GT Insurance Blog

Insurance problems and cures

Posts Tagged ‘cyberliability

19% have Cyber Insurance, 50% expect more attacks

leave a comment »

Computer_Drill_10-14Most companies don’t have cyber/data breach insurance.  And most think attacks are getting worse (and they’re right).  But even large companies are 4 times more likely to use insurance to protect loss of physical assets than loss of data.

These figures come from a current Ponemon Institute study quoted by the national Professional Insurance Agents. (PIA)  There’s a link to the study at the bottom of this post.

What do we have to do to convince businesses to protect themselves?

I think, as President of the New Jersey Professional Insurance Agents in addition to GBW Insurance, that most agents are including information about Cyber issues in their talks with clients.  But the level of misinformation and ignorance at the client end is still very high.

Smaller businesses tend to assume 1) that they are not exposed, and 2) that there is adequate coverage in their basic insurance policies.  #1 is a bad joke; small businesses are great targets for hackers and even better for disgruntled employees.  And #2 is a fantasy.

I’m going to go write another letter to all our business clients…

Professional Insurance Agents (PIA) link to the study

The Ponemon Institute study has many other entertaining facts. For example, large  publicly held companies said they would have to disclose large lawsuits or large-scale damage to physical assets, but not cyber penetration.  I’d like to hear a business litigation attorney on that one.

Data Breach – Learn Some Lessons from the Big Companies

leave a comment »

Computer_Drill_10-14You’ve seen data breach announcements at companies like Home Depot and Target.   And Morgan Stanley announced that it fired an employee who stole account data on 350,000 clients.  From those breaches come huge cyber liability lawsuits.

All are big companies with huge market value, large customer databases, strong brand names and plenty of budget to spend on data security.

We in the smaller businesses don’t have all those resources.   But are there lessons from these breaches that can provide learning to the owner or manager of a small business?

Yes, there certainly are.

The key lesson?  In most cases, part or all of the data breach was caused by people very close to the organization:

  • Home Depot – Criminals stole a vendor’s credentials.  Then they exploited a weakness in Microsoft Windows.  Then it looks like Home Depot may not have implemented the existing patch for that weakness.  That would be vendor weakness and poor IT procedures.
  • Target – It looks a Target emplyee clicked on a link in a vendor e-mail; the vendor had been hacked, and the link let criminals in the Target system.  That would be vendor weakness and poor security procedures at the employee level.  A Federal judge is allowing a lawsuit by credit card issuers to proceed against Target.
  • Morgan Stanley – Morgan Stanley is said to have caught the employee before the majority of the information was published or sold.  They said they’ve turned the information over to law enforcement.

These company probably spend more on data security that you or we bring in with total sales. And they were still burned.

What should you learn from their examples? (Our thanks to IT Radix for much of this material.  Click here to visit their page for more info or to get their help with IT problems.)

1) People you know are the most likely cause of a breach.  A former employee, a careless employee, an employee not implementing security, a vendor opening your door to hacking.

2) Have a secure back up program in place both onsite and offsite – ensuring that at least one part of the backup program is not directly attached to your network.

3) Have a password policy in place and follow it.  It should include:

  • A password strength protocol
  • A password change policy
  • A plan to change passwords

4) Consider putting an employee monitoring program in place that will help:

  • To monitor and filter website and web traffic
  • To guard against company secrets being shared via email
  • Delete files or lock a computer if a laptop is stole

5) Whether a user is accessing company files in the office or remotely, ensure that your file access permissions are correct and that at least double security identification measures are in place.

6) Put a strong email program in place where:

  • Email is backed up
  • Email is encrypted as it goes through the Internet.

7) Ensure that anti-virus and malware protection is in place and up to date.

8) Server and computer operating systems, software, anti-virus software, firewalls, applications of all sorts should patched and updated regularly – some daily.

9) Consider putting a hardware firewall appliance in your network and if outsiders need access to some company data, place that data outside / securely apart from the internal company network.

10) Separate your secure Wi-Fi network from any that guests use to access the Internet.

11) Cover yourself with data breach insurance for your own problems, and cyber liability insurance for losing control of client information.

The smart business owner or manager may not have heard all these recommendations before, but they are becoming survival issues for any organization, regardless of its size.

While we’re happy to talk about data breach insurance issues (in NJ 800-548-2329), the first stop is a good IT organization.  Call a good provider like IT Radix (at 973-298-6908.)

Keep Intruders Out

leave a comment »

Weeds - Dandelion

From IT provider IT Radix , a parable about protecting your business from Cyber Breach.  A few simple steps to a better lawn, and a safer computer environment.

Stinkgrass, Hairy Galinsoga, Goosegrass, Bull Thistle, Prickly Lettuce, Fizzer, Zeus, Rootkit, and Sasfis.

Do these names mean anything to you?   This is a list of nine intruders! You might not know all of them, but they sure can cause trouble for you. The first five listed are all very common weeds that invade gardens and lawns in New Jersey. The last four are names of famous computer viruses. These viruses are as bad as or worse than some of these weeds. A computer virus can take over a computer network faster than kudzu growing along a southern country road in the heat of July.

What can you do to protect yourself from these garden intruders?

In New Jersey lawns and gardens, there are a number of things you can do to keep the weeds at bay without the use of strong pesticides and chemicals. Things to consider include:

Reduce open areas — Weeds are simply plants that take advantage of open areas. Crowd them out in your lawn by cutting the grass very high or in your garden by minimizing open space and adding healthy mulch or covering with sheeting fabric where necessary.

Maintain healthy soil — Fertilize, aerate, drain, till and hoe your garden soil.

Weed garden beds — No method is 100% foolproof, so there will be some weeds that pop up from time to time. Get at them quickly, and do not let them go to seed! Some people believe dousing some with vinegar does the trick. Whatever method you choose, weeding keeps intruders from spreading.

Okay, you’ve protected your garden from these intruders. Now, how can you protect yourself from those intruders that can take over your computer or network?

There are a number of things you can do to protect your computers from hackers and viruses. Just like keeping weeds out of your landscape, it is important to employ a number of these recommendations in order to heighten your chances of success and lower your risk of allowing intruders in:

Have the right hardware — A firewall is an important piece of equipment that can help block hackers from entering and using your network. It blocks communications to and from sources you do not permit.

Have the right software — Anti-virus software protects your network from viruses that can destroy your data and/or slow down or even crash your network. Anti-spyware software prevents items from being installed on your network without your knowledge or consent.

Secure your Wi-Fi network — Encrypting your Wi-Fi network is the key step—using WPA encryption at least.

Share files only as needed — File sharing software and web portals can be avenues that create risks. Be careful when sharing files and/or use sharing services like Drop Box.

Use strong passwords — Choose passwords that use a variety of characters and symbols and are difficult to guess. Longer is always better (minimum of ten characters).   Mums the word when it comes to your passwords—don’t share!

May is here; time to get out and enjoy the nice weather and keep your garden and lawn happy and healthy. You can always count on the master IT gardeners at IT Radix!

Thanks from GBW Insurance – 800-548-2329

Cyber Liability – Is your website infected?

leave a comment »

As though there weren’t enough problems, websites can be compromised, becoming sources of computer virus infection for your clients. Talk with us about #CyberLiability and #DataBreach insurance. 1-800-548-2329.

Google’s survey says there are many more compromised legitimate sites than there are sites designed to spread malware.  Click here for a commentary from our client IT Radix and access to the Google Malware Dashboard.

Once a legitimate site is compromised, all the unpleasant things you’ve heard of start happening: malware recording your entries or your clients’ entries, spreading viruses, and so on.  Your site is likely to be black listed by search engines.  It takes a long time and a lot of work to come back from that.

As soon as IT Radix scared us with this topic, we ran out to their suggested screening site  http://sitecheck.sucuri.net/scanner/ and checked our sites.  Everything was fine, today.  Our site providers keep track of this, but with the damage that we could face, it’s important to keep checking, and to keep our insurance in place.

Who owns your company’s data? How do you make sure?

leave a comment »

You own your data, but you have to take steps to make sure you can control it, both legally and in the cyber world.

Do your employees use only devices your company owns?
Have they acknowledged that their information on those devices is not private?

If they use their own devices to access your information, have they agreed to let you review any and all information on those devices?
Have they agreed to let you wipe their devices if you find your information on them?

All of this should involve help from your own lawyer.

Even if you get a signed acknowledgement that you can look at their information and look at information on devices they own, you’d better be talking to your own lawyer if you run into a communication between your employee and his or her own attorney.

On the IT front, a good IT provider can help erect barriers to penetration by outsiders, and to theft of data by insiders.

But multiple platforms are complicating IT.  Mobile malware is exploding.  And many small businesses don’t keep current with firewalls and monitoring of data use.

If you’d like to discuss IT issues in more depth, try this link to IT Radix.  And we thank them for putting on the seminar that provoked many of these questions today.

The legal questions in the seminar today were posed by Colin Page, Esq.  Try this link to make contact with his law firm if you have questions on data ownership and employment issues.

Cyber Liability again – Cloud Computing

leave a comment »

Cyber liability/Data Breach Liability problems continue to heat up.

A North Jersey Law Firm (Mandelbaum, Salsburg) is putting on a seminar:  Hacked to Death.  They outline how cyber liability and data breach are threatening businesses, even those that never thought they could have a problem.

A major insurance company, CNA, is offering education to agents to try to bring them up to speed on the threat to business.  Here’s their Technology Underwriting Director’s comment at 8:00 AM 9/14/2012.

“In an effort to manage expenses, more businesses are transferring their back-office technology operations to “The Cloud”. They save money. But, they have not transferred their primary liability.

  • Who is responsible for your Insured’s data…that was “transferred” to The Cloud? Your Insured is.
  • How does the standard Property & Casualty respond? Not Covered

~Business Interruption…this is not a tangible loss. Not covered under Property.
~Privacy Injury…General Liability has been amended to exclude intangible property damage. Not Covered under General Liability

~Network Security Breaches…Not Covered because they have not purchased coverage ”

If you would like more information about cyber liability and data breach, Click through here for the GBW Insurance page, or call us at 1-800-548-2329.  Or click the Mandelbaum, Salsburg link above.

Cyber Liability

leave a comment »

For small and mid-size business, think of two big problems from cyber attacks.

On one side you have the possibility that a cyber attack will steal your business assets. If you don’t know that you have insurance protection against that, you don’t.

The Wall Street Journal recently published an article about one attack on one company.  Over $1M gone because the hackers got into a funds transfer process with weak security.

Another major exposure, and actually larger for most small companies,  is damage to your clients or others where you have collected private information.  Insurance for cyber liability due to release of that information is more complex and relatively uncommon.  It’s out there and if you need advice, give us a call at 1-800-548-2329.