Today cyber security is a real threat to individuals and organizations as more are attacked every year. Every three minutes in the U.S. an individual is a victim of a cyber crime. Cyber security incidents for businesses have surged almost 40% from 2014 to 2015 as reported by companies in PwC’s The Global State Of Information Survey 2016. Cyber-related attacks can be anything from breaches that take down systems to denial-of-service attacks that prevent a company’s website from doing business.
While technology has made huge advancements for just about every industry imaginable, it means more and more information has moved online. This has created extreme ease-of-use, but also created huge security vulnerabilities for many organizations. Whether companies have installed software themselves or outsourced some of their IT processes, they need to maintain certain basic security measures through updates and patches year over year
For many organizations, this is where they become vulnerable. Cyber-related disruptions from non-maintenance or lack of security measures may cause an initial loss of business, but in many cases, the business doesn’t come back. This is why over time the scope of property and casualty coverage has expanded to include specialty coverages such as privacy breach and cyber liability.
There are steps businesses can take to become aware of their security risks. Thinking through some basic steps for ensuring protection will help you identify any potential threats and help you assess the level of need for cyber coverage. Here are six tips from National Underwriter magazine that businesses can use to determine their level of cyber awareness and protection:
Know Your Federal & State Regulations – Make sure you know your responsibilities for compliance with state and federal laws. This is particularly true for medical or dental offices, pharmacies, long-term care facilities or home health care providers that need to comply with Health Insurance Portability and Accountability Act (HIPAA) statutes and laws such as the Health Information Technology for Economic Clinical Health Act (HITECH). However even small, retail businesses have responsibility to protect the consumer information they retain.
Secure All Mobile Devices – If you and your employees use tablets and smartphones for work, understand that data is generally not as secure on these devices compared to corporate laptops and desktops. In addition, when information is transferred from these devices to corporate computers, you need to have procedures in place so corruption doesn’t happen in the process.
Know Where Your Data Is – Even if you use a third-party for payment transactions, you are still liable for managing the data. You need to check to make sure you’re not securing credit card payment information on mobile devices and that the data storage center you’re using has information security. This also applies to any personal data you store on employees. It’s mandated this information be securely held.
Remember To Monitor Continuously – Small business owners need to recognize they are most vulnerable because they tend to use packaged software and outsource their IT. This may lead you to not have a true security center. Remember to monitor your security risks and put controls in place to safeguard against cyber hacks.
Create Greater Network Security – Understand that you are required to have the basic protective measures in place. Next, try to think beyond just implementing the minimum security requirements. If you have or plan to have cyber coverage, due diligence is required on your part. So ask yourself if you are prepared to manage the risk of a data breach. If you use a third-party vendor, ask them if they are prepared for a data breach, and if they have increased security measures as well.
Understand Your Software – You need to know what information you have, where it is, the applications controlling it, and who has access. Start trying to understand how the data works with the software that runs it. Also, look to have policies and procedures in place to update the software you have running everything. And above all, you need to recognize that cyber security is your responsibility.
Interested in keeping your business protected? Acadia Insurance provides property and casualty insurance products to businesses, which may include Privacy Breach & Cyber Liability coverage. Appointed independent agents are available throughout the Northeast to help you, click here to find one near you.
Source: National Underwriter. 6 Things Agents Need to Know About Basic Security For Cyber Coverage. December 2015.
Acadia Insurance is pleased to share this material with its customers. Please note, however, that nothing in this document should be construed as legal advice or the provision of professional consulting services. This material is for general informational purposes only, and while reasonable care has been utilized in compiling this information, no warranty or representation is made as to accuracy or completeness.