Protecting Information from Cyber Threats

November 15, 2016 | smeditor

The most recent issue of Business Insurance published an article on Cyber Liability.  The publication summarized the threats, losses and prevention strategies to navigate the current landscape of today’s virtual world.

Direct from Business Insurance is a summary of What’s Really At Risk:

Failure to protect private information from cyber threats can result in losses to:

  1. Company Reputation
  2. Financial Results
  3. Customer Satisfaction
  4. Business Opportunities
  5. Intellectual Property

***Private Information – any information that can be used to identify an individual, including; credit card numbers, social security numbers, patient health information, date of birth information, customer user names and passwords, financial records and biometric information.

A Strategic Approach to Loss Prevention – taking proactive steps to address vulnerabilities arising from:

  1. PEOPLE
  2. PROCEDURES
  3. TECHNOLOGY

PEOPLE
Risks Include:

  • Hackers targeting company
  • Rogue administrator hired without background check
  • Company laptop stolen or lost by traveling employee
  • Employee mistakenly posts sensitive information online
  • Untrained employee victim of phishing, malicious code attack
  • Employee unaware of ban on storing info on cloud servers
  • IT personnel not trained to respond to security breach
  • Lack of support by organization leadership
  • Risk manager excluded from cyber security effort

Preventative Measures and Response Strategies:

  • Establish cross-disciplinary team to set cyber policies
  • Designate a chief privacy officer
  • Provide companywide education on cyber-related threats
  • Communicate security policies and enforce them
  • Segregate and restrict access to sensitive data
  • Conduct background checks on staff with access to data
  • Establish user control, password protection procedures

PROCEDURES
Risks Include:

  • Security procedures are not widely known or communicated
  • Ignorance of where sensitive information is collected and stored
  • Customer data unavailable when cloud-based server is attacked
  • Vendor inadvertently given access to customer data
  • Terminated employee retains access to system
  • Employee picks up malware downloading a free game on company PC
  • No budget for consistent, effective cyber security procedures

Preventative Measures and Response Strategies:

  • Classify data according to privacy and security needs
  • Know where data is stored
  • Set a clear policy about storing data on the cloud
  • Review security/access to network and servers
  • Monitor vendors who may have access
  • Assess need for insurance to cover the risks

TECHNOLOGY
Risks Include:

  • Failure to detect data breach
  • Anti-virus software outdated
  • Firewall not managed and monitored
  • Sensitive information not encrypted
  • No limits on electronic transmission of confidential information
  • Critical information is corrupted or lost without backup
  • Private information is not encrypted on laptops
  • Social media allows information to be spread outside company control

Preventative Measures and Response Strategies:

  • Apply intrusion detection software and systems
  • Maintain active anti-virus patch management
  • Review infrastructure, hardware and software
  • Encryption of private data on mobile devices
  • Upgrade access control with authentication requirements
  • Implement and maintain internet firewall
  • Introduce social media guidelines for employees
  • Test website and e-commerce for vulnerabilities
  • Establish backup and recovery procedures for mission critical data

Business Insurance is published monthly and can be viewed at www.businessinsurance.com.

About the Author