Even though businesses are increasingly collecting and saving personal information about their customers, far too many companies are ignoring cyber-liability. A poll of Canadian Business conducted by EKOS for the Office of the Privacy Commissioner of Canada, found that 42% of businesses surveyed were not concerned about security breaches.
Some businesses are trying to protect themselves, especially after seeing some very costly incidents. Examples include Best Buy, Sony, and the Bay Street law firms.
In the past, cyber criminals would focus on technology innovators such as financial institutions and larger corporations. Today, nearly every company is at risk of a cyber-security breach and it’s just a matter of time before they experience one.
A few years ago, an employee at the Canada Revenue Agency accessed 37,500 emails containing confidential financial information about ordinary Canadians and downloaded the files for her personal use. Also, dozens of other workers were discovered snooping on their ex-spouses, mothers-in-law, creditors and others. The bottom line is: no industry is immune to potential privacy breaches. They have occurred in both private and public enterprises, as well as in government agencies.
Firewalls and encryption are often not enough to protect your network from a breach. Hackers can take down a website and totally interrupt a company’s online operation.
Cyber criminal networks that use the Internet to perform their scams are finding a virtual haven in Canada. According to a study, Canada ranked as the sixth most likely country to host servers operating malicious programs in 2011, up from 13th the year before.
Many companies are just now beginning to realize the impact of increased outsourcing and social networking. For example, an employee posting something inappropriate on organization’s website can make the company a subject to copyright and intellectual property laws and taint the company’s reputation.
How does a company protect itself from cyber risks?
Most businesses readily purchase insurance coverage to protect themselves against catastrophic events such as fire, however, they neglect the possibility of losing thousands of hundreds of dollars due to risks associated with conducting business electronically, ranging from identity theft to e-business interruption. Insurance coverage for cyber-liability is starting to become more and more sophisticated as exposures are better understood, and it is predicted that it will soon become a norm.
There are insurance policies available that offer broad cyber coverage and can be customized to meet the needs of organizations of all sizes. Also, there are cyber-insurance policies that help protect businesses from a range of tech-related liabilities, such as network security liability, privacy liability, media content services liability, extortion threat etc.
In addition to obtaining cyber liability insurance, companies have to implement proactive risk management strategies to reduce potential exposures. Here are a few tips on how to reduce risks related to identity and security breaches:
- employees and contractors should be trained to understand their responsibilities in the protection of data
- mobile devices should be encrypted and employees should be trained on the company’s policies regarding downloading confidential information and working remotely;
- employees should be trained on which precautions they should take when travelling with laptops, PDAs, mobile devices and other data-bearing devices.
ABEX Cyber Risk Management Program
The Ultimate FirewallTM (TUF) is a comprehensive cyber risk management program that far surpasses the basic ad hoc approach of standard network security controls and vulnerability assessment checkpoints. Working with your existing data protection scheme, the TUF program delivers a defense-in-depth security strategy.