Protecting yourself from cybercrime is more important than ever. Take it from the FBI, which warned last year it had tracked losses from cyber fraud at $6.9 billion in 2021, up 64% from the year prior. Following proper security hygiene is step number one, but another important aspect is cyber insurance.

Unfortunately, that’s getting a little more complicated. Here’s what’s changing in the cyber insurance market, and how to maximize the potential benefits of getting a policy in 2023.

Read the small print. Cyber insurance (which is also called cyber risk or cyber liability insurance) can help organizations reeling from the impact of an attack, breach, or other cyber incident to cover the costs of a prompt response. Some cyber insurers go one step further, helping organizations arrange an array of covered services so that responders can get rolling before costs mount.

It’s not just organizations that run their own systems and networks that need insurance—managed services providers (MSPs) and managed security services providers (MSSPs) also need their own plans for incidents involving clients. Regardless of who’s buying, cyber insurance packages vary significantly in what they cover and when, depending on the provider and the exact language of the contract. For example, MSPs/MSSPs may purchase errors and omissions coverage in addition to a standard cyber policy to limit liability if a client thinks the provider is responsible for a breach.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Cyberattacks can really hurt your business. And not just by halting business ops. They also demolish customer trust and can leave you and your customers open to serious invasion.

The good news? You can prevent many of these cyberattacks with effective password management from the team behind NordVPN.

NordPass is an intuitive password manager that keeps your company secure and guards every digital entry point to your business. It’s the only password manager in the market that uses the XChaCha20 encryption algorithm (trust us, that’s the good stuff).

But don’t let the tech trick ya. NordPass is super easy to use. In fact, it’s so easy, your entire team can adopt NordPass—which is ideal, since password managers work best when everyone uses them. But no sweat if your team needs some help, because NordPass offers 24/7 tech support.

Start your 14-day free trial.

Tech job postings roared back in March—and so did offers of remote work.

Open tech jobs jumped by 197,000 for March, according to CompTIA’s March tech jobs report.

With the spike in open jobs has come a corresponding jump in the number of positions offered out of office. Total open positions currently stand at 316,000, with one in five classified as remote or hybrid, according to CompTIA’s Steven Ostrowski.

The move to remote jobs is a sign of both the need on the part of employers to entice prospective employees, and the broader shift in the IT office.

All part of a plan. Ask Actalent’s Jason DeKoster about the bump in remote work and he’ll point to a number of factors—all revolving around the need to get talent to buy into the workplace. Insisting on an in-office culture could restrict the pool of available workers, and when remote positions aren’t prohibitive, there’s little reason not to offer them to expand the labor possibilities past the realm of local staffers.

DeKoster, who is managing director of strategic recruitment at the firm, breaks seeking out talent into three parts: attraction, retention, and engagement. Offering remote and hybrid work to prospective employees helps with these three aspects by providing them with the convenience to compete for their services.

“In order to get access to as much tech talent, IT talent, engineering talent, scientific talent, companies are changing their openness” to remote work, DeKoster said.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Google cybersecurity affiliate Mandiant on March 28 revealed North Korean cybercrime group APT43 had been using a variety of tactics in the service of both espionage and financial gain.

North Korea might not be the first country one would think of when it comes to sophisticated cyberattacks, but as Korea Risk Group analyst Nils Weisensee told IT Brew, that question is mooted by the fact that today anyone with access to the internet can find everything they need to effectively attack nearly any system.

“All the information is out there, all the materials, all the intel, all the knowledge that you need to learn in order to break into systems is available on the internet for anybody who knows how to look,” Weisensee told IT Brew.

Dexterity stats. APT43 is “agile” and “creative,” according to Weisensee, but most importantly, patient—giving them the ability to invest days, weeks, and even years into social engineering their targets.

“It’s become much, much harder to assess whether a request from somebody is malicious or not, simply because it could take weeks of conversation before they ever send any malware your way,” Weisensee said.

APT43’s combination of malware and relationship-building strikes Ethan Schmertzler, CEO of industrial security firm Dispel, as particularly clever, and raises the stakes of the attacks. By going after people—using dummy accounts, pretending to be researchers and reporters, and the like—rather than systems, the group is aiming at softer targets.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 1.43 million. That’s the number of policy-violating apps that Google flagged and booted from its Play platform in 2022. (Google)

Quote: “That Russian-native hacker who doesn’t speak English well is no longer going to craft a crappy email to your employees.”—NSA Cybersecurity Director Rob Joyce, speaking at RSA in San Francisco about generative AI’s impact on phishing tactics (Wired)

Read: How Target took a psychological approach to DevSecOps. (TechTarget)

Don’t hold back: Complete this short survey to help us continue making the content you love. You might even win a $250 gift card for completing it. Don’t be shy—share those thoughts.*

^{*This is sponsored advertising content.}