Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.

This week: Why you should now assume a ransomware attack also means your data has left the building, why insurance is only useful if you’ve got basic security measures in place, and why fewer than 20% of cyber-crimes are reported.

This week’s action: Your Plan B – What will you do if (when) you realise you’ve been a victim of a cybercrime.


  1. Cyber insurance won’t pay out if you don’t have basic security measures
    I recently stumbled upon an interesting article about a legal dispute between a US business (SS&C Technologies) and their insurer (AIG). The dispute relates to over $5.9m that was stolen from SS&C in an invoice / payment redirection fraud. AIG is refusing to cover the loss as it claims SS&C Technologies “failed to exercise even a modicum of care and responsibility”. AIG claims that SS&C paid $3m to the fraudster’s account based on one short email. Despite SS&C’s internal procedures requiring four different people to authorise such transfers, the procedure was not followed. This enabled a fraudster whose emails were sent from a fake email address and included a misspelt client name and basic grammatical and language errors to walk away with $5.9 million. Just because you have insurance, don’t assume yoy are covered. Insurance is only useful if it will pay your claim, and it may only pay your claim if you’ve done the basics.
    (Read more:
  2. Ransomware attackers are increasingly taking a copy of your data as well
    A recent report by Group-IB (an incident response consultancy) suggests ransomware attackers are increasingly getting into businesses through the remote-access doorways that may have been opened when Covid lockdowns caused a surge in the number of people working from home. Once in, the criminals are taking a copy of any valuable data they find before encrypting it with ransomware. By having a copy of the data, they can threaten to release the data to the public if a ransom isn’t paid. Unfortunately, once digital data has been copied, you can’t possibly trust the criminals to delete the data if you pay the ransom.
    (Read more: The report is accessible from  and it was referenced in
  3. Windows 10 – 6 things you can do to secure your machine
    If your IT is managed by an IT professional, your laptop was probably configured by them before you got your hands on it. But if there is no IT professional in your life, or if you’re wondering just how professional they really are, there are a few things you can do yourself to make it more secure (and faster too). This article describes six steps that are worth looking at, including creating a system restore that you can revert to if something goes wrong; ensuring you are running the latest version of Windows; reducing the amount of data that Microsoft collects about you; and making sure you have some basic defences between you and the bad guys.
    (Read more:


  1. 30,000: The number of businesses in the US alone who may have been hacked because of a recently-discovered flaw in Microsoft Exchange Server. It is believed hundreds of thousands of businesses around the world were exposed. I mentioned the issue last week but it’s no harm reminding you to confirm with your IT provider that you do not use Microsoft Exchange Server as your email system. (If you pay a monthly or yearly fee for Microsoft 365 / Office 365 or Google Workspace / Gmail, you are probably not using Exchange Server). If you are using this product, make sure your IT provider has dealt with the flaw in an appropriate manner and followed all of the specific steps in the right order. Otherwise, the hacker may still be lingering within your IT environment even though the flaw has been patched.
    (Read more:
  2. One in Six: The UK’s Office for National Statistics estimates that only about one of every six incidents of cybercrime are formally reported. The belief is the fear of shaming and “the general public perception that there is limited action that the relevant authorities can or will take against the offending criminals” may be to blame for lack of reporting. I doubt the situation is any better in other jurisdictions. Most businesses don’t report cybercrimes unless their insurance cover requires them to do so, or unless they have a clear data protection issue arising from the crime. Otherwise, when a business is in the middle of dealing with an incident and they don’t believe they will get useful help from relevant authorities, I doubt they are too worried about ensuring someone can add details of the incident to their file in a filing cabinet.
    (

ONE ACTION – If you do only one ‘cybersecurity’ thing this week, do this.

  1. Plan B: Your Incident Response Plan

    Plan A is focused on the steps you will take to defend against the most common cybercrimes. Plan B is focused on how you will respond if / when these defences fail. Often called an Incident Response Plan, it sets out the things you should do and the people you should call.If you have ever had to deal with a cybersecurity incident, you will know how stressful it is. You will be angry that it happened, you will be distraught about the immediate interruption to your business activities, you will be fearful about the future impact on your reputation, and you will be despairing about the number of things you must do / should do / could do to reduce the fallout. If you have never gone through an incident, you cannot understand just how valuable it is to have a plan that will guide your initial response while you come to terms with this stressful situation. It doesn’t need to be a detailed step-by-step guide – 1-page will be better than a blank page. My guide to cybersecurity basics will help you to get started.