Back to Resources

EDUCATION
Technology Risk Insights

Cyber Risks & Liability

June 2018

 

Good cyber risk management requires the planning and execution of four critical elements:

  • Prevention

  • Disclosure

  • Crisis Management

  • Insurance Coverage

1. DEVELOP STRATEGIES TO PREVENT A DATA BREACH

Your data breach prevention strategies may include encrypting all devices used by your employees, such as laptops, tablets and smartphones. Encrypting these devices will prevent unauthorized access if a device is lost or stolen. Unencrypted devices are often not covered by a cyber liability policy, so make sure you know whether you need to encrypt the devices or not.

Your strategies may also include educating employees about phishing and pharming scams. Remind them not to click on anything that looks suspicious or seems too good to be true.

Analyze your cyber risks from three different perspectives: technology, people and processes. This risk assessment will give you a clear picture of potential holes in your security. Revisit and revise your plan regularly, because new risks arise often, sometimes even daily.

2. KNOW YOUR DISCLOSURE RESPONSIBILITIES

If you experience a data breach, you may be legally required to notify certain people. If your company is publicly traded, guidelines issued by the Securities and Exchange Commission (SEC) make it clear that you must report cyber security incidents to stockholders—even when your company is only at risk of an incident.

The SEC advises timely, comprehensive and accurate disclosure about risks and events that would be important for an investor or client to know. It’s important to evaluate what information and how much detail should be released.

Notifying a broad base when it is not required could cause unnecessary concern for those who have not been affected by the breach.

Some extreme cases of a data breach may cause you to go further than just assessing and disclosing the information. You may have to destruct or alter data depending on its sensitivity.

3. YOUR CRISIS MANAGEMENT AND RESPONSE PLAN

Preparedness is key when developing your cyber risk management program. When you experience a data breach, you need to be prepared to respond quickly and appropriately. This is where your crisis management and response plan come into play.

Determine when and how the breach occurred, what information was obtained and how many individuals were affected. Then assess the risks you face because of the data breach and how you will mitigate those risks.

While managing a crisis, let your clients know what actions you are taking, but also be sure you’re not disclosing too much information. It’s a delicate balance. Focus on improving future actions—this will restore trust in your stakeholders and clients.

Your in-house lawyers, risk managers and IT department should work together to create and refine your plan. Everyone should be on board and know their responsibilities when a breach happens.

4. PROTECT YOUR DATA - AND YOUR BUSINESS

Your cyber risk management program should include cyber liability insurance coverage that fits the needs of your business.

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure.

Your cyber liability insurance policy can be tailored to fit your unique situation and can be written to include the costs of disclosure after a data breach. Contact ISU Cunnington & Associates to learn more about cyber liability insurance and how you can protect your business from a data breach.

 

 

 

Resources - Technology Risk Insights
Back to Resources

NEWSLETTER
Technology Risk Insights

Search Engine Risks

October 2015

 

Simple actions your employees take could put your company’s equipment and networks at risk of cyber crime, including cyber attack, cyber theft and other computer security incidents.

SEARCH ENGINE RISKS

It’s no secret that your technology company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber crime, including cyber attacks, cyber theft and other computer security incidents. The average cost of a single cyber attack is incalculable—cyber attacks can directly target finances and ruin a business’ reputation. Your business is at stake, and you should do everything you can to protect yourself.

THE RISKS OF WEB SEARCHES

As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.

THE WEB'S MOST DANGEROUS SERACH TERMS

Common term searches conducted online one can expose your business to the risk of cyber crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news.

It is essential to remember that the number of dangerous search terms is ever changing. Hackers want to impact the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers.

According to the DOJ, industries considered a part of critical infrastructure businesses account for a disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time:

  • Agriculture
  • Chemical and drug manufacturing
  • Computer system design
  • Finance
  • Health care
  • Internet service providers
  • Petroleum mining and manufacturing
  • Publications/broadcasting
  • Real estate
  • Telecommunications
  • Transportation and pipelines
  • Utilities

TAKE PRECAUTIONS TO PROTECT YOUR BUSINESS

There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by doing the following:

  • Enact a stricter internet use policy
  • Put more strict website blockers or filters in place
  • Educate employees about the hazards that risky search engine exploration can present

Some of these solutions may cost you in the short run, but lowering your risk will ultimately save your company in potential identity fraud, monetary cyber theft or informational cyber theft in the future.