GT Insurance Blog

Insurance problems and cures

Posts Tagged ‘data breach liability insurance

More on hacking into car systems

leave a comment »

We wrote about losing data through rental cars (link here for the post).  The next day, out popped the news that Fiat/Chrysler is releasing a patch to fix a vulnerability which was just exploited, experimentally, by two researchers.

The researchers took control of some systems in a Jeep, from a physical distance, while the target was moving, by hacking in.

Fiat/Chrysler points out that it has not happened in “the real world”, yet.  And Fiat/Chrysler has already created a network level fix for other vulnerabilities.

The point is not that Jeeps are more vulnerable than other brands.  It probably is not.  It is that there are perhaps 26 million cars on the road with some remote data transmission (think Internet).  All new cars in the US have some access or can be accessed.  Therefore, eventually are cars will have these benefits, and vulnerabilities.

Your personal and commercial auto insurance policies can provide physical damage coverage.  The liability coverage protecting the owner from suits for injuries to passengers looks secure so far.  But protection for the manufacturers, dealers, and service shops?  That’s where the dice are still rolling.

Stay tuned.

Link to a Property Casualty 360/Bloomberg article on the patch for Jeep systems

 

http://www.gbwinsurance.com 800-548-2329

The Scope of Cyber Liability And Data Breach Exposures – And Insurance

leave a comment »

Computer_Drill_10-14

These are complicated exposures that now affect even small businesses.  And the necessary insurance coverages are complex too.

Business owners must think about paper records, physical system security, and electronic data.

  1. It will involve their physical building locations, as well as their e-systems.
  2. They’ll need to know how much data they use and/or archive, as well as how many, and what nature of customers that they have.
  3. They must think not just in terms of the operations that they solely control, but also of the “Network” in which they are engaged.

A network is as everything and everyone that business owners allow to have some portion of access to their corporate operations, whether they are employees (on-site or remote), on-site or remote contractors, connected third parties and even connected customers. This is especially true when it comes to the use of mobile devices.

Look at how broad the term “mobile device” is, legally, now.

Mobile data includes workstations, computer terminals, internal IT operations, their websites, Facebook pages, Twitter, and other social media connections, as well as all employee connections whether through company provided devices or their own. It also includes all other connections that your customers use to and from third parties to connect to you and accomplish their work, including off- site physical and e-storage locations. It involves current, stored/backed-up and archived data, and documents and files. It is everything.

Take a few hours a year to consider the risks to which your business is exposed.  Walking through that allows a business to better see what needs to be done, including insurance.

If you’d like to discuss this and other issues in cyber related insurance, or more traditional business insurance, give us a call at 800-548-2329.  We are a NJ insurance agency.

Data Breach – Learn Some Lessons from the Big Companies

leave a comment »

Computer_Drill_10-14You’ve seen data breach announcements at companies like Home Depot and Target.   And Morgan Stanley announced that it fired an employee who stole account data on 350,000 clients.  From those breaches come huge cyber liability lawsuits.

All are big companies with huge market value, large customer databases, strong brand names and plenty of budget to spend on data security.

We in the smaller businesses don’t have all those resources.   But are there lessons from these breaches that can provide learning to the owner or manager of a small business?

Yes, there certainly are.

The key lesson?  In most cases, part or all of the data breach was caused by people very close to the organization:

  • Home Depot – Criminals stole a vendor’s credentials.  Then they exploited a weakness in Microsoft Windows.  Then it looks like Home Depot may not have implemented the existing patch for that weakness.  That would be vendor weakness and poor IT procedures.
  • Target – It looks a Target emplyee clicked on a link in a vendor e-mail; the vendor had been hacked, and the link let criminals in the Target system.  That would be vendor weakness and poor security procedures at the employee level.  A Federal judge is allowing a lawsuit by credit card issuers to proceed against Target.
  • Morgan Stanley – Morgan Stanley is said to have caught the employee before the majority of the information was published or sold.  They said they’ve turned the information over to law enforcement.

These company probably spend more on data security that you or we bring in with total sales. And they were still burned.

What should you learn from their examples? (Our thanks to IT Radix for much of this material.  Click here to visit their page for more info or to get their help with IT problems.)

1) People you know are the most likely cause of a breach.  A former employee, a careless employee, an employee not implementing security, a vendor opening your door to hacking.

2) Have a secure back up program in place both onsite and offsite – ensuring that at least one part of the backup program is not directly attached to your network.

3) Have a password policy in place and follow it.  It should include:

  • A password strength protocol
  • A password change policy
  • A plan to change passwords

4) Consider putting an employee monitoring program in place that will help:

  • To monitor and filter website and web traffic
  • To guard against company secrets being shared via email
  • Delete files or lock a computer if a laptop is stole

5) Whether a user is accessing company files in the office or remotely, ensure that your file access permissions are correct and that at least double security identification measures are in place.

6) Put a strong email program in place where:

  • Email is backed up
  • Email is encrypted as it goes through the Internet.

7) Ensure that anti-virus and malware protection is in place and up to date.

8) Server and computer operating systems, software, anti-virus software, firewalls, applications of all sorts should patched and updated regularly – some daily.

9) Consider putting a hardware firewall appliance in your network and if outsiders need access to some company data, place that data outside / securely apart from the internal company network.

10) Separate your secure Wi-Fi network from any that guests use to access the Internet.

11) Cover yourself with data breach insurance for your own problems, and cyber liability insurance for losing control of client information.

The smart business owner or manager may not have heard all these recommendations before, but they are becoming survival issues for any organization, regardless of its size.

While we’re happy to talk about data breach insurance issues (in NJ 800-548-2329), the first stop is a good IT organization.  Call a good provider like IT Radix (at 973-298-6908.)

Applying for Data Breach/Cyber Liability Protection

leave a comment »

Data Breach, Cyber Liability, rising issues, increasing danger to your company, changing insurance requirements.

Here are some of the questions you have to answer to have insurance protection; and they are good questions to ask yourself in advance of a loss for risk management and company protection.  (We reviewed materials from Risk Placement Services Inc., CNA Insurance, Chubb Insurance, and several other insurance carriers in preparing this.)

Here’s the sample of simple questions from a generalized application:

1) Do you have a firewall on your computer network?

2) Do you have anti-virus/malware software on all computers? How is it updated?

3) Do you have computer and information security policies which all employees and third parties must follow?

4) Are employees allowed to store or download any personally identifiable information to laptops or removable storage media?  How do you control it?

5) Do you use wireless networks?  If so, is your security at least as strong as WPA, and requires two-factor authentication? (Ask your IT service provider.)

6) Do you have physical protection for computers and, for that matter, physical records and old computers?  (Did you ever go through an office and see a cubicle piled with old computers?  How secure is that?)

7) Does your IT service provider have Cyber Liability insurance?  Do they have Errors & Omissions insurance to protect you if they make a mistake?  Does your contract with your IT service provider make you an additional insured on their policy?

One thing the insurance companies ought to ask is how well you maintain passwords.  (No names, 10 or more characters, use all the characters on keyboard, no sharing passwords, change them once in a while, etc.)

If you’d like to discuss this, and what insurance is available in New Jersey, please give us a call at 800-548-2329.

Cyber Liability again – Cloud Computing

leave a comment »

Cyber liability/Data Breach Liability problems continue to heat up.

A North Jersey Law Firm (Mandelbaum, Salsburg) is putting on a seminar:  Hacked to Death.  They outline how cyber liability and data breach are threatening businesses, even those that never thought they could have a problem.

A major insurance company, CNA, is offering education to agents to try to bring them up to speed on the threat to business.  Here’s their Technology Underwriting Director’s comment at 8:00 AM 9/14/2012.

“In an effort to manage expenses, more businesses are transferring their back-office technology operations to “The Cloud”. They save money. But, they have not transferred their primary liability.

  • Who is responsible for your Insured’s data…that was “transferred” to The Cloud? Your Insured is.
  • How does the standard Property & Casualty respond? Not Covered

~Business Interruption…this is not a tangible loss. Not covered under Property.
~Privacy Injury…General Liability has been amended to exclude intangible property damage. Not Covered under General Liability

~Network Security Breaches…Not Covered because they have not purchased coverage ”

If you would like more information about cyber liability and data breach, Click through here for the GBW Insurance page, or call us at 1-800-548-2329.  Or click the Mandelbaum, Salsburg link above.