Equifax. Target. Yahoo. Home Depot. It seems we can’t go more than a few days without news of a major data breach. Those are the ones you hear about, but hackers are targeting small and medium business as well. Here are some things to think about before you decide to go without cyber coverage.
What are you responsible for?
What kind of data do you keep? Financial, personal identification and medical records are held to a higher standard, but even if you just keep names and addresses or process credit cards for payment, you may have some exposure.
Where is your data stored? If it’s on site, is it adequately protected? If it’s off site, do you even know whether it’s protected or not? Many vendors that host business data and perform security services have some fine print in their service agreements disclaiming liability; just because you’re not doing it yourself, doesn’t mean you’re not going to be responsible if something goes wrong.
Is your data encrypted?
Especially during transport, and even “at rest” where it’s practical to do so, personal and business data needs to be encrypted. If you don’t know how to implement it, many cyber insurance carriers have resources and help lines to get you started.
Do you keep everything up to date?
Many major breaches occur where there’s a known vulnerability in a piece of software, and a patch is available to fix the problem, but the patch hasn’t been installed. This applies not just to your PCs and server software, but to phones and tablets and other things you might not think of as “computers.” As we continue to add more internet-enabled devices to our homes and businesses, this may include things like security cameras, Voice-over-IP phones, printers, game systems and more.
Do you train your employees?
Most data breaches start with “social engineering,” where unsuspecting employees are convinced to click on something in an email, or give their password over the phone, or otherwise grant access to someone who shouldn’t have it. Training your staff to be aware of these “phishing” attempts and look for the signs is a critical to-do item.
In a future article we’ll talk about available coverage, and how one cyber liability policy differs from another.