When it comes to cyber crimes, the bad guys are getting bolder and more sophisticated all the time. Major attacks on corporate giants, the healthcare industry, and now the federal government have compromised the private data of tens of millions of U.S. citizens and are costing those organizations millions to deal with the fallout.
Just how big is this threat? The Identity Theft Resource Center (ITRC) reports that the number of data breaches in the U.S. hit a record high in 2014, and according to the World Economic Forum’s Global Risks 2014, cyber-attacks have become one of the five biggest threats worldwide.
These attacks have been a wake-up call for corporations and governments alike, but with bigger companies and government agencies starting to invest more in cyber security measures, smaller businesses that may be less protected are increasingly in the crosshairs.
Think you’re not vulnerable? If you run any type of business, regardless of size, you have plenty of sensitive and vulnerable information:
- Private customer and company information
- Your employees’ private health information
- Your company website that’s vulnerable to hackers, data miners, viruses, and other threats
- Any jobsite technology you might use such as smartphones, laptops, and tablets
- Internal threats such as paperwork errors or hacking by disgruntled workers
Bottom line: no business is immune any more, and if you become the victim of a cyber-attack, you could be facing liability for breach of confidential information, costs to notify individuals whose information has been compromised, investigative and public relations costs, loss of business income, and other legal and financial headaches, in addition to reputational damage.
What’s your game plan to battle these risks?
It’s no longer enough to have a strong defense in place against these risks, because you’re always in reactive mode – you get hit, you respond. The only way to stack the odds in your favor is to go on offense and keep your strategy evolving. That means taking time to thoroughly assess every risk and vulnerability, taking proactive steps to plug the holes, and being constantly vigilant and flexible as the threats evolve.
To put your cyber security program on offense, the first step is to have solid policies and procedures in place to cover prevention, resolution, and restitution. For protecting data, make sure you’re implementing a three-stage control process: administrative, technical, and physical:
- Administrative controls such as conducting background checks, using confidentiality agreements, thoroughly vetting all vendors, and conducting security awareness training with your employees.
- Technical controls such as anti-virus software, network segmentation, web and email filtering, and encryption of data on main drives, data in transit, and databases on servers.
- Physical controls include limiting access to buildings and sensitive data.
To put the finishing touch on your cyber security offensive, you need the right cyber liability insurance protection in case you do get hit. Your CGL insurance policy isn’t enough – it likely has either very limited or no coverage for these risks. There’s also no one-size-fits-all cyber policy – they vary greatly. So work with your insurance carrier to come up with a policy and a strategy that covers your specific risks. The last thing you need is to find out after an attack that you’re not covered.
Finally, arm yourself with knowledge to stay ahead of the bad guys with resources such as these:
- U.S. Chamber of Commerce Internet Security Essentials for Business 2.0
- Department of Homeland Security’s Cyber Security Evaluation Tool
In this age of cyber warfare, you need to put your business on offense to protect your bottom line. Contact the risk management experts at Heffernan Insurance Brokers to find out more.