Now that many small businesses have adapted to work from home or remote work situations, the cyber liability conversation must be revisited. Many business owners have a cyber liability component of their information security risk management plan. While companies that issue company computers and laptops probably have internal defense, those computers must stay updated. If companies are allowing personal computers, printers, and other devices, they need to understand that there is a threat there. It is important to talk to your insurance agent now, to make sure that your business is covered for such things as data breach.
Privacy and Cyber Security
With the enormous amount of sensitive information stored digitally, companies need to take the proper measures to ensure this data is never compromised. Ultimately, it is the responsibility of business owners to protect their clients’ data. Failing to do so can result in a data breach, which costs companies billions of dollars every year. Understanding the risks involved with data security can help you prevent a privacy breach.
Know the Risks
The first step in protecting your business is to recognize basic types of risk:
Hackers, attackers and intruders. These terms are applied to people who seek to exploit weaknesses in software and computer systems for their personal gain. Although their intentions are sometimes benign, their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to malicious activity (stealing or altering a client’s information).
Malicious code. This is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.
Viruses: This type of code requires that you actually do something before it infects your system, such as open an email attachment or go to a particular Web page.
Worms: This code propagates systems without user interventions. They typically start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers.
Trojan horses: Trojans hide in otherwise harmless programs on a computer, and much like the Greek story, release themselves when you’re not expecting it and cause a lot of damage. For example, a program that claims to speed up your computer system but actually sends confidential information to a remote intruder is a popular type of Trojan.
IT Risk Management Practices
To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions utilize industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:
Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, the data stored and processed and importance to the organization.
Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems, the facilities where systems are stored or other conditions that may affect the impact of risk to the organization.
Due Diligence When Selecting an ISP
In addition, your organization should take precautionary measures when selecting an internet service provider (ISP) for use for company business. An ISP provides its customers with Internet access and other Web services. In addition, the company usually maintains Web servers, and most ISPs offer Web hosting capabilities. With this luxury, many companies perform backups of emails and files, and may implement firewalls to block some incoming traffic.
To select an ISP that can reduce your cyber risks, consider the following:
Security – Is the ISP concerned with security? Does it use encryption and SSL to protect any information that you submit?
Privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information, and how it is handled and used?
Services – Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that their services will be unavailable, does it adequately communicate that information to its customers?
User supports – Are there any published methods for contacting customer service, and do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?
Government Regulation
There aren’t many federal regulations regarding cyber security, but the few that exist cover specific industries. The 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley (GLB) Act and the 2002 Homeland Security Act, which includes the Federal Information Security Management Act (FISMA) mandate that health care organizations, financial institutions and federal agencies, respectively, protect their computer systems and information. Language is often vague in these laws, which is why individual states have attempted to create more specific laws on cyber security.
California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach. As of April 2018, all 50 states and the District of Columbia have data breach notification laws in place.
Protection is our Business
Your clients expect you to take proper care of their sensitive information. You can never see a data breach coming, but you can always plan for a potential breach. Contact Chalmers Insurance Group today—we have the tools necessary to ensure you have the proper coverage to protect your company against a data breach. Call 800-360-3000 to review your cyber liability coverage.
"Chalmers Insurance is staffed with local people. These are people I see at the grocery store and know by name. I place complete trust in these neighbors to look out for my best interests with Chalmers insurance products or services."
- Tim P.
"The customer service Chalmers provides is outstanding. Imagine calling an insurance agency and feeling better than before you called. I'll never switch."
- Melissa E.
"Your agency takes good care of us with your dedication, love, and care."
- Customer since 2007
"Chalmers Insurance has always had our backs. They are respectful and so pleasant to work with. We are so thankful for having them in our lives!"
- Angelo C.
"Chalmers is always so helpful and always accommodates our requests with professionalism and humor! "
- Robert H.
"The Chalmers Group was super friendly, energetic and somehow made me feel happy about purchasing insurance, something I thought I would never say in my life. They were kind, honest, and more than you could wish for while shopping for something as mundane as insurance. Six out of five stars. "
- Jordan P.
"Chalmers was excellent throughout the process. They improved our coverage and ultimately reduced our premium. My agent communicated where there were differences and prepared a nice comparison of coverage. I was happy to place our coverage with Chalmers. "
- Susan A.
"Chalmers was quick to help me with a problem; my agent was knowledgeable and super supportive. I appreciate the professionalism and sense of humor. Overall, it was a wonderful experience. "
- Jan H.
"Chalmers walked me through everything in detail. They were fast to respond, friendly and knowledgeable."
- Sean G.
"My Chalmers agent was very helpful, knowledgeable, and patient with the process. To sum it up, the only thing better than my Chalmers agent would be two of her. "
- Richard S.
"Chalmers made it super simple and I had coverage before my lunch break was over. I was very satisfied. "
- Geoffrey P.
"My Chalmers agent answered all of my questions, explained insurance jargon to me, and was polite and knowledgeable. "
- Jennifer T.
"I appreciate how friendly the Chalmers Group is when I talk to them. They always have a positive attitude. "
- Amanda H.
"Always available and always kind. Chalmers works to find solutions."
- Elaine C.
"I appreciate being able to talk to an actual person who is both knowledgeable and helpful."
- Duke M.
"Helpful, knowledgeable staff that truly cares and takes the time to make a personal connection!"
- Aaron C.
"My interactions with Chalmers have always been flawless: quick, informative, highly professional. Having my home insured with Chalmers makes me feel good!"
