1-888-643-2217 Email ABEX
Keeping you updated

Monthly Archives: January 2015

Are Media Reports of Small Business Cyber Attacks Just the Tip of the Iceberg?

Tip of Iceberg

Source: www.watsec.com

Business Problem

According to PwC’s annual report The Global State of Information Security Survey 2015, there was an increase in security incidents of 48% over 2013.1The report concludes:

“…many organizations are unaware of attacks, while others do not report detected incidents for strategic reasons or because the attack is being investigated as a matter of national security. It seems certain, given the technical sophistication of today’s well-funded threat actors, that a substantial number of incidents are successful but not discovered.

So if incidents are rising, and yet many attacks are not being reported, what does this mean to small business? Are they being overlooked by the hackers? Are small businesses in general not really at risk?

The PwC report goes on to say:

“Small firms often consider themselves too insignificant to attract threat actors – a dangerous misconception. It’s also important to note that sophisticated adversaries often target small and medium-size companies as a means to gain a foothold on the interconnected business ecosystems of larger organizations with which they partner. This dangerous reality is compounded by the fact that big companies often make little effort to monitor the security of their partners, suppliers, and supply chains.”

PwC defines a small business as one with less than $100M annual revenue.

Lesson Learned

Small business executives and owners must understand that they are at greater risk of cyber attack than they realize. There are more than 3 billion users on the global Internet and a large number of them want what every small business has. By getting large quantities of personal and business information, they can sell it to the highest bidder on hacker e-commerce sites. The Internet underground is well organized and well funded and can easily monetize stolen small business information.

Key Message

Invest the time to better understand how cyber risk could be affecting your organization and how it should be managed. Even small businesses with a few employees are a target and need to take steps to protect the organization. Remember, cyber risk management involves examining not just technology but people and the entire business ecosystem (partners, suppliers, clients) they interact with. IT Security alone will never be able to adequately address the problem.

Source for more information

1 PwC’s The Global State of Information Security Survey, 2015.

Four Components of Cyber Risk Management

Security concept: data security on digital backgroundIf your company stores data and information digitally, you should have a cyber risk management program that addresses prevention, disclosure, crisis management and insurance coverage in the event of a data breach. Good cyber risk management requires the planning and execution of all four of these components.

Develop Strategies to Prevent a Data Breach

Your data breach prevention strategies may include encrypting all devices used by your employees, such as laptops, tablets and smartphones. Encrypting these devices will prevent unauthorized access if a device is lost or stolen. Unencrypted devices are often not covered by a cyber liability policy, so make sure you know whether you need to encrypt the devices or not.

Your strategies may also include educating employees about phishing and pharming scams. Remind them not to click on anything that looks suspicious or seems too good to be true.

Analyze your cyber risks from three different perspectives: technology, people and processes. This risk assessment will give you a clear picture of potential holes in your security. Revisit and revise your plan regularly, because new risks arise often.

Know Your Disclosure Responsibilities

If you experience a data breach, you may be legally required to notify certain people. If your company is publicly traded, guidelines issued by the Canadian Securities Administrators (CSA) make it clear that you must report cyber security incidents to stockholders—even when your company is only at risk of an incident.

The CSA advises timely, comprehensive and accurate disclosure about risks and events that would be important for an investor or client to know. It’s important to evaluate what information and how much detail should be released.

Notifying a broad base when it is not required could cause unnecessary concern for those who have not been affected by the breach.

Some extreme cases of a data breach may cause you to go further than just assessing and disclosing the information. You may have to destruct or alter data depending on its sensitivity.

Your Crisis Management and Response Plan

Preparedness is key when developing your cyber risk management program. When you experience a data breach, you need to be prepared to respond quickly and appropriately. This is where your crisis management and response plan come into play.

Determine when and how the breach occurred, what information was obtained and how many individuals were affected. Then assess the risks you face because of the data breach and how you will mitigate those risks.

While managing a crisis, let your clients know what actions you are taking, but also be sure you’re not disclosing too much information. It’s a delicate balance. Focus on improving future actions—this will restore trust in your stakeholders and clients.

Your in-house lawyers, risk managers and IT department should work together to create and refine your plan. Everyone should be on board and know their responsibilities when a breach happens.

Protect Your Data—and Your Business

Your cyber risk management program should include cyber liability insurance coverage that fits the needs of your business.

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure.

Your cyber liability insurance policy can be tailored to fit your unique situation and can be written to include the costs of disclosure after a data breach. Contact Precept Insurance & Risk Management to learn more about cyber liability insurance and how you can protect your business from a data breach.



© 2014 Zywave, Inc. All rights reserved.



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn