communications, refraining from sharing sensitive information, and promptly reporting suspicious activity, members can help protect themselves and others from falling victim to financial scams and fraud.
Cyber Insurance Through Genesis
In the face of escalating cyber threats, municipalities are increasingly recognizing the critical importance of cyber insurance. Given the sensitive data and essential infrastructure that they handle, municipalities are prime targets for cybercriminals. Successful attacks can result in severe consequences such as data theft, financial losses, service disruptions, and reputational damage. While cyber insurance serves as a valuable resource, it is crucial to understand that it does not replace robust cybersecurity practices.
However, to underscore the seriousness of this commitment and the imperative of robust risk mitigation, Genesis implemented changes to its cyber coverage effective November 1, 2024. Subscribers are required to adopt four crucial cyber risk mitigation tools—Multifactor Authentication, Staff Training, Strong Backup Policies, and Endpoint Detection. The adoption of these tools is not only encouraged; it is essential for sustaining the enhanced coverage. Implementing these tools ensures the preservation of the improved coverage. Members who may face challenges in implementing all four safeguards will still benefit from coverage, though at reduced limits. This shift reinforces our stance that a comprehensive and proactive approach to cybersecurity is essential for municipalities to safeguard their sensitive data, critical infrastructure, and the trust of their residents against the evolving threat landscape of cyber-attacks.
- Multi-Factor Authentication (MFA): To enhance the security of our systems, our members will be required to implement Multi-Factor Authentication (MFA) for accessing company accounts and sensitive information. MFA provides an extra layer of protection by requiring you to verify your identity with something you know (your password) and something you have (a mobile app, hardware token, or SMS code). Implementing MFA significantly reduces the risk of unauthorized access to data. Detailed guidelines on enabling MFA will be provided upon request. Click here for more information on MFA.
- Staff Training: Human error continues to be a prominent contributor to data breaches. To minimize this risk, it is crucial for all staff members to receive cybersecurity awareness training. Such initiatives provide individuals with the means to detect phishing attacks, recognize malware, and adopt best practices for the secure handling of sensitive information. They also encourage vigilance and a proactive approach to identifying and reporting potential threats.
- Strong Backup Policies: Robust data backup policies are essential for disaster recovery and data protection. We recommend instituting stringent backup policies to ensure the resilience of your data in case of a cyber incident or other unforeseen events. Back up policies can include regular offsite and cloud backup of company data, amongst others. All qualifying members will be required to comply with these policies to safeguard critical information.
- End-Point Detection: Implementing endpoint detection systems is crucial for real-time monitoring and threat exposure. Your IT team will deploy endpoint detection solutions on all company devices to identify and respond to suspicious activities. This proactive approach will significantly enhance security posture.
Members will be obligated to furnish proof/documentation of the implementation of the previous four cybersecurity measures upon submission of any cyber claim. Acceptable forms of documentation/proof may include invoices, cyber audit reports demonstrating the presence of these measures within the organization, among others. Coverage could be limited or voided If members have not implemented these measures.
In support of cybersecurity practices, Genesis has partnered with Canadian Internet Registration Authority (CIRA) to provide cyber security tools and employee training. Additionally, members can use their RiskPro credits to cover expenses that may be incurred while implementing these Cyber Risk mitigation measures. For more information on RiskPro credits or anything mentioned in this bulletin, please contact the Risk Team at risk@rmainsurance.com. For more information on the free cybersecurity awareness training available through CIRA, view this document.
Reporting a Claim
It is imperative to report an attack as soon as possible. Cyber attack claims require very specific expertise and procedures. Members reporting cyber incidents are encouraged to email claims@rmainsurance.com and include risk@rmainsurance.com in the reporting email. That way, our Risk Team will be aware of any incidents and be able to provide additional support as needed.
We recommend members save this link, forward it to personal email accounts, or print it for office use — an organization experiencing an attack may not be able to access this information as its server may be corrupted. It is important that member organizations’ IT departments are also aware of these procedures as they are the first line of defence during cyber incidents and will be crucial in the claims process.
For more information, please contact our Risk Team at risk@rmainsurance.com.