1-888-643-2217 Email ABEX
Keeping you updated

Choosing the Right Type of Cyber Testing for Your Business

Taking the initiative to invest in cyber security and improve employee security awareness is vital for defending a business from cyber attacks. However, it may be necessary for businesses to re-evaluate their efforts on occasion to make sure their security measures are effective. Vulnerability scans, penetration testing and red team exercises are three types of tests that businesses can use to assess their cyber security.

Vulnerability Scans

Vulnerability scans and assessments use automated tools to identify cyber weaknesses. They’re typically used to find known or common vulnerabilities, such as those used in past breaches and those that provide paths of least resistance for attackers trying to enter the network. Vulnerability scans are most useful for small and mid-sized organizations with limited cyber security resources.

Penetration Tests

Penetration tests are simulated attacks that use information acquired from vulnerability scans in an effort to access or penetrate the enterprise network. When a penetration test occurs, enterprises and security professionals may or may not know of the test in advance. Penetration tests can be performed by internal staff or external vendors. They’re most beneficial for organizations of medium maturity looking to uncover gaps in security.

Red Team Exercises

When using a red team to assess security, employees assume the exercise is a real-life situation and do not know about it in advance. Red team exercises help organizations gauge realistic responses to attempted attacks by mimicking attackers and attempting to break into the organization in any way possible. Mature organizations with specialized cyber security skills would benefit most from red team exercises, which can uncover security gaps both inside and outside of the network. Red team exercises can be conducted by internal staff or by external vendors.

Once an organization identifies which type of testing is appropriate, it should also assess the frequency of the testing. Ultimately, every new or updated technology should be subjected to thorough testing to detect and address new vulnerabilities before outside attackers find them.

© Zywave, Inc. All rights reserved

Online Tool Measures Stress Levels in a Workplace

In partnership with the Canadian Centre for Occupational Health and Safety, the Occupational Health Clinics for Ontario Workers have created an online survey tool to help companies measure workplace stress levels. The free tool, StressAssess, allows workplaces to anonymously gather key information about work conditions and psychosocial hazards.

StressAssess guides administrators through a five-step process via instructions, templates and reminders. After employers complete the survey, a summary report is generated, which provides comparisons against validated national averages and practical ideas to help workplaces address identified concerns.

Managing workplace stress is important, as it goes a long way toward creating a healthy and happy workforce. Common job stressors include a heavy workload, intense pressure to perform at high levels, job insecurity, long work hours, excessive travel, office politics and conflicts with co-workers. While dealing with stress is a normal part of everyday life, the following are some adverse symptoms employees can experience as a result of recurring workplace stress:

  • Insomnia
  • Anxiety or depression
  • Low morale
  • Short tempers
  • Headaches
  • Stomach or back problems

To protect your workers, consider using StressAssess to learn a number of useful methods for reducing workplace stressors. While the survey tool is meant to diagnose workplace factors, the website also includes a personal edition for individuals interested in measuring their own level and sources of stress.

© Zywave, Inc. All rights reserved

Creating Pre-incident Fire Plans

Recent fires in British Columbia have contributed to one of the worst fire seasons on record, leading to more than 12,984 sq. km of damage and illustrating the importance of proper preparation. Not only can fires cause major property damage, but they can also endanger your employees, business operations and supply chains. However, you can prepare your business ahead of time by making a comprehensive fire plan. To help with the creation process, consider the following:

  • Consider how your business would be impacted following a fire. Conduct a risk assessment to understand potential exposures and plan accordingly. Contact a third party for help with your assessment if needed.
  • Contact your local first responders for help. Building a relationship with your local fire department can save valuable time in the event of a disaster. Moreover, you can exchange useful information like your building’s floor plans and fire escape routes to help create a fire plan. In fact, in some provinces, businesses are required to work with local fire departments when creating their plans.
  • Create a communication plan that accounts for your employees, clients, vendors and other stakeholders. In the face of a disaster, communication is key. As such, it’s important to establish protocols for communicating with employees and partners. At a minimum, you’ll need to know how you will provide status updates and next steps during and after a fire. Consider creating a crisis management team to keep you organized.
  • Consider your business continuity options. Any disruptions to your workplace, supply chains or vendors can cause costly delays. Work with a qualified insurance broker to discuss policy options that help you recover quickly following a disaster.

Fires are an ongoing concern wherever there is dry, hot weather, making careful planning and dedicated insurance a must. Contact your insurance broker today for coverage and loss prevention strategies.

© Zywave, Inc. All rights reserved

Benefits of Cyber Liability Insurance

As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.

In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.

Claims Scenario: Outsourcing Gone Wrong

The company: A national construction company that outsources some of its cyber security protections

The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.

As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.

Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.

What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.

Claims Scenario: Pardon the Interruption

The company: An online retail store that relies heavily on e-commerce

The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.

Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.

Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.

Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.

Benefits of Cyber Liability Insurance

  • Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
  • Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
  • Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
  • Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.

Learn More About Cyber Liability Insurance

When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.

Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact your insurance broker today.

© Zywave, Inc. All rights reserved

3 Questions to Ask When Addressing Sexual Harassment at Your Business

It’s always been important to protect your business and employees from sexual harassment, but recent high-profile cases show the importance of re-examining this topic at your business. Social movements like “Me Too” have drawn attention to sexual harassment in the workplace, resulting in a growing number of misconduct allegations. These allegations can lead to a wide variety of claims as well as serious financial and reputational damage.

Insurance companies, courts and regulatory agencies will begin to examine businesses closely to ensure they take sexual harassment seriously and act to protect their employees and customers. The following are some questions you need to consider when addressing sexual harassment at your business:

  1. How do you encourage employees to report inappropriate conduct? The best way to address sexual harassment allegations is to respond quickly. Regularly remind employees that there won’t be any retaliation for reporting inappropriate behaviour. You should also ensure there are multiple ways for employees to make anonymous reports to management.
  2. Does your employee harassment training address your workplace’s unique traits? A standard workplace policy is a good starting point for addressing sexual harassment, but you should also think about how your employees interact with co-workers and customers.
  3. Do your insurance policies include exclusions for sexual harassment? Many commercial general liability policies exclude claims for sexual harassment. Depending on the policy wording, sexual misconduct-related events may or may not be covered, so it’s important to be specific and ask questions during the underwriting process.

Contact your insurance broker for more information.

© Zywave, Inc. All rights reserved




Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn