GT Insurance Blog

Insurance problems and cures

Posts Tagged ‘data breach planning

Do You Allow Surfing At Work?

leave a comment »

SurfboardWhy would you worry about your employees surfing the Net?

Salary.com survey said that 64% of workers admitted visiting websites not related to work, every day while at work.  24% of those employees said they spent 5 or more hours a week on such websites.  (Note that Salary.com, ironically, has a section for job searches.)

Since another survey suggests that 40% of Internet use in the workplace is not business related, I’d guess that (surprise!) people are understating how much they use your computers for non-work purposes.

Let’s just skip over how much your company’s bandwidth may be used for watching porn.

In 2012 the Federal Court of Appeals for the Ninth Circuit  held that using an employer’s computer for inappropriate  purposes is not a Federal crime, though one statute called that into question.  You the owner may have to prove that your employee was harming your company before you can discipline/fire/jail him or her.  Here’s a link to a Wall Street Journal law blog.

IT service provider IT Radix recommends that you implement Internet monitoring software to go with your anti-virus, encryption, and other defenses. It’s not insulting any more than a railing on stairs is insulting.  Tell your employees what the rules are, have a written policy, and the software will remind people when they trip.

(Thanks to our client Surfernetwork for the picture of the surfboard hanging from the ceiling of their office.  Surfernetwork provides live streaming of radio stations, virtual radio station support, and streaming of corporate meetings and messages. )

Data Breach Recovery

leave a comment »

Computer_Drill_10-14The news media are starting to use hysteric phrases like “cyber war”.  At least we think those are way overblown.  However, the threats and costs of data breach and cyber liability are growing.

We’ve offered some ideas about protection and recovery in our blog.  And data breach insurance is available.  (Not cheap, unless you compare it to the possible loss.)  But your best protection is planning, first for prevention, and then for recovery.  Here’s a quote from an IT professional we respect.

“It’s not enough to buy a “data backup solution”. You need to understand how it works and you need a clearly documented plan on how to access your data when and how you need it.”  Frank Ableson of Navitend www.navitend.com  “The costs to your business in terms of time and money are stunning in the event that you need to recover more than a file or two.”

Here are some planning steps

1) Look at what can take your IT systems down, whether by direct impact or because your entire business is disrupted.  How long might each last?  This is assessing the potential causes of loss.

2) How much might that cost you initially?  What are the long term losses? (Money, time, customers, potential customers, lawsuits, etc.)  This is assessing the financial impact, the chances of your recovery.

a) Make a list of impacted vendors.  What are they doing or what could they do to help you recover faster?

b) Make a list of key customers.  Which are the most affected if your systems are out?  Which have the most critical information in your hands, so that your loss of information is most threatening to them?  What can you do to increase protection for that information?

3) What is your back up?  Where is it?  How will you access it?

4) Talk with your IT provider about those issues.  What can they do to improve resistance and recovery time?  What is that worth vs. potential losses?

5) Review physical protection if you still store key information or records in physical form.  How do you restrict employee access to those who need to know?

6) Where is recovery money going to come from?  Insurance for physical damages is obvious; review data breach for your own losses and cyber liability for loss of customer information.

Given the costs of data breach recovery and cyber liability insurance, and the threat to your business, this is worth some planning time.  You can ask Frank Ableson of Navitend for advice on the IT end; 973-448-0070. And we can discuss the insurance issues with you; 800-548-2329.