Research indicates that 75 percent of data breaches occur at small and medium-sized businesses, and that ninety-five percent of these data breaches are caused by hackers, rogue employees, or the loss or theft of equipment. And you don’t need to be a high-tech company to be susceptible to a damaging data breach. Any business, of any size, that has valuable or sensitive data that is stored electronically can become a victim of some type of cyber threat. What’s more, even paper files can be at risk.
Cyber liability is a serious issue for businesses. By definition, cyber liability is a range of potential liability exposures that can occur as a result of using, storing or transferring data electronically for business purposes. Sixty percent of small businesses that experience a cyber attack or some type of data breach close their doors within six months, unable to recover. If you fail to protect personal or corporate information that is stored on your business computers, networks, smartphones, laptops, and even paper files, your system and all kinds of sensitive data can be compromised.
How do data breaches happen? Typically, data breaches come in the following forms.
Hackers
Hackers can gain access to cash registers and credit card terminals in order to steal customer credit card information and use it to make unauthorized purchases. Target’s troubles at the end of 2013 are a perfect example of this type of hacking incident on a very large scale. Hackers are also knows to attack networks from the outside with malicious code and malware that can cause systems to shut down and businesses to lose money.
Theft
Just as hackers can “virtually” steal sensitive information, physical assets and devices can be stolen by outsiders and even by rogue employees. If laptops, backup tapes, disks or other devices that contain personal or sensitive information about customers are stolen, the information can again be used for unauthorized purchases and even identity theft.
Mishandling Information
Nobody’s perfect, and if your employees are not well-trained, conscientious and trustworthy, the mishandling or accidental exposure of sensitive information to outsiders can become a serious issue for your business.
In all of these cases, no matter how the data breach happens, the costs to your business can be devastating, usually going well beyond simply replacing equipment or updating outdated computers systems. Just some of the costs associated with a data breach include:
- Statutory requirements to notify individuals/business partners that data has been breached
- Public relations and investigative costs
- Loss of income/business interruption
- Providing credit monitoring services for those affected by the breach (e.g., customers whose sensitive data was compromised)
- Personal injury claims against you (e.g., slander or libel claims involving your website, blog or social media accounts)
- Loss of income/business interruption for a client or partner
- Ongoing public relations impact and loss of future business
So, how can you protect your business against cyber threats and a serious data breach? Here are some of the most important steps that The Andrew Agency suggests you take, compiled from various business and tech experts:
- Lock and secure sensitive customer and employee data. Store paper files, thumb drives, CDs and so forth in a locked compartment, and restrict access to sensitive data to only those employees who need to know, and who you trust.
- Shred and properly dispose of sensitive data. Shred all sensitive paper files before disposing of them, and if you must dispose of or recycle any computers or data storage devices, be sure they are wiped clean first. If you have devices that are not being used, dispose of them promptly.
- Employ strict password protection and data encryption. Business computers, laptops, tablets, smartphones and any other portable electronic devices used by employees must be protected with unique passwords and user names. Employees should be instructed or required to change their passwords on a regular basis. Encryption helps protect security and privacy of files as they are transmitted electronically. All computers, mobile devices, flash drives, backup tapes and emails should be encrypted.
- Control access to all of your business computers and portable devices. Every employee user must have a unique account and login, and any unused portable devices should be locked away when they are not being used. Know exactly what devices your employees are using for business purposes, and make sure they are secure.
- Use antivirus and antispyware software on all of your business computers to protect against malicious code and malware. Instruct employees to never open attachments, links or downloads from unknown sources. Be sure to keep all of your software and operating systems current and protected from the latest threats by installing updates as soon as they are available.
- Make sure that remote access to your computer network is secure. Use proven firewall software, and only allow remote access using a Virtual Private Network (VPN). In addition, Wi-Fi should be secure, encrypted and hidden, with a password required for access.
- Make sure that your business partners who have access to your data have appropriate data security in place.
- Train your employees to understand the importance of protecting sensitive data and how they are the first line of defense. Employees need to know how to use strong passwords and how to avoid dangerous links and downloads. Most importantly, you need to develop and implement a strict privacy policy that all employees understand and follow.
- Protect your website. Reassure customers with Trustmark’s clearly visible on your site, and use proven antivirus software to protect against outside attackers.
- Develop and communicate clear cyber security policies company-wide.
- Properly screen all potential employees, and hire good people that you can trust.
Last but not least, talk to your insurance agent about cyber liability coverage. Cyber liability coverage protects your business assets by covering your legal defense costs as well as any settlements or judgments that you must pay as a result of a lawsuit related to a cyber liability claim. It also covers public relations and other related expenses that you may incur as you attempt to salvage your reputation. Cyber liability insurance can be added to a business owner’s policy or a commercial general liability policy.
The cyber insurance market is still evolving to meet the ever-emerging threats. But it is still highly valuable protection for your business, and it can also give your customers and partners more confidence in your ability to appropriately handle and respond to the risks that are out there.
Contact The Andrew Agency
Have you assessed your exposures to cyber threats from both inside and outside your business? How vulnerable is your data? Would one breach threaten to wipe you out? Contact The Andrew Agency to help you tailor a cyber-liability insurance policy that will fit the needs of your business. Call (804) 320-2886 or visit theandrewagency.com.