Posts

Cyber Insurance vs. Breach Response: Why Not Both?

/in

Cyber AttackIf you’re debating between cyber insurance and breach response, you should consider getting both to be fully protected. For example, cyber liability insurance covers monetary losses as well as legal protection in the event of a breach. A data breach response plan, on the other hand, will provide you with immediate resources to combat the cyber attack and protect your financial interests.

There is a large discussion, and no small amount of pressure, for businesses to obtain cyber insurance policies.  Articles appear in a range business and technology publications, from the Memphis Business Journal to the Wall Street Journal, and from Inc. Magazine  to Forbes. But getting the right cyber insurance policy is not easy, and can be costly. And while cyber insurance helps cover damages, many policies do not provide immediate assistance with managing your response to an attack or data breach.

Cyber Insurance

For SMBs, three key cyber insurance considerations are the barriers to entry, coverage exclusions, and coverage delays.

  • Barriers to Entry
    • Most cyber insurance policies go through underwriting to determine coverage limits and premiums. This means the insurer will want to review and audit your security related policies, procedures, and technologies. Insurance carriers may also demand that you invest in new or additional measures in order to qualify for a policy or to ensure the premiums will be affordable.  For many small and midsize businesses (SMBs), this process requires specialized skills, time, and money. Many SMBs will need to spend over $5,000, with some spending up to $20,000, in order to pass the underwriting process.
  • Coverage Exclusions
    • Cyber insurance claims are routinely reduced or declined due to non-compliance with policy requirements.  Even after the underwriting process, most cyber insurance policies include dozens of security requirements that must be in place and properly maintained.  Any gap or misstep can be costly.
  • Coverage Delays
    • If your business is the victim of a cyber attack, your response has legal requirements and requires specific technical expertise. Claims processing can delay your ability to secure the resources you need for hours or days.

Clearly, cyber insurance one piece of the solution, along with appropriate security measures.

Breach Response

Having a Breach Response plan and resources in place will save you time and money.

In any cyber attack, start by assuming the attackers have stolen information.  If an attack can encrypt your files, it can steal under-protected files and data from your systems.  With a data breach, federal and state laws dictate a range of reporting and communication requirements that, if missed, can trigger fines and legal action. With a data breach, you need a range of expert resources and you need them quickly.

  • Legal Expertise fluent in cyber security laws and regulations helps ensure you comply with reporting and communication requirements to minimize your legal and financial exposure.
  • Forensics Expertise can identify the cause, timing, and scope of the attack and any breach, and can help validate that the issues allowing the breach have been resolved.
  • Public Relations Services will help you communicate with employees, vendors, customers, and as is often the case — the press. Providing accurate and appropriate information can protect your business relationships and your public reputation.
  • Contact Center Services provide a place for customers, vendors, and associates to call for timely and accurate information.  You are further protecting your business relationships and reputation.
  • Credit Monitoring for individuals whose personal or business information may have been compromised can reduce litigation risk and may be required by law.

Final Thoughts on Cyber Insurance vs. Breach Response

While cyber insurance policies generally cover these services, most do so as part of the claims approval process. As such, you may be out of pocket for thousands of dollars and fighting for reimbursement once your claim is processed.

By subscribing to a Breach Response service, the resources and expertise you need are available instantly,  7×24, without any additional cost over the monthly or annual fee.  These services often include basic cyber insurance policies that do not require any underwriting.  For many SMBs, the annual cost of this type of Breach Response service, with basic cyber insurance coverage, is significantly less than the cost of the underwriting process for a traditional cyber insurance policy.  Additionally, you can use this policy for coverage until they completing a policy with underwriting, or to cover initial loss coverage under a higher deductible (lower premium) traditional cyber insurance policy.

For more information about Breach Response Services and affordable Cyber Insurance, please contact us for a no obligation Cloud Advisor call.

 

3 More Reasons You Are an Easy Cybercrime Target

/in ,

Cyber AttackLast week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.

If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…

SMB data is increasingly networked

  • All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
  • Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
  • Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.

SMBs are using consumer products for business data

  • Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
  • Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.

SMBs are often lax when it comes to security

  • Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
  • Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
  • Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
  • Educate your staff on security risks and behaviors.

 

Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.

Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.

 

 

 

3 Reasons You Are an Easy Cybercrime Target

/in ,

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. You might believe that hackers won’t bother targeting your business due to its small size. However, it is crucial to recognize that cybercrime aimed at smaller companies is undeniably escalating, and you could be the next cybercrime target if you do not take the necessary precautions.

According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

So, why exactly are cybercriminals interested in your business, and more importantly, what actions can you take to combat this threat?

Why Small Businesses are Prone to Cybercrime

It’s essential for you to acknowledge the following three reasons why you may be seen as an easy target for cybercrime and take proactive and defensive measures to protect your business.

1. SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier cybercrime target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

2. SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming, above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

3. SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

15 Actions You can take to Improve Your Cybersecurity

  1. Implement a robust cybersecurity strategy tailored to your business needs, including firewalls, intrusion detection systems, and antivirus software.
  2. Regularly update and patch all software and operating systems to protect against known vulnerabilities.
  3. Conduct regular security audits and risk assessments to identify and address potential weaknesses in your systems.
  4. Train your employees on cybersecurity best practices, such as recognizing phishing attempts, creating strong passwords, and handling sensitive data securely.
  5. Implement strict access controls and user privileges to limit unauthorized access to sensitive information.
  6. Encrypt sensitive data both in transit and at rest to protect it from interception or theft.
  7. Backup your data regularly and store backups in separate, secure locations to ensure data recovery in case of a breach or system failure.
  8. Develop and enforce a strong password policy, including the use of complex passwords and regular password changes.
  9. Enable multi-factor authentication (MFA) for all user accounts to add an extra layer of security.
  10. Monitor your network and systems for any unusual or suspicious activity using intrusion detection and prevention systems.
  11. Stay informed about the latest cybersecurity threats and trends through industry publications, forums, and reputable security organizations.
  12. Establish an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident, including notification procedures and communication channels.
  13. Regularly educate your employees on emerging threats and provide ongoing training to ensure their knowledge remains up to date.
  14. Limit the use of personal devices for work-related activities and enforce strong security measures for those devices that are permitted.
  15. Partner with reputable cybersecurity vendors or consultants to get expert advice and assistance in securing your systems.

By implementing these actions and cybersecurity best practices, you can significantly reduce the risk of cybersecurity breaches and protect your business from potential threats. Remember, cybersecurity is an ongoing effort that requires continuous vigilance and adaptation to evolving threats.

It’s always a good time to perform a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.

Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.