By Cyber Risk Solutions | July 29, 2016 at 11:05 AM EDT | No Comments
If you own a wireless keyboard, you'll want to ensure the connection is encrypted, lest the bad guys spy on every letter you type. In a study that just came out, as reported in The Atlantic, hackers can sit hundreds of feet away and steal every keystroke typed by an unsuspecting user.
Researches test eight wireless keyboards produced by major manufacturers and discovered that data was being transmitted in plain text which could easily be stolen. Using equipment bought on Amazon.com for less than $100, they were able to eavesdrop on a victim without them even realizing it.
Keyboards that connect via Bluetooth are safe and couldn't be hacked using this method, because Bluetooth encrypts the data transmission.
The experts say that if one owns one of these wireless keyboards, there's no way to encrypt the data, so it's best to just throw it out and buy a secure one.
By Cyber Risk Solutions | July 23, 2014 at 04:14 PM EDT | No Comments
As insurance professionals, “risk management” is a key phrase in our business, but for many it’s just another buzz phrase that rolls off the tongue far too often and is easy to ignore.Heck, we insurance folk get tired of hearing it too.
But while we sometimes tire of it, we also appreciate how risk management techniques can save a company from disaster or stanch the bleeding if (God forbid) catastrophe strikes.
My toughest professor in college (yet the one from whom I learned the most), Dr. Joshua Rubongoya at Roanoke College, always started a complex topic with a very simple definition of any term we were analyzing.
Dr. Rubongoya (a.k.a. "Dr. J")
Risk, as defined in Spreading the Risks: Insuring the American Experience, is “the possibility of loss—[and] is as certain as life and inevitable as taxes.”In other words, it’s the chance something bad could happen.
“Risk management” is then defined as the techniques, tools, and procedures that attempt to reduce this prospect of something bad happening.For instance, locking your car when you get out of it is a risk management technique that reduces the likelihood that your car will disappear before you return to it.
The car example is rather simple and easy, but what about the internet and confidential data?
Now that nearly every business relies on the internet and utilizes data to reach peak efficiency, risk management techniques are critical to ensuring that organization stays in business.A data breach of sensitive information can critically harm an entity’s reputation, resources, and bottom line, sometimes to the point of bankruptcy.
Data breaches aren’t going anywhere anytime soon.Let’s look at a couple statistics: 2013 has been deemed the “year of the mega breach,” with over 823million records exposed, compared to 264million records in 2012. (Stats courtesy Risk Based Security [PDF].)
With the likelihood of a loss (“risk”) increasing, how can a business reduce (“manage”) it?Here are a handful of tips that organizations of any size can implement immediately to protect themselves:
Risk: Data control.Look at the type of data your organization collects and ask yourself if it’s necessary to keep this information?Often a piece of sensitive information is needed for a single transaction, but then the company stores it indefinitely.
Management Technique: Set up a process whereby sensitive data and unnecessary records are deleted/destroyed/purged shortly after their intended purpose.
Risk: Employees.Approximately 35% of all data breaches are due to an inside actor, i.e. an employee or person with direct access, and over half of those breaches are accidental.For example, last month a college in California suffered a data breach when an employee accidentally misspelled an e-mail address and “potentially exposed student personal information for 35,212 students.”
Management Technique: Training.Accidents will happen, but training and reinforcement of proper techniques will reduce their frequency.Teach all staff members what your company’s policies are and then practice them.Include all these policies in an employee handbook, and then have every single member of the team sign a document saying they’ve read and understand it.Repeat at least once a year.
Risk: Unpreparedness.Do you have a plan in place when a check arrives in the mail?Just like you have a plan for good incidents, a having a plan in place when bad events happen is even more important because it’s easy for emotions and frustrations to rule the day.
Management Technique: Incident response plan.In a disaster, when a step-by-step plan is prepared and practiced in advance, the costs and damages from a disaster can be significantly mitigated.Like an employee handbook, analyze and revise your incident response plan at least once a year.
Risk: Massive data breach.Unfortunately, even the best data destruction policies, employee handbooks, and incident response plans can only reduce the chance that a data breach will take place.Hackers take pride in circumventing even the most advanced security systems (just ask eBay, Target, and the Nasdaq) and as aforementioned, accidental insider data breaches occur rather frequently.In our modern interconnected world, it’s not a question of if a data breach will happen, but when.
Transfer Technique: Cyber Liability Insurance.Unlike the risk management techniques above, cyber liability insurance (like all other insurances) is a “risk transfer” mechanism, whereby one party (the insured) passes on a specified risk to another party (the insurance company) in exchange for a premium.With the premium paid and a cyber liability policy in place, a company then has access to financial and expert resources that would have otherwise not been available, or could be available, although at a much higher cost.As we detail here, a cyber liability insurance policy can respond to a wide array of issues while keeping the breached company in business.
I hope the term “risk management” has become a little less cliché for you and can provide some true benefits to your business.
If you’re considering cyber liability insurance as a risk transfer tool for your organization, please glance over our Buying Process page, because we don’t believe there should be any surprises when you’re buying a product.
By Cyber Risk Solutions | April 23, 2014 at 12:22 PM EDT | No Comments
Fortunately for us and Billy Ray Cyrus, mullets have gone the way of the dodo, but the Heartbleed vulnerability is yet just another reminder of how susceptible we are to data breaches and leaked information.
We’re not an IT company, and we don’t play one on TV, so we can’t get into the technical mumbo-jumbo about what happened.(If you’d like to learn more, here are a couple technical blogs that can explain it to you: Cryptographic Engineering and existentialize.)In layman’s terms, Heartbleed is not a virus, but a mistake written into a type of code called OpenSSL, “a security standard encrypting communications between you, the user, and the servers provided by a majority of online services,” as explained by McAfee. Unfortunately, because a vast array of popular websites utilize OpenSSL, a massive number of usernames, passwords, and other sensitive information was exposed to hackers.
(Note: Most banks, financial services, and government entities have NOT been affected)
So, what does that mean to the average person or business?
First and foremost, many of the passwords on your favorite websites might be compromised.But, before you rush off to change all your passwords, make sure that the website has updated their code the fix the mistake.Using the Lastpass Heartbleed checker, you can test a website to see if you’re still at risk.
If the website is now secure, change your password ASAP!But remember, never repeat a password on different sites, because if a hacker can crack one website, the rest of your logins are vulnerable.
Watch this quick video about creating a secure, unique, and memorable password for all your accounts…
The best practice is to change your password often.Utilizing a password manager to keep track of all those passwords can be helpful. Here’s a review of some of the password managers available.
Then find out how secure your password is: The site 'How Secure Is My Password' will test your password and tell you how long it would take a hacker to crack it.
Finally, remain vigilant. Check your financial accounts, especially your checking, savings, and credit card accounts daily.
And if you run a business, government, entity, or non-profit organization, please let us know if you’d like to learn more about cyber liability insurance. Please don’t hesitate to call me directly at 410-727-2211, just ask for Nickel.
By Cyber Risk Solutions | April 08, 2014 at 04:03 PM EDT | No Comments
Now that the first full week of April has arrived, so too has the unofficial commencement of spring: The Masters golf tournament.Ninety-seven of the best players in golf will descend on Augusta, GA and drive up Magnolia Lane in hopes of dawning the coveted Green Jacket on Sunday evening.
(Side note: If you ever have an opportunity to stroll the grounds of Augusta National in person, drop whatever you’re doing and accept the invitation.It’s a slice of heaven on earth.)
So what does The Masters have to do with cyber liability, data breaches, and insurance?
Well, as any player (professional to beginner) can testify, golf can be a cruel game, filled with frustrations, stumbles, and heartbreak.Like a business, these best players in the world will, without question, face setbacks and hardship.
Presently, one of the harshest setbacks an entity can face is a data breach, where their customers’ personally identifiable information is compromised and their customers face identity theft. No one wants to be the next Target, who lost 40 million credit cards and another 70 million other records with customer information.
The bad press alone following a data breach can be enough to cripple an organization.Moreover, a breached institution is statutorily required to notify their customers that their information was compromised.That notification and the subsequent offering of credit monitoring services can be a huge burden on a company’s bottom line.Not to mention the impending lawsuit(s) from customers with an ax to grind now that their identities were stolen.
A standalone cyber liability insurance policy is a recommended risk management tool to insulate an organization from the devastating financial effects following a data breach.Don’t become like one of the numerous businesses that had to file bankruptcy following a data breach.
To circle back to our Masters theme, just as there isn’t one type of golf swing, there isn’t one solution to address data breaches.There are as many versions of the golf swing as there are businesses and organizations out there.And every single organization that has employees or customers is susceptible to a breach of information.
A cyber liability insurance policy offers peace of mind when a data breach does affect your company, giving you the experts to call at a moment’s notice as well as the financial resources to save your bottom line.
If you would like to learn more about cyber liability insurance, please give me a call at 410-727-2211 x606.Just ask for “Nickel.”
By Cyber Risk Solutions | December 20, 2013 at 10:01 AM EST | No Comments
Hackers stole about 40 million credit and debit card records from Target. Read the official release from Target. During this busy holiday season, thinking about hackers and identity theft is probably the last thing on your mind, but a few steps now could safeguard your identity and finances in the future.
Here are six things you need to know if you or a friend might be affected by a data breach, at Target or anywhere else:
1) If you used a debit card at Target, change your PIN immediately. Also change the PIN of any other accounts using that same code. Learn how to create a safe and secure PIN by clicking here.
2) Check your credit/debit card accounts daily, looking for any unusual, suspicious activity. Don't wait for the paper statement to come in the mail; check your account online every day. Report any fraudulent charges immediately.
3) In the next couple months, request a copy of your credit report from all three credit reporting agencies. Everyone is entitled to request a free copy of their credit report once a year at http://www.annualcreditreport.com
4) Be wary of anyone calling you saying they represent Target, your bank, or other financial institution. Never give out any personal information to a solicitor. You can always politely hang up with them, and call the institution directly to verify their inquiry.
5) An increase in spam and phishing e-mails are likely, posing as Target or your bank. Never reply to an e-mail and supply any of your personal information. Before clicking on a link, hover your mouse over the link to see the full URL. If it looks unusual or suspicious, do not click on it. Drop the e-mail in your Spam folder and delete it.
6) When shopping at a retailer, always say "Credit" when paying with plastic, even if it's a debit card, because there are more legal protections for you the consumer charging it as credit.
We hope you have a very safe and secure holiday season. If you have any questions regarding cyber liability insurance, please contact our specialists by calling 1-800-406-0042.
By Cyber Risk Solutions | October 02, 2013 at 12:52 PM EDT | No Comments
Last Friday, California’s governor signed into law Senate Bill 46 (PDF), a major expansion of their current data breach notification legislation.The highlight of the bill makes any known intrusion or breach into a security system grounds for notification, whereas the previous version of the law only required notification if there was a confirmed loss of personally identifiable information (PII).
The law goes into effect on January 1, 2014, and applies to all governmental agencies, persons, or businesses that conduct business in California.That’s an important distinction for businesses in the other forty-nine states (and abroad), because they are now required to follow not only their domestic state laws but California’s as well.
For consumers and individuals, this expanded law should be welcomed.When one provides a business with confidential information, it’s expected that that information will remain in the hands of the trusted source.In today’s world of hackers and identity thieves, no entity is immune from the threat of a data breach.(Just ask Amazon.com, the Pentagon, or the NASDAQ. If they were all breached, do you believe your company is immune?)So when PII is lost, California’s consumers can at least find comfort in the fact that the breached organization is mandated by law to notify them of the loss of information.
Enter the world of cyber liability insurance.Businesses worried about a future data breach and loss of confidential information (of their customers and employees) can use a cyber liability insurance policy as a proven risk transfer tool.An effective cyber policy pays for the notification costs (like those required by California) as well as expenses for legal defense, computer forensics, public relations, business interruption, cyber extortion, and more.
And believe you me: A cyber liability insurance policy is a heck of a lot cheaper than having to pay all those costs out of your bottom line.
On an individual basis, some homeowners’ insurance policies offer endorsements or riders that will help and financial resources to a person recover their stolen identity.
Of the 46 states that have notification laws on the books, California’s newly expanded legislation places a large onus on businesses to protect any and all information in their possession, and also notify their customers if, and when, a data breach occurs.
Stay safe, Nickel
Don’t hesitate to call me directly if you have any questions or worries about cyber liability coverage—410-727-2211 x606.
By Cyber Risk Solutions | May 23, 2012 at 01:50 PM EDT | No Comments
We are tethered to our smartphones all day, everyday. It's our alarm clock, newspaper, To-Do list, and...dare we say...phone. The myriad functions our smartphones provide give us nearly omniscient power. Not bad for the 21st Century.
Until...
You lose it.
As a buddy of mine learned at Preakness this past weekend, your phone can be misplaced, lost, stolen, or just plain disappear. Panic mode undoubtedly ensues as we retrace our steps in hopes of finding it, but your phone is gone. You feel naked. (Wait, people survived thousands of years without a mobile phone?! How was that even possible???)
And, as this Today Show piece illustrates, people won't return it to you; they'll even snoop around all your apps, docs, contacts, etc.
It gets worse.
Do you know what kinds of private information your phone contained? What if you phone had e-mails, Word documents, Google calendars, etc. that contained sensitive confidential information--i.e. your customers' social security numbers, credit card numbers, or medical information?
Your lost phone just turned into a data breach.
Lost and stolen mobile devices account for a great deal of all known data breaches.
So how do you protect your phone, your office, and your organization?
First and foremost, put a password or key-lock on your phone. This step is the first line of defense, and one that must not be overlooked. (Even the FBI can't crack the Android pattern lock.) Secondly, some apps give you the ability to remotely lock down and even erase all the data on your phone, preventing prying eyes from compromising that data. Lastly, data breach insurance (cyber liability insurance), provides your organization with the necessary funds and experts to deal with a data breach.
When its in your hand, your smartphone is an invaluable tool. When it's in the hands of anyone else, you and your business are responsible and liable for the breach in privacy of all information stored on your phone.
For a free cyber liability insurance analysis for your business, please call me directly--410-727-2211 x606.
By Cyber Risk Solutions | May 11, 2012 at 02:05 PM EDT | No Comments
I'm on the driving range, warming up for a quick 9 holes after work. I'm feeling good, relaxed, swinging smoothly. The ball is flying straight and true. Can't wait to get on the 1st tee.
Par (good). Bogey (not so good). Double bogey (Uh-oh. Houston we have a problem.)
Somewhere in the first three holes my swing went from slow and smooth, to a forced motion. As anyone who's played the game of golf can testify, it's a feeling of frustration and anger like no other. Seemingly nothing changed from the driving range to the 3rd green, so why can't the ball do as it's told? (And there is certainly a great deal of vocabulary hurled at the ball in these circumstances.)
At this point in time, standing on the 4th tee, after slicing another drive into the bunker (on a parallel hole), all I want is for our golf pro to show up and tell me what I'm doing wrong. With just a few magical words of coaching and instruction, I know I could salvage my round.
Alas, in golf the pro is ne'er be found. As you walk up to every shot, it's still just you and the ball, and no one but you can make that swing.
In the world of data breaches, CEOs, CFOs, CIOs, and other C-level execs must feel like a golfer who doesn't know how fix his swing. Alone and helpless on an 18-hole island.
A cyber liability insurance policy are those magical words of comfort and instruction for a company that's suffered (or could suffer) a data breach. At the moment a data breach is suspected, a policyholder can contact a data breach quarterback (sorry for mixing sports metaphors), who will guide the company through the myriad steps required and proper to mitigate the damage.
Rather than being alone in the world after a data breach, companies have a choice to protect themselves and feel peace of mind.
If a cyber liability insurance policy makes sense for your company, our cyber liability experts can guide you through the simple and easy process of protecting your organization.
Give us a call today before you're out there feeling angry and frustrated--410-727-2211 x606
Have a great weekend and Happy Mother's Day!
Sincerely, Nickel
P.S. Q. Why do they call it "golf?" A. Because all the other four-lettered words were taken.
By Cyber Risk Solutions | May 10, 2012 at 02:52 PM EDT | No Comments
Not to start our very first post with such a heavy question, but it's one that each and every company, organization, entity, municipality, etc. must consider.
In a world of hackers, spammers, phishers, and human error, absolutely no one is immune to the liabilities that result from living in an interconnected world of technology. As we utilize technology more and more, the ability to acquire and access information grows. Of great concern is sensitive Personally Identifiable Information (PII), which includes names & addresses, Social Security Numbers, credit card numbers, etc.
When an organization who has PII suffers a data breach, they are liable in myriad forms and legally obligated to notify all affected persons their identities may be compromised.
Are there enough data breaches that we should be concerned?
Yes.
The Open Source Foundation has compiled a website to track all known data breaches. Visit their DataBreach Database website.
Last year alone, they recorded 1,029 various data breaches! (And those are just the ones we know about.)
If we suffered a data breach, would it be expensive?
Again, yes.
The statistics vary, but all conclude that is is not cheap to suffer a data breach. The most widely cited statistic is the Ponemon Institute's study on data breach costs, which states it will cost a company a little over $200 per breached record! Certainly not chump change.
Another handy tool is this Data Breach Calculator which lets organizations input the number of records they have on file and it computes a total cost for a data breach. (Note: this calculator relies on data which is a few years old, so one should add at least 10% to the amounts given.)
So, are you ready--logistically and financially-- to respond to a massive data breach?
No?
There is good news and a light at the end of the tunnel. Cyber liability insurance is specifically designed to help an organization respond to a breach of sensitive PII. Once a cyber liability policy is in force, the insured has immediate access to data breach experts, specialized privacy attorneys, and pools of money to pay for the huge costs you will face. (See our Claims Scenario page.)
The insurance coverages a cyber liability policy provides are typically and specifically excluded in commercial General Liability, so without this unique coverage, an organization faces a dangerous coverage gap.
We're cyber liability insurance experts, specializing in finding top-notch coverage for any organization. If you have any questions, thoughts or concerns, please give us a ring. Call me, Nickel Lietzau, directly at 410-727-2211 x606.