As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Benefits of Cyber Liability Insurance
- Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
- Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
- Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
- Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact Scurich Insurance today.
Cyber security threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cyber security resolutions to help protect themselves from costly breaches.
The following are resolutions your company can implement to ensure you don’t become the victim of a cyber crime:
- Provide security training—Employees are your first line of defense when it comes to cyber threats. Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond. Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. Your employees should also know your cyber security policies and know how to report suspicious activity.
- Install strong anti-virus software and keep it updated—Outside of training your employees on the dangers of poor cyber security practices, strong anti-virus software is one of the best ways to protect your data. Organizations should conduct thorough research to choose software that’s best for their needs. Once installed, anti-virus programs should be kept up to date.
- Instill safe web browsing practices—Deceptive and malicious websites can easily infect your network, often leading to more serious cyber attacks. To protect your organization, employees should be trained on proper web usage and instructed to only interact with secured websites. For further protection, companies should consider blocking known threats and potentially malicious webpages outright.
- Create strong password policies—Ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords. Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in their password.
- Use multi-factor authentication—While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, multi-factor authentication is key. Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (e.g., a phone number, unique security code) when attempting to access corporate applications, networks and servers.
- Get vulnerability assessments—The best way to evaluate your company’s data exposures is through a vulnerability assessment. Using a system of simulated attacks and stress tests, vulnerability assessments can help you uncover entry points into your system. Following these tests, security experts compile their findings and provide recommendations for improving network and data safety.
- Patch systems regularly and keep them updated—A common way cyber criminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
- Back up your data—In the event that your system is compromised, it’s important to keep backup files. Failing to do so can result in the loss of critical business or proprietary data.
- Understand phishing threats and how to respond—In broad terms, phishing is a method cyber criminals use to gather personal information. In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information. Phishing is becoming more sophisticated by the day, and it’s more important than ever to understand the different types of attacks, how to identify them and preventive measures you can implement to keep your organization safe. As such, it’s critical to train employees on common phishing scams and other cyber security concerns. Provide real-world examples during training to help them better understand what to look for.
- Create an incident response plan—Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack. That’s where cyber incident response plans can help. While cyber security programs help secure an organization’s digital assets, cyber incident response plans provide clear steps for companies to follow when a cyber event occurs. Response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damages.
Because identity theft and data breaches are becoming an ever-growing problem, it’s important to not only have a different password for each account, but to make those passwords easy to remember and hard to guess. The following are tips you can use to make your password harder to crack:
- Change your passwords every 90 days. This might seem like a hassle at first, but hackers have a better chance at cracking your passwords if they never change. It’s also a good idea to avoid reusing passwords.
- Make your passwords at least eight characters long. Generally, the longer a password is, the harder it is to guess.
- Don’t use the same password for each account. Hackers target lower security websites and then test cracked passwords on higher security sites. Make sure each account has a different password.
- Include uppercase letters and special characters in your password. Special characters include symbols like “#,” “*,” “+” and “>.” These symbols can make your password more complex and harder to guess.
- Avoid using the names of spouses, kids or pets in your password. All it takes for a hacker to crack passwords that include these things is a little research on social media sites like Facebook and Twitter.
Public Wi-Fi allows your team to stay connected on the go. You have to be careful, though, because public Wi-Fi is notoriously unsecure. Cybercriminals could also log into the free network you use and access data on your devices, such as your login information or confidential client files. Exercise caution and stay safe in several ways as you use your laptop, tablet or smartphone on public Wi-Fi networks.
Verify the Network Name
Before logging in, research the network. Only log into Wi-Fi that originates from a legitimate source as you avoid a man-in-the-middle attack. For example, cybercriminals may name their network “Free Wi-Fi” or mimic the establishment’s name as a way to attract users. Ask the barista, librarian or other staff member to verify the name of their public Wi-Fi network before you log in.
Turn off File Sharing
Your team relies on file sharing, but this feature is lucrative for cybercriminals, too. That’s why you want to turn off file sharing when you use public Wi-Fi. This step protects your files and data you don’t want criminals to access.
Use a VPN
A virtual private network (VPN) encrypts data as it travels between your device and the server. Research free and paid VPN options, then add one to your devices for protection when you need it on the go.
Check for HTTPS
If you see a lock symbol and HTTPS in front of the website address in the status bar, you’re browsing a secure site. You can also use an HTTPS extension for extra protection.
Enable Two-Factor Authentication
With two-factor authentication, you add an extra layer of protection to your online browsing. Even if cybercriminals gain access to your password, they probably cannot get into your account since they need to enter a unique authentication code also.
Browser and software patches can improve security. Make it a habit to install these patches when you’re connected to a trusted network. Never update software when you’re connected to public Wi-Fi.
Forget the Network
After your public Wi-Fi session ends, log off all the websites you were signed into and tell your device to forget the network. This step prevents cybercriminals from connecting to your device automatically the next time you’re in the network area.
Limit your Activity
It’s tempting to think that cybercrime couldn’t happen to you or that you can afford to be careless because you have cybercrime and business liability insurance. However, always use caution. Save sensitive or confidential work for when you’re on a trusted network.
Your company may utilize public Wi-Fi often to stay connected and get work done. Encourage your employees to use caution and follow these steps as they stay safe.
On Sept. 28, 2018, Facebook announced that nearly 50 million user accounts were compromised in a data breach. The breach, which can be traced back to July 2017, is one of the largest in the company’s 14-year history.
While investigations are ongoing, the company said hackers exploited a software vulnerability in Facebook’s "View As" feature to steal access tokens and gain control of user accounts. Access tokens are effectively digital keys to specific accounts, and stealing them allows attackers to view private posts or compose status updates without the knowledge of the affected user.
In addition, the attack allowed the hackers to see anything that users can see on their own profile, including the names and birth dates of friends and family members. Such information could be used in future phishing attacks.
In response to the attack, Facebook reset 90 million logins automatically, fixed the software vulnerability and informed law enforcement officials. While the company says that users do not need to change their passwords, individuals experiencing login issues should navigate to Facebook’s Help Center.
As a safety precaution, users are encouraged to log in and out of all of their accounts on every device. Users can see all of the devices they’re currently signed into here.
To learn more about the breach, read Facebook’s official blog post.
If you’ve ever shopped around for insurance, you’ve likely been asked if you want to bundle your policies—in other words, combine your home or renters, auto and life insurance policies with the same carrier. Although you have the option to shop around individually for each policy, it almost always makes sense to have the same carrier cover as many of your policies as possible.
Benefits of Bundling
- The discount—Most policyholders bundle their policies because of the promise of a discount. The amount varies by provider but can generally range between 5-25 percent.
- The option of a single deductible—With bundled policies, your deductible may be cheaper in the event of a claim that affects multiple policies. For example, if your home and auto policies are with two separate carriers, and a hailstorm damages your home and your car, you’re responsible for paying both your home and auto deductibles before receiving payment. But if you bundle your policies, your provider may offer you the option to pay only the higher of the two deductibles.
- Less chance of being dropped—If you’ve made claims or gotten tickets, having your policies bundled with one provider can decrease the chance of them dropping you.
When it Doesn’t Pay to Bundle
It isn’t always better to bundle your policies with one insurance carrier. Here’s when it may be better to split them up:
- If you have tickets or past claims that make your auto insurance expensive—In this case, it may be cheaper overall to buy each policy from separate providers.
- When premiums increase—Bundling discourages people from price shopping, which makes it easier for providers to increase their rates. Most assume that you won’t go through the effort of shopping around when your policies renew.
- If policies aren’t technically bundled—Some carriers may insure you with an affiliated company. Although you may get a discount with that company, you’ll lose the convenience of paying your premium with one familiar provider.
A Few Tips to Consider
Although discounts are the main reason people bundle their insurance policies, never assume that bundling is the cheapest option. Your needs and circumstances will dictate whether you should combine your policies with one carrier. Consider the following tips:
- Shop for new coverage when your policies renew, and ask for the price of the individual premiums as well as the price of the bundled premium so you can decide whether it is worth it. Just make sure you compare the same coverage when shopping for quotes from each carrier.
- Ask if the provider uses a third-party insurance company. Remember that you may save money but lose the convenience of dealing with one provider and a combined bill.
- Ask an independent insurance agent to get prices from multiple companies so you don’t have to do the legwork. An agent that is loyal to a particular carrier may be able to offer discounts that you can’t get alone.
With multiple factors contributing to the price of your insurance premiums, it is important to shop around in order to get the best rate for your insurance needs. Feel free to contact Scurich Insurance to determine if bundling is right for you and help you take advantage of all available discounts.