Many insurance companies are including limited cyber coverage in some commercial package policies on the market today. You need to be aware that this coverage is not intended to provide the higher levels of protection required to cover the varied cyber incidents occurring these days.
Just as you secure your premises to attempt to avoid having a loss, it’s just important to secure your IT systems. In the event you do suffer a cyber-attack, having a solid cyber insurance policy can provide coverage for both first party and third-party losses.
First Party losses are costs that must be born by you, the insured. This can include:
Network Failure and resultant Business Interruption
Outside provider/cloud service provider failure
Cyber extortion and ransomware
Third Party losses are those costs that you will be liable for as a result of the cyber breach:
(Network) Privacy and confidentiality liability
Privacy and network security liability
Technology Errors &Omissions
Payment Card Industry Data Security Standard losses (PCI DSS
Additional costs for such expenses incurred in crisis management, fraud response, public relations and forensic and legal may also be included in the protection depending on the insurance product purchased.
Premiums will be determined based on a number of factors including:
Type and amounts of coverage required
Industry and business type
Size of the business
Type of data stored on the network
Risk mitigation and security measures taken by your company
History of cyber-attacks
An insured loss whether it be to your physical property, a third-party liability claim or a malicious cyber event can put you out of business.
Remember many of the breaches and hacks are caused by simple human error. I’ll share some tips on what to look for so you aren’t victimized.
Let me remind you that I am not a techie. I’m a business owner just like you and feel that it’s important to me to understand the risk and prepare. It’s like putting a fire wall in a building to prevent spread of a fire or ice-melt on your sidewalks to prevent slip and falls. Cyber risk is huge and very costly and I want to be prepared. Hopefully this information will be helpful to you and please check with your tech guru for their expertise.
I preface this blog with a reminder that protecting yourself, your data and data of others, is not just a nice thing to do. There are laws in place that impose strict rules and responsibilities under Provincial and Federal laws. The Personal Information Protection and Electronic Documents Act (PIPEDA) (PIPEDA) and Canada’s anti-spam legislation (Anti-Spam) are two pieces of legislation.
Here are some suggestions as to how you might protect yourself.
1. Know what’s happening. If you read my first blog, you are already aware of the some of the threats posed by cyber-criminals. Good for you!
2. Change your passwords. I know! That’s such a pain. It’s much easier to use one password for all your sites. The danger in that is that if your passwords are duplicated and not changed regularly, a hacker has much easier access to all of your sites. There are a number of software programs available to assist you. Personally, I use Norton’s Password protector.
3. Secure your home office. Have you changed your router password since it was installed? Do you have antivirus software and automatic back-up tools?
4. SPAM. You’ve all seen those emails that look like they are coming from someone you know. So, you click on it or worse yet open an attachment. Bang – you’ve just downloaded malware onto your system. Check email headers and sender’s addresses and only open attachments of verified trusted senders and those that you are expecting to receive.
5. VPN. With so many business owners and employees working from home, it makes it much more accessible to cyber-criminals. A Virtual Private Network on your home computer can mask your internet protocol (IP) address so that your online activity is virtually untraceable. It establishes secure and encrypted connections. Again, shop around to get good speed and reliability.
These are just a few tips that many of you may know about. If not, I hope it’s been helpful. Remember to call on the tech experts. I would also suggest that perhaps an Information Technology Audit might be appropriate to make sure you are safeguarding your assets, maintaining data integrity and operating effectively.
In our next blog, I will talk about the next level of cyber protection – yes Insurance! As technology and society changes, the insurance world must adapt. There are now many insurers who have products available. We will talk about some of the features to look for.
Breaches, DDo’s, Phishing, Whaling, Malware, Porting, Trikbots, Ransomware and Zoombombing. What do these words have in common?
Yes! These are all Cyber Crimes and every business owner who owns a computer and uses email or has a website is a target.
And nowadays we are all more exposed than ever. The majority of business owners and employees are working from home now. You can bet that cyber criminals are also stepping up their game as security working from home is usually not as effective.
The FBI recently announced that cyber crime has quadrupled compared to the months before the COVID 19 pandemic.
Examples of Cyber Risks
Employee Error – losing a USB key, failing to secure passwords. If you do hard drive back-ups and the back-up is lost or stolen that’s a huge potential privacy breach that could cost thousands of dollars.
Malicious Hackers – These hackers attempt to shut companies down – steal data or money. Hackers have become an enterprise with HR, Research & Development and customer service departments
Ransomware/Extortion – This is a hack where data is stolen or made inaccessible and a demand is made, usually for cash (bitcoin). Any business depending on their online presence to sell their products is at risk.
Breach – any time sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual or entity without authorization.
DDos – Distributed Denial of Service. An attack that attempts to render an online service unavailable by overwhelming it with traffic from multiple sources.
Malware – Code with malicious intent that typically steals data or destroys something on the computer. Installed malware on a corporations’ computer can work silently in the background and corrupt months or years worth of data.
Phishing – an attempt to obtain sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Threat Agent – An individual or group that can manifest a threat. This may not even be intentional. It could simply involve an inept computer operator who trashes a batch job by typing the wrong command.
Whaling – An attack that typically involves a hacker masquerading as a senior executive asking an employee to transfer money.
Porting – (SIM porting) someone impersonating someone requests a mobile provider “port” or move his number to a new SIM card on a different device. Criminals steal personal information via mobile phones in order to gain access to bank accounts, apply for credit in your good name, or impersonate you to defraud your entire contact list.
The list goes on and changes as new threats are created and discovered. It’s a moving target.
If you are interested in learning more, you can peruse some of these articles that I have include for you at the end of this blog.
Stay tuned for the next blog where I will share some tips from the experts on some of the ways you can protect yourself.
Thanks for following my videos and blogs. For me, it’s not just about protecting consumers by providing them with insurance options. Its more about education and communication that helps to identify, analyze, evaluate, and treat risk – be it an insurance product or other method of avoiding, reducing, sharing, or retaining the risk.
Remember – “We make a living by what we get; we make a life by what we give”
Take care, stay safe and be well.
In the News
April 1, 2020 Cyber-Attacks up 37% Over the Past Month as Covid 19 Bites
Oct 3/19- Just a name or birthday can be worth up to $1.50 on the black market. A scanned passport or driver’s license can command up to $35, and a full ID package (name, address, social insurance number, e-mail address and bank account number) can go for up to $100.