GT Insurance Blog

Insurance problems and cures

Archive for the ‘data breach planning’ Category

More on hacking into car systems

leave a comment »

We wrote about losing data through rental cars (link here for the post).  The next day, out popped the news that Fiat/Chrysler is releasing a patch to fix a vulnerability which was just exploited, experimentally, by two researchers.

The researchers took control of some systems in a Jeep, from a physical distance, while the target was moving, by hacking in.

Fiat/Chrysler points out that it has not happened in “the real world”, yet.  And Fiat/Chrysler has already created a network level fix for other vulnerabilities.

The point is not that Jeeps are more vulnerable than other brands.  It probably is not.  It is that there are perhaps 26 million cars on the road with some remote data transmission (think Internet).  All new cars in the US have some access or can be accessed.  Therefore, eventually are cars will have these benefits, and vulnerabilities.

Your personal and commercial auto insurance policies can provide physical damage coverage.  The liability coverage protecting the owner from suits for injuries to passengers looks secure so far.  But protection for the manufacturers, dealers, and service shops?  That’s where the dice are still rolling.

Stay tuned.

Link to a Property Casualty 360/Bloomberg article on the patch for Jeep systems

 

http://www.gbwinsurance.com 800-548-2329

Data Loss Through a Rental Car?

leave a comment »

Let your paranoia loose!

  1. You fly into an airport for a meeting or vacation.

  2. You rent a car.

  3. You connect a device to that rental through Bluetooth.

  4. You put your call logs and contacts in the car’s system.

  5. You return the car at the airport and fly home.

  6. You leave your info for the employees at the return site or the next person who rents the car.

Numbers 4 and 6 were probably not on your to-do list.

You can usually wipe out the data before you turn the car back in.  It’s not technically difficult but each make of car has a different process.  Take a look at your own car’s process for saving that info.  Then check rental cars when you pick them up.  Or ask a tech person from your IT provider.  Or don’t make phone calls through the car.  Or demand that the rental site show you how to wipe the memory.

As newer systems like Apple Car Play become standard in new cars, the problem should diminish.  Those systems display info but don’t store it.

Does your personal car insurance cover this? Take a look; nope.

Call us with car insurance questions.  GBW Insurance agency in New Jersey 800-548-2329.

Click here for a  longer report from Fox News  This one is from Kim Komando (Komando.com)

19% have Cyber Insurance, 50% expect more attacks

leave a comment »

Computer_Drill_10-14Most companies don’t have cyber/data breach insurance.  And most think attacks are getting worse (and they’re right).  But even large companies are 4 times more likely to use insurance to protect loss of physical assets than loss of data.

These figures come from a current Ponemon Institute study quoted by the national Professional Insurance Agents. (PIA)  There’s a link to the study at the bottom of this post.

What do we have to do to convince businesses to protect themselves?

I think, as President of the New Jersey Professional Insurance Agents in addition to GBW Insurance, that most agents are including information about Cyber issues in their talks with clients.  But the level of misinformation and ignorance at the client end is still very high.

Smaller businesses tend to assume 1) that they are not exposed, and 2) that there is adequate coverage in their basic insurance policies.  #1 is a bad joke; small businesses are great targets for hackers and even better for disgruntled employees.  And #2 is a fantasy.

I’m going to go write another letter to all our business clients…

Professional Insurance Agents (PIA) link to the study

The Ponemon Institute study has many other entertaining facts. For example, large  publicly held companies said they would have to disclose large lawsuits or large-scale damage to physical assets, but not cyber penetration.  I’d like to hear a business litigation attorney on that one.

The Scope of Cyber Liability And Data Breach Exposures – And Insurance

leave a comment »

Computer_Drill_10-14

These are complicated exposures that now affect even small businesses.  And the necessary insurance coverages are complex too.

Business owners must think about paper records, physical system security, and electronic data.

  1. It will involve their physical building locations, as well as their e-systems.
  2. They’ll need to know how much data they use and/or archive, as well as how many, and what nature of customers that they have.
  3. They must think not just in terms of the operations that they solely control, but also of the “Network” in which they are engaged.

A network is as everything and everyone that business owners allow to have some portion of access to their corporate operations, whether they are employees (on-site or remote), on-site or remote contractors, connected third parties and even connected customers. This is especially true when it comes to the use of mobile devices.

Look at how broad the term “mobile device” is, legally, now.

Mobile data includes workstations, computer terminals, internal IT operations, their websites, Facebook pages, Twitter, and other social media connections, as well as all employee connections whether through company provided devices or their own. It also includes all other connections that your customers use to and from third parties to connect to you and accomplish their work, including off- site physical and e-storage locations. It involves current, stored/backed-up and archived data, and documents and files. It is everything.

Take a few hours a year to consider the risks to which your business is exposed.  Walking through that allows a business to better see what needs to be done, including insurance.

If you’d like to discuss this and other issues in cyber related insurance, or more traditional business insurance, give us a call at 800-548-2329.  We are a NJ insurance agency.

Do You Allow Surfing At Work?

leave a comment »

SurfboardWhy would you worry about your employees surfing the Net?

Salary.com survey said that 64% of workers admitted visiting websites not related to work, every day while at work.  24% of those employees said they spent 5 or more hours a week on such websites.  (Note that Salary.com, ironically, has a section for job searches.)

Since another survey suggests that 40% of Internet use in the workplace is not business related, I’d guess that (surprise!) people are understating how much they use your computers for non-work purposes.

Let’s just skip over how much your company’s bandwidth may be used for watching porn.

In 2012 the Federal Court of Appeals for the Ninth Circuit  held that using an employer’s computer for inappropriate  purposes is not a Federal crime, though one statute called that into question.  You the owner may have to prove that your employee was harming your company before you can discipline/fire/jail him or her.  Here’s a link to a Wall Street Journal law blog.

IT service provider IT Radix recommends that you implement Internet monitoring software to go with your anti-virus, encryption, and other defenses. It’s not insulting any more than a railing on stairs is insulting.  Tell your employees what the rules are, have a written policy, and the software will remind people when they trip.

(Thanks to our client Surfernetwork for the picture of the surfboard hanging from the ceiling of their office.  Surfernetwork provides live streaming of radio stations, virtual radio station support, and streaming of corporate meetings and messages. )

Cyber Security, Mobil Devices – Threats and Insurance

leave a comment »

Computer_Drill_10-14

We have now seen, month after month, one major company after another suffering data breaches.

You would think that people would have gotten the message about the dangers of cyber penetration and other forms of data breach.  You would also think businesses would take strong preventive measures and buy more insurance for their own protection.

But it looks as though, even while mobile device data breach is a real threat, businesses and consumers are not catching up with the problems.

The Ponemon Institute (click here for the website), dedicated to data protection and information security policy, found that IT security specialists believe mobile devices to be the fastest frowing part of networks, and less secure than other components.  But at the time of the survey, 30% said that they had no security system in place for corporate mobile assets.

In a survey of consumers, Kaspersky Internet Security found that 58% are concerned about the safety of their information on mobile devices.  But 38% still store highly sensitive data on their mobile devices, even though they fear it can be hacked.  80% of consumers surveyed think that financial cyber attacks are becoming more frequent, and 40% still use their obile devices to transact banking business.

One implication for businesses is that consumers and your B2B customers regard data breach protection as your responsibility.  Over 75% of consumers in the study cited above believe that businesses, banks, and online payment systems, either have or should provide secure applications and systems to protect them against cyber attacks.

Businesses need advice; if there is one field of insurance coverage which is not largely uniform across the industry, it is cyber liability/data breach.

If you’d like to work on your corporate protection for data breach losses, give us a call at GBW Insurance 800-548-2329, or click here to leave a quick request for info or a quote.

Thank you to the National Association of Professional Insurance Agents for some of this material.

Data Breach Recovery

leave a comment »

Computer_Drill_10-14The news media are starting to use hysteric phrases like “cyber war”.  At least we think those are way overblown.  However, the threats and costs of data breach and cyber liability are growing.

We’ve offered some ideas about protection and recovery in our blog.  And data breach insurance is available.  (Not cheap, unless you compare it to the possible loss.)  But your best protection is planning, first for prevention, and then for recovery.  Here’s a quote from an IT professional we respect.

“It’s not enough to buy a “data backup solution”. You need to understand how it works and you need a clearly documented plan on how to access your data when and how you need it.”  Frank Ableson of Navitend www.navitend.com  “The costs to your business in terms of time and money are stunning in the event that you need to recover more than a file or two.”

Here are some planning steps

1) Look at what can take your IT systems down, whether by direct impact or because your entire business is disrupted.  How long might each last?  This is assessing the potential causes of loss.

2) How much might that cost you initially?  What are the long term losses? (Money, time, customers, potential customers, lawsuits, etc.)  This is assessing the financial impact, the chances of your recovery.

a) Make a list of impacted vendors.  What are they doing or what could they do to help you recover faster?

b) Make a list of key customers.  Which are the most affected if your systems are out?  Which have the most critical information in your hands, so that your loss of information is most threatening to them?  What can you do to increase protection for that information?

3) What is your back up?  Where is it?  How will you access it?

4) Talk with your IT provider about those issues.  What can they do to improve resistance and recovery time?  What is that worth vs. potential losses?

5) Review physical protection if you still store key information or records in physical form.  How do you restrict employee access to those who need to know?

6) Where is recovery money going to come from?  Insurance for physical damages is obvious; review data breach for your own losses and cyber liability for loss of customer information.

Given the costs of data breach recovery and cyber liability insurance, and the threat to your business, this is worth some planning time.  You can ask Frank Ableson of Navitend for advice on the IT end; 973-448-0070. And we can discuss the insurance issues with you; 800-548-2329.