GT Insurance Blog

Insurance problems and cures

Posts Tagged ‘data breach

Business Continuity – Disaster vs. Recovery

leave a comment »

25% of businesses do not reopen after a major loss.

48% of businesses do not even pretend to have a business continuity plan.*

But 95% think they are prepared.*

Is your plan only keeping your insurance policy somewhere safe?  (Which is not the worst start in the world, but it’s grossly inadequate.)

Do you have tasks for each employee after a disaster?  (Did they actually agree to them?)

What would actually be a disaster for your company?  (Flood, hurricane, fire, data breach, lawsuit, death of an owner?)

Yes, sometimes  it seems like the Four Horsemen of the Apocalypse, but these things really do happen.

There are many small businesses which would suffer less from a flood than from a cyber breach;  doctors, lawyers, insurance agents, consultants, architects come to mind.

There are many small businesses which would suffer less from a hurricane than they would from the death of an owner without a succession plan, or adequate life insurance.

Spend a few hours once a year to prepare a continuity plan; surviving a disaster will be much more pleasant if you do.  Then talk to your insurance advisor so you know if you have money to help you recover.

*Travelers Insurance survey result

GBW Insurance/AssuredPartners 855-467-2877, extension 677

More on hacking into car systems

leave a comment »

We wrote about losing data through rental cars (link here for the post).  The next day, out popped the news that Fiat/Chrysler is releasing a patch to fix a vulnerability which was just exploited, experimentally, by two researchers.

The researchers took control of some systems in a Jeep, from a physical distance, while the target was moving, by hacking in.

Fiat/Chrysler points out that it has not happened in “the real world”, yet.  And Fiat/Chrysler has already created a network level fix for other vulnerabilities.

The point is not that Jeeps are more vulnerable than other brands.  It probably is not.  It is that there are perhaps 26 million cars on the road with some remote data transmission (think Internet).  All new cars in the US have some access or can be accessed.  Therefore, eventually are cars will have these benefits, and vulnerabilities.

Your personal and commercial auto insurance policies can provide physical damage coverage.  The liability coverage protecting the owner from suits for injuries to passengers looks secure so far.  But protection for the manufacturers, dealers, and service shops?  That’s where the dice are still rolling.

Stay tuned.

Link to a Property Casualty 360/Bloomberg article on the patch for Jeep systems

 

http://www.gbwinsurance.com 800-548-2329

Data Loss Through a Rental Car?

leave a comment »

Let your paranoia loose!

  1. You fly into an airport for a meeting or vacation.

  2. You rent a car.

  3. You connect a device to that rental through Bluetooth.

  4. You put your call logs and contacts in the car’s system.

  5. You return the car at the airport and fly home.

  6. You leave your info for the employees at the return site or the next person who rents the car.

Numbers 4 and 6 were probably not on your to-do list.

You can usually wipe out the data before you turn the car back in.  It’s not technically difficult but each make of car has a different process.  Take a look at your own car’s process for saving that info.  Then check rental cars when you pick them up.  Or ask a tech person from your IT provider.  Or don’t make phone calls through the car.  Or demand that the rental site show you how to wipe the memory.

As newer systems like Apple Car Play become standard in new cars, the problem should diminish.  Those systems display info but don’t store it.

Does your personal car insurance cover this? Take a look; nope.

Call us with car insurance questions.  GBW Insurance agency in New Jersey 800-548-2329.

Click here for a  longer report from Fox News  This one is from Kim Komando (Komando.com)

19% have Cyber Insurance, 50% expect more attacks

leave a comment »

Computer_Drill_10-14Most companies don’t have cyber/data breach insurance.  And most think attacks are getting worse (and they’re right).  But even large companies are 4 times more likely to use insurance to protect loss of physical assets than loss of data.

These figures come from a current Ponemon Institute study quoted by the national Professional Insurance Agents. (PIA)  There’s a link to the study at the bottom of this post.

What do we have to do to convince businesses to protect themselves?

I think, as President of the New Jersey Professional Insurance Agents in addition to GBW Insurance, that most agents are including information about Cyber issues in their talks with clients.  But the level of misinformation and ignorance at the client end is still very high.

Smaller businesses tend to assume 1) that they are not exposed, and 2) that there is adequate coverage in their basic insurance policies.  #1 is a bad joke; small businesses are great targets for hackers and even better for disgruntled employees.  And #2 is a fantasy.

I’m going to go write another letter to all our business clients…

Professional Insurance Agents (PIA) link to the study

The Ponemon Institute study has many other entertaining facts. For example, large  publicly held companies said they would have to disclose large lawsuits or large-scale damage to physical assets, but not cyber penetration.  I’d like to hear a business litigation attorney on that one.

Do You Allow Surfing At Work?

leave a comment »

SurfboardWhy would you worry about your employees surfing the Net?

Salary.com survey said that 64% of workers admitted visiting websites not related to work, every day while at work.  24% of those employees said they spent 5 or more hours a week on such websites.  (Note that Salary.com, ironically, has a section for job searches.)

Since another survey suggests that 40% of Internet use in the workplace is not business related, I’d guess that (surprise!) people are understating how much they use your computers for non-work purposes.

Let’s just skip over how much your company’s bandwidth may be used for watching porn.

In 2012 the Federal Court of Appeals for the Ninth Circuit  held that using an employer’s computer for inappropriate  purposes is not a Federal crime, though one statute called that into question.  You the owner may have to prove that your employee was harming your company before you can discipline/fire/jail him or her.  Here’s a link to a Wall Street Journal law blog.

IT service provider IT Radix recommends that you implement Internet monitoring software to go with your anti-virus, encryption, and other defenses. It’s not insulting any more than a railing on stairs is insulting.  Tell your employees what the rules are, have a written policy, and the software will remind people when they trip.

(Thanks to our client Surfernetwork for the picture of the surfboard hanging from the ceiling of their office.  Surfernetwork provides live streaming of radio stations, virtual radio station support, and streaming of corporate meetings and messages. )

Data Breach – Learn Some Lessons from the Big Companies

leave a comment »

Computer_Drill_10-14You’ve seen data breach announcements at companies like Home Depot and Target.   And Morgan Stanley announced that it fired an employee who stole account data on 350,000 clients.  From those breaches come huge cyber liability lawsuits.

All are big companies with huge market value, large customer databases, strong brand names and plenty of budget to spend on data security.

We in the smaller businesses don’t have all those resources.   But are there lessons from these breaches that can provide learning to the owner or manager of a small business?

Yes, there certainly are.

The key lesson?  In most cases, part or all of the data breach was caused by people very close to the organization:

  • Home Depot – Criminals stole a vendor’s credentials.  Then they exploited a weakness in Microsoft Windows.  Then it looks like Home Depot may not have implemented the existing patch for that weakness.  That would be vendor weakness and poor IT procedures.
  • Target – It looks a Target emplyee clicked on a link in a vendor e-mail; the vendor had been hacked, and the link let criminals in the Target system.  That would be vendor weakness and poor security procedures at the employee level.  A Federal judge is allowing a lawsuit by credit card issuers to proceed against Target.
  • Morgan Stanley – Morgan Stanley is said to have caught the employee before the majority of the information was published or sold.  They said they’ve turned the information over to law enforcement.

These company probably spend more on data security that you or we bring in with total sales. And they were still burned.

What should you learn from their examples? (Our thanks to IT Radix for much of this material.  Click here to visit their page for more info or to get their help with IT problems.)

1) People you know are the most likely cause of a breach.  A former employee, a careless employee, an employee not implementing security, a vendor opening your door to hacking.

2) Have a secure back up program in place both onsite and offsite – ensuring that at least one part of the backup program is not directly attached to your network.

3) Have a password policy in place and follow it.  It should include:

  • A password strength protocol
  • A password change policy
  • A plan to change passwords

4) Consider putting an employee monitoring program in place that will help:

  • To monitor and filter website and web traffic
  • To guard against company secrets being shared via email
  • Delete files or lock a computer if a laptop is stole

5) Whether a user is accessing company files in the office or remotely, ensure that your file access permissions are correct and that at least double security identification measures are in place.

6) Put a strong email program in place where:

  • Email is backed up
  • Email is encrypted as it goes through the Internet.

7) Ensure that anti-virus and malware protection is in place and up to date.

8) Server and computer operating systems, software, anti-virus software, firewalls, applications of all sorts should patched and updated regularly – some daily.

9) Consider putting a hardware firewall appliance in your network and if outsiders need access to some company data, place that data outside / securely apart from the internal company network.

10) Separate your secure Wi-Fi network from any that guests use to access the Internet.

11) Cover yourself with data breach insurance for your own problems, and cyber liability insurance for losing control of client information.

The smart business owner or manager may not have heard all these recommendations before, but they are becoming survival issues for any organization, regardless of its size.

While we’re happy to talk about data breach insurance issues (in NJ 800-548-2329), the first stop is a good IT organization.  Call a good provider like IT Radix (at 973-298-6908.)

Keep Intruders Out

leave a comment »

Weeds - Dandelion

From IT provider IT Radix , a parable about protecting your business from Cyber Breach.  A few simple steps to a better lawn, and a safer computer environment.

Stinkgrass, Hairy Galinsoga, Goosegrass, Bull Thistle, Prickly Lettuce, Fizzer, Zeus, Rootkit, and Sasfis.

Do these names mean anything to you?   This is a list of nine intruders! You might not know all of them, but they sure can cause trouble for you. The first five listed are all very common weeds that invade gardens and lawns in New Jersey. The last four are names of famous computer viruses. These viruses are as bad as or worse than some of these weeds. A computer virus can take over a computer network faster than kudzu growing along a southern country road in the heat of July.

What can you do to protect yourself from these garden intruders?

In New Jersey lawns and gardens, there are a number of things you can do to keep the weeds at bay without the use of strong pesticides and chemicals. Things to consider include:

Reduce open areas — Weeds are simply plants that take advantage of open areas. Crowd them out in your lawn by cutting the grass very high or in your garden by minimizing open space and adding healthy mulch or covering with sheeting fabric where necessary.

Maintain healthy soil — Fertilize, aerate, drain, till and hoe your garden soil.

Weed garden beds — No method is 100% foolproof, so there will be some weeds that pop up from time to time. Get at them quickly, and do not let them go to seed! Some people believe dousing some with vinegar does the trick. Whatever method you choose, weeding keeps intruders from spreading.

Okay, you’ve protected your garden from these intruders. Now, how can you protect yourself from those intruders that can take over your computer or network?

There are a number of things you can do to protect your computers from hackers and viruses. Just like keeping weeds out of your landscape, it is important to employ a number of these recommendations in order to heighten your chances of success and lower your risk of allowing intruders in:

Have the right hardware — A firewall is an important piece of equipment that can help block hackers from entering and using your network. It blocks communications to and from sources you do not permit.

Have the right software — Anti-virus software protects your network from viruses that can destroy your data and/or slow down or even crash your network. Anti-spyware software prevents items from being installed on your network without your knowledge or consent.

Secure your Wi-Fi network — Encrypting your Wi-Fi network is the key step—using WPA encryption at least.

Share files only as needed — File sharing software and web portals can be avenues that create risks. Be careful when sharing files and/or use sharing services like Drop Box.

Use strong passwords — Choose passwords that use a variety of characters and symbols and are difficult to guess. Longer is always better (minimum of ten characters).   Mums the word when it comes to your passwords—don’t share!

May is here; time to get out and enjoy the nice weather and keep your garden and lawn happy and healthy. You can always count on the master IT gardeners at IT Radix!

Thanks from GBW Insurance – 800-548-2329