CAUTION: Law enforcement Warns of “Juice-Jacking” Scam
The Los Angeles District Attorney’s (DA) Office recently issued an advisory notice about a new scam known as, “juice-jacking.” The advisory notice warns individuals not to use free USB charging stations offered in airports, hotels, and other public places.
What is “juice-jacking”?
Juice Jacking occurs when hackers have loaded malware into the free USB charging stations or plugs connected to a public charging station, so that when someone plugs in their device, the device is infected with malware, allowing the hacker to lock the phone an hold it as hostage for ransom or forward sensitive information to the hacker.
Since these USB charging stations are in a public place, using any business device creates a liability exposure where the network is insecure. Best practice is to create a cyber risk management policy for your organization and a procedure for enforcing your policy. We recommend consulting with your attorney to ensure it follows any legal requirements.
Below are some tips to consider:
1. Train employees in security principles
Establish basic security practices to protect sensitive business information and communicate them to all employees on a regular basis. Establish rules of behavior describing how to handle and protect customer information and other vital data.
2. Protect information, computers and networks from viruses, spyware, and other malicious code
Install, use, and update antivirus and antispyware software on every computer used in your business.
3. Provide firewall security for your internet connection
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Install and maintain firewalls between your internal network and the internet. If employees work from home, ensure that their home systems are protected by firewalls. Install firewalls on all computers—including laptops—used in conducting your business.
4. Control physical access to your computers and network components
Prevent access or use of business by unauthorized individuals. Laptops are particularly easy targets for theft, make sure they are stored and locked up when unattended. If sensitive data are stored on the laptop, employees should be advised not to use the laptop in any unsecure Wi-Fi networks.
5. Cyber Liability Insurance
Cyber liability should only be considered as part of your organizations risk management policy. Cyber insurance is a special form of commercial insurance created to protect businesses against cyber risks. There is no standard coverage form. Each insurance carrier underwrites their own policy forms. If you already have a cyber liability policy be sure to read the terms and conditions carefully to understand what your policy does and does not cover. Note that most standard general liability insurance policies exclude cyber risk exposure. Consult with your attorney to ensure that you have proper coverage in place and that the organization and employees are covered.
While it is impossible to prevent all data breaches, they can be anticipated. For a risk management plan to be effective, it should be consistently applied across the organization. Let us know if you have any questions about cyber liability insurance or would like us to provide you with a quote. We are here to help!