Intact Management Liability Welcomes Courtney Payne

We are pleased to welcome Courtney Payne – a new member to our growing Management Liability team.

Courtney is based in Chicago and joins as a Senior Underwriter, bringing in more than 10 years of underwriting experience, working on private, not-for-profit and healthcare organizations. Prior to joining the Management Liability team, Courtney worked at Great American Insurance Group.

She can be reached at cpayne@intactinsurance.com.

Video Update from Intact Management Liability. Hear from SVP Kilauren McShea

At Intact Management Liability, we pride ourselves on doing business person-to-person.

2020 was an exciting year for our organization and 2021 is already off to a great start.

Please enjoy this video featuring Senior Vice President Kilauren McShea to learn more about our Management Liability capabilities, organizational and team updates as well as some of our recent successes.

Intact Management Liability provides tailored solutions designed for a wide range of organizations including not-for-profit organizations, healthcare organizations, private companies and publicly traded companies of all of all sizes and types.

Watch video here >>

Learn more about our management liability products and services or contact a member or our team for more information.

Intact Specialty contributes to Surety Foundation’s Intern and Scholarship Program

We are pleased to share that the Intact Charitable Trust, on behalf of Intact Surety, has made a donation to the Surety Foundation – the charitable arm of The Surety & Fidelity Association of America.

The contribution is to support their Intern and Scholarship Program, which provides financial assistance and internship opportunities to underrepresented students who are considering a career in surety and fidelity bonding.

We applaud the Surety Foundations’ commitment to advancing diversity within the industry and are proud to support their efforts.

Phishing Alert: Beware of Browser Extensions

Browser extensions are small software programs that offer features like filters and controls to change the way a user views web pages and services. They run inside web browsers and enable users to tailor the functionality of a browser.

Although these features are useful, they can also potentially pose a threat to privacy and security. Browser extensions are available from browser entities as well as third-parties – and cybercriminals have found ways to publish malicious browser extensions that perform illicit activities, including spying, data theft and more.

Are Browser Extensions Worth the Risk?

Most extensions are free. Some operate in the background and automatically perform specific tasks, while others appear as options/icons on the menu or next to the address bar. Extensions are commonly downloaded to: create toolbars, block ads and pop-ups, change appearance of web pages, optimize memory usage to improve browser efficiency, compare shopping sites and look for coupons, change search engine options, start page, or new tab page.

However, recently, several extensions have been found to be malicious. They are set up to: track every page visited, read and/or write all data in browsing sessions, download passwords and personal information, or install malware, adware, or viruses.

Hackers develop their own malicious extensions or hijack legitimate ones. Most malicious extensions originate from third-party websites; however, they’ve also been known to slip into official web browser stores. Over 65% of Google Chrome Web Store extensions require some type of permission, and Chrome issues a warning to “watch out for extensions that require permissions that are irrelevant to the core purpose of the extension”.

Additionally, it’s difficult for anti-virus programs to identify malevolent extensions. Because they update automatically, an extension may change from being harmless to dangerous without your knowledge.

There are few opportunities for developers of these extensions to monetize extensions. As their customer base grows, maintaining and providing support proves difficult. Hence, some sell anonymized data they’ve collected to third parties, which is generally legal; however, the data may not be fully anonymized thus creating privacy issues. Developers sometimes also accept payment from hackers to include hidden nefarious code in their extensions. A recent Krebs on Security article spotlighted a company that was paying to embed its code in browser extensions for the purpose of masking the real IP address of its own customers for possibly unscrupulous purposes.

Security Best Practices to Mitigate Browser Extension Risks

While installing a browser extension on your device, take into consideration the protection of your online activity. Forego installing browser extensions unless they are essential. If you choose to install them, exercise caution:

  • Limit them – only install what you need and will use.
  • Install from official browser websites where they will have undergone some scrutiny.
  • Review the permissions and privacy policy. Some extensions require access to everything or a sensitive sites (like your email) that you want to keep secure.
  • Verify that extensions are actively supported.
  • Read the description and reviews. Be suspicious if the description has spelling or grammar errors, the extension is relatively new or not widely used, all reviews are five stars or similarly worded.    
  • Do not agree to update an extension if it requests more permissions than the previous version. If this occurs with an extension you trust, consider removing it.
  • Never download and install an extension because a website indicates it is needed to view content.
  • If an opportunity to install an extension appears and you weren’t looking for it, do not install it.  Hackers can try to scam consumers via pop-ups or phishing emails.     
  • Disable or remove unused extensions. Visit ComputerHope.com for their guide.