Not A Matter Of If, But When
Experts in the field of cyber security believe there are two kinds of business owners in the world - the smart ones who know they have been victimized by a cyber-threat or crime, and the remainder who do not realize it. If you are a small business owner, it is not a matter of if you will be victimized; it is a matter of when. Is your small business prepared for the inevitable?
There are various types of individuals and organizations who have the potential to compromise your company’s data. Current and former employees, as well as others close to the operation with access to data, are a potential threat. Company laptops, notebooks, smart phones and tablets are easy targets for thieves searching for an opportunity to gain a financial windfall from your data. Strong passwords, changed every 90 days, are critical. If you use your pet’s name, or your birthday or some other string of characters easily applied to you, then you are a prime candidate for trouble.
Small time hackers who work alone and enjoy the thrill and challenge of breaking into secure networks can cause your business damage. Cyber gangs who operate in the United States and overseas are constantly searching for targets to compromise. The most chilling of all possibilities may be the cyber criminals sponsored by foreign governments with the resources, and the will, to use the Internet to accomplish their political and financial goals.
According to the Department of Homeland Security’s Blueprint for a Secure Cyber Future, “Individuals and well-organized groups exploit technical vulnerabilities to steal American intellectual property, personal information, and financial data.” The report also notes that “malicious actors are using increasingly sophisticated tools, techniques, and procedures” and “the volume and velocity of cyber incidents” are on the rise.
Every business owner must take the threat of cyber security seriously and put in place the necessary safe guards to protect the data that an operation stores or uses, and virtually every industry is at risk.
- Manufacturing, services and technology: Intellectual property is one of the most valuable business assets, lose it and you could lose that secret ingredient that sets you apart from your competitors.
- Healthcare Providers and Wellness Program Administrators: People trust your organization with sensitive information, including medical records, payment and bank details or other confidential information.
- Retail, accommodation and food services: Before handing over personal details during a transaction or when signing up for a loyalty program, customers want to feel safe. Breaches in retail situations are the most predictable.
- Financial Services: Your status as a high-value target means that you are likely to attract more directed and tenacious criminal attention.
- Law Firms: Improper document disposal, stolen laptops and tablets, and bypassing of internal security protocols are identified as the three major categories of cyber risk for attorneys by Texas Lawyers Insurance Exchange.
- Architects: Computer networks are used to keep track of projects, payments and customer information.
- Accountants: Taxpayer records. Imagine the exposure of client files that are backed up on an unencrypted flash drive?
Experts believe that small business owners should consider common sense solutions, as well as the following suggestions to reduce their company’s risk of attack, and protect themselves if, or when, a breach occurs. First, don’t rely on the cross-my-fingers approach of hoping nothing bad happens. You should consult with your business insurance broker about your cyber exposures. From that conversation determine to what extent you wish to self-insure or transfer the risk to an insurance carrier.
Second, be proactive. Security advocates suggest a proactive approach, especially for IT professionals. ISACA, an international professional association focused on IT Governance, suggests that small business owners must rethink how their enterprise uses their information security experts. According to the December 30, 2013 issue of the ISACA newsletter, “With some elements of IT security operational responsibility (including malware detection, event analysis and control operation) increasingly being outsourced to cloud providers, smart leaders are enabling their internal security experts to become hunters instead of just defenders. This allows them to proactively seek out the most hard-to-detect threats, build internal intelligence capabilities, construct better metrics and invest in operational risk analysis.”
In this new age of world-wide connectivity, it is becoming increasingly inevitable that a business, maybe your business, will have some type of cyber liability event occur regardless of how you prepare. Even advanced security protections cannot keep your data 100 percent safe. You do not want to be in a situation as a small- or middle-market company dealing with a breach without the ability to transfer the risk. A breach could effectively wipe you out of business.
The common misconception that the cost of cyber liability insurance outweighs the benefits could result in misfortune for you and your company. Cyber liability insurance just makes sense.
So, take action today. Make a plan and follow through with your plan. The Spanish author Miguel de Cervantes wrote, “Forewarned, forearmed; to be prepared is half the victory.” It would be wise to heed this sensible advice from a 16th century author to our 21st century world.
Kimberly Dryden is a partner at NCW Insurance in Amarillo, Texas. NCW is a Texas Automotive Recyclers Association associate member and has been managing clients’ risk since 1926. NCW Insurance has evolved into one of the premier independent insurance agencies in Texas with a staff of over 30 professionals in four offices. To learn more about NCW visit www.neely.com. Kimberly Dryden can be reached at 806.376.6301 or by email at firstname.lastname@example.org.