In recent times, cyber security has been moving to the forefront of people’s minds, largely due to some high profile attacks. The key to helping combat the risks all companies face is knowing what these risks are. To help companies survive following such an attack, particularly small to medium sized businesses, it is crucial there is adequate insurance cover in place.
Cyber-crime in itself can cover many forms, some designed to just cause disruption to your operations, or others designed to obtain sensitive information, either about your business or its clients. Phishing emails, SQL injection, key-loggers, ransomware, malware, and spyware are all forms of cyber-attacks to watch out for. Unfortunately, anti-virus software, a firewall and a spam filter are no longer enough to keep your system safe.
How secure is your computer equipment and other electronic devices? For example, what if you left your laptop on the train? Does your business use flash drives? How secure are they? Smart phones nowadays are also capable of storing a lot of sensitive information.
Even waste paper could contain sensitive information which could lead to a cyber-attack on your business, or cause a data leak with serious consequences for your business. Many of these risks can be mitigated using encryption programs and a paper shredder to dispose of clients’ data.
Your employees could also cause a risk to your cyber security, either intentionally or, accidentally, for example by visiting unsafe websites, not ‘locking’ their PCs when away from their desks, emailing data to the wrong person, with criminals infiltrating your organisation with the sole purpose of assisting in, or instigating, a cyber-attack. Using due diligence when hiring new staff, and continuous training on cyber security can close almost all of the security issues here.
Further to this, there have even been reports of criminal organisations targeting a firm’s employees and using varying tactics to get employees to provide information, such as intimidation or bribery.
Now, what about your suppliers, and other third party companies you use to assist you in running your business? Outside services you use may have access to sensitive data your firm holds, whether it’s a cleaning firm, IT, HR/payroll, accountancy, or even suppliers of stationery/promotional gifts. You must ensure you do your due diligence with each firm you use, to ensure they take cyber (and data) safety as importantly as you do.
It may seem like no-one can be trusted, but through the use of safeguards and contingencies you can help minimise the risk to your firm and clients. The following points cover some effective ways to protect your company.
Appoint someone within your firm to take charge of IT security. This isn’t a job which can be scheduled for as threats evolve daily (reported figures from 2014 state that anywhere between 230,000 and 800,000 new threats were created EACH DAY), so someone at your firm should be focussed on ensuring your firm stays secure and safe.
Staff training. This should be regular and user friendly; even a training program each year may not suffice, as there is likely to be a lot of evolution with the threats in between yearly training sessions.
Limit internet access for staff. While this may be seen as a trust issue with your staff, if you can ensure they cannot go to any site with a higher risk of cyber-crime the chance of them being an unknowing participant in the event is greatly reduced. Additionally, staff who are due to leave the business pose a much higher risk, so it would be worth reducing their access further, or removing it altogether.
Ensure all devices your firm use, whether desktop PCs, laptops, tablets, mobile phones etc., are encrypted, so if they’re lost or stolen, the data is still secure.
Become as paperless as possible, as electronic equipment can be encrypted. However, it is worth investing in a good quality paper shredder, or (depending on the size of your business), hire a reputable firm to dispose of the paper you do need to use.
Above all, do not get complacent. An ‘It’ll never happen to me/us’ attitude increases the chance of it being you! Vigilance is key to combatting the risks posed.
Now, in terms of insuring against these risks, below are some examples of the potential costs involved, if your firm is successfully targeted by cyber-criminals:
- Call Handling – £7-£25 an hour
- Notification – £3 per letter
- Credit and Fraud monitoring – £8 – £75 per person
- Legal costs – £300 – £600 per hour
- Crisis Management – £150 per hour or legal rate
- Forensics – £250 – £600 per hour
- Identity Theft Resolution – £400 per case
With the above figures, it’s easy to see how many small- to medium-sized businesses don’t survive following such an attack, and that’s before we look at the loss of reputation damaging potential future business.
When searching for a policy to cover you against the risks, it’s important to decide on the cover you need for the business. Is your business predominantly computer-based, how mobile are your data storage devices, how much will an attack cost your business, and how long can you afford to not be able to do business following an attack?
It is worth looking at policies that cover more than simply paying out £X amount following a data breach or cyber-attack, and include tools to help keep your knowledge and systems up to date, legal and PR advice, computer forensics, and help with ransom attacks (where a hacker gains access, encrypts your files and demands money to decrypt your information).
Through our partner, Hiscox, Independent Insurance Services is able to offer one of the most comprehensive packages available, with help 24/7. They offer forensic & legal support, help with communications, credit monitoring to affected customers, and call centre support following a breach, and ongoing support to ensure the risks of recurrence are minimised.
In addition, their policy provides protection for:
- Breach Costs
- Crisis Containment
- Cyber Business Interruption
- Cyber Extortion
- Hacker Damage
- Privacy Protection
- Multimedia Liability
Click here for more information, or call us today on 01303 22 11 88.