Cyber Losses: a real risk for individuals and businesses alike.
This article takes a look at cyber crime, the threat it poses to businesses and individuals, how a business can protect itself, what cyber liability insurance covers and why a loss assessor might be a great addition to fight your corner in the event of a cyber crime insurance claim.
There’s no turning back now, we live in a digital age in which technology plays a pivotal role in our personal and professional lives. In a way, we’ve knowingly given up our right to privacy. No matter what sector you work in, businesses use computers and the web to store company information, accounts, employee details, and much, much more.
As more of our personal data becomes accessible on the web, hackers begin to develop new ways to steal details and information. As a result, protecting yourself from the impact of cyber theft is as essential as insuring against burglary from your home or business.
Businesses in particular are now incredibly vulnerable to cyber-attacks that could lead them to accidentally leak incredibly sensitive details (employee or customer account details, addresses etc.).
Indeed, Sage (one of the largest accounting, payroll and payments software companies in the UK) was reported to have suffered a data breach that could potentially have compromised the data of around 280 small and medium companies in the UK.
Cyber-attacks can affect small, medium and large multinational companies (such as TalkTalk who lost £60m and 101,000 customers due to a cyber-attack). In fact, according to findings in the 2015 Information Security Breaches Survey, 90% of large organisations and 74% of small businesses reported a breach in 2015.
Cyber crime protection tips for businesses
With a myriad of progressively advanced methods of stealing data and identities, businesses need to ensure that they are protecting themselves, their employees and customer data: indeed, according to an article published in the Guardian, nine out of ten SMEs have identified cybercrime protection as one of their top priorities.
In light of this, we have produced a list of cyber security tips and guidelines that any small business can follow in order to protect their assets from cyber theft.
Keep everything updated
One of the easiest ways to keep protected is to ensure that you update your computer, software and programs as and when updates become available. The vast majority of these updates or “patches” address vulnerabilities in programs and software that have been discovered due to hackers or malware, or occasionally contain bug fixes or can enhance product performance.
By regularly updating your computer and its installed programs, you are preventing attackers from taking advantage of software flaws, or at least making it much more difficult for them. A lot of companies sell software that automatically updates itself, however, if you get prompted to update your computer or installed programs do so, it takes little time and all of the work is done for you.
The same should be done with browsers (Chrome, Firefox, Internet Explorer).
Protect your computers with anti-virus software
Ensure that every device in your workplace has anti-virus and firewall software installed. Antivirus software protects your computer from malicious programs such as Trojan horses, viruses and worms as well as spyware or unwanted programs such as adware. Antivirus software allows you to monitor and control software that you may not want and is designed to protect you from online threats by catching and eliminating threats before they have the chance to become problematic.
For basic online security, you will need a firewall: this is your device’s first line of defence: firewalls control who and what is able to communicate with your computer online, blocking attacks and bad traffic to your computer.
There are plenty of free options available, or for extra security, you may want to consider paid antivirus and firewall software.
This may feel a bit over the top, but it is wise to encrypt almost all of the data that you save: encrypt data that goes on cloud services to ensure that it is not accessible to hackers or unscrupulous employees and encrypt hard drives on your computers so that the data cannot be copied.
Encrypting your data ensures that a password is needed to access your data, and even if copied, the data makes no sense without the encryption key.
Train your staff to understand online threats
Due to most of your staff requiring the use of a computer, laptop or smartphone it is advisable to make sure that your employees understand at least the basic principles of cyber security and are able to recognise the warning signs of email scams, viruses or phishing scams.
Although many email providers are continually improving their services and getting very good at recognising potential threats before you receive them, some of the more advanced scams will find their way into your inbox, as they can be disguised as brand emails, client emails etc. However, scams of this type do tend to have some recognisable giveaways.
Identifiable red flags can include:
- Emails asking for personal or credit card details
- Emails containing suspicious attachments
- Requests for immediate action regarding claims ( in the same vein as “we are contacting you regarding your recent claim, due to an unfortunate accident at work”)
Train your staff to report these emails as spam: this way your email provider will be informed and can keep check on this type of email in future. You can also file a phishing complaint or even go so far as to blacklist the domain from your email settings so as to avoid getting emails from the same source again.
You should also carefully inspect any communications containing various spelling mistakes and suspicious-looking links. Occasionally, links can appear as normal, but when clicked on, prompt an unwanted download that installs malicious software: always be cautious when clicking on these, and always stop the untrustworthy download before it installs itself on your device. You may consider asking your staff to scan suspicious-looking emails with free anti-virus software that can be found online (such as Avast or AVG) or whatever software you have installed on your devices.
Make sure that you (or an employee or paid trainer) walk your staff through these measures in a short training session (it needn’t last longer than 30 minutes): writing them all down and expecting your staff to read these instructions runs the risk of this not being done.
Enforce a strict password policy
With your staff trained in online security, it should be easy to set up a password protocol. You can set up a maximum password age which determines how long your employees can keep their passwords: this usually tends to be a maximum of 30, 60 or 90 days. Although it may be a hassle to change passwords this frequently, it is important for maintaining the network’s security.
Furthermore, it is possible to enforce password length and complexity requirements: do not allow you employees to simply use the password “password”: make sure that they are at least six characters long, contain a number and various letter cases. There are also free services online that can produce passwords for you. It is also important to remember not to use the same password for all logins.
Restrict some usage in the workplace
Although it may be annoying on occasion for your employees, it is important to restrict software downloads and to install administrative rights on all company devices so that nothing can be installed unknowingly: this eliminates the risk of an employee accidentally downloading a program that is not trustworthy or that contains malware.
Get Cyber Liability Insurance
Nowadays, unfortunately, hackers continually develop newer and better ways of hacking into our devices and networks. While protecting your data by teaching staff best practice security measures and updating your computer systems regularly is a good step to take, it’s a very good idea for businesses to have Cyber Liability Insurance – or to make sure that your current policy covers you for any cyber-attacks – as malicious, targeted attacks remain the highest cause of data breaches.
What should it cover
Depending on your policy and/or provider, cyber insurance can cover your business for the following:
- Cloud cover
- Virus damage (to rebuild your computer systems and restore company data)
- Legal expenses
- Identity Fraud
- Intellectual Property (in the event of a claim for intellectual property rights infringement for example)
- Cyber Crime (if you have been targeted by phishing scams, wire fraud, telephone hacking, identity theft, etc.)
- Business Interruption
- Regulatory Investments (in the event of a confidential data breach this covers the costs of investigations and fines from data protection regulators)
- Crisis Communication (in order to maintain the company’s reputation, usually with specialist PR).
- Data Loss (to cover the costs of data forensics, restoration, recollections & recovery).
- Cyber Extortion
- Specialist Services ((in the event that you have specialist computer systems that need repairing by a specialist).
According to the Information Security Breaches Survey, only 39% of large organisations and 27% of small organisations have insurance that would cover them should a data breach occur.
IT’s essential that you know what you are covered for BEFORE anything happens, as not being covered can be extremely costly indeed.
Why Use Loss Assessors in the Event of a Cyber Attack?
Cyber losses and data breach claims are very intricate cases to deal with. It’s necessary to prove that the breach happened in the first place (you’d be surprised how few traces some of them leave), the exact time of the incident, its ramifications (immediate and delayed repercussions for your business) etc.
There’s also the difficult and time consuming tasks of assessing exactly what damage the digital infraction may have cost your business (or those you work with), what data was lost and how to recuperate it.
Once you’ve proven all of the above, you need to check that you are fully covered. Unfortunately, this is often not the case. You need to check what you are covered for by paying very close attention to the wording of your policy, in case your claim could be invalidated by something that you overlooked.
This process is complicated and time-consuming, especially when you don’t have the expertise to hunt down evidence, and when you are trying to run your business and maintain a regular service for your clients.
Why hire Harris Balcombe
Appointing Harris Balcombe gives you access to our unparalleled expertise. We directly employ chartered accountants, chartered surveyors and chartered loss adjusters, putting together the right team to handle your claim and making sure you get the best possible outcome.
Our loss assessors have invaluable experience in dealing with cyber loss cases. Our experts have worked on cases involving hacking, viruses, malware, and more general ‘denial of service’ issues. They’ve also dealt with situations requiring them to bring in specialist IT consultants, such as forensic IT investigators, to fully ensure that your claim is as strong as possible. Generally speaking, the cost of these external consultants is covered under the terms of the policy, meaning that you get excellent service at no extra cost.
In terms of assessing how the breach has affected your business, we consider both short and long term possible effects. For instance, immediate damages like loss of data and damage to your computer system or server, or long-term ramifications that extend beyond the specified maximum indemnity period (company reputation management for example).
Having your personal data stolen can leave you feeling vulnerable, but we take the stress out of dealing with your cyber loss claim, offering the best advice to get you back to business.
For more information on these services or on cyber liability insurance in general, contact us here or call us on our 24/7 helpline 0844 544 1699.
0844 544 1699
0330 058 1987
Phone our 24/7 helpline now for a free consultation on how we can help your claim. We give you an honest and open assessment, with no obligation, so you can find out quickly and easily what we can do for you.