With our world increasingly becoming digital, businesses are facing different challenges than they were a few decades ago. One of these challenges is the new risk of cyber liability that businesses face. Most businesses collect and store personal information via the web, whether it be personal information about their employees or clients, and everything in between. With this increase of data being stored by companies, the risk of cyber attacks have increased as well. If your business isn’t protected from the liability of a cyber attack, we would suggest discussing adding this type of coverage to your small business or commercial policy.
*NOTE: From 2018 it will be mandatory for Canadian organizations to report any breaches of security safeguards to the Privacy Commissioner of Canada (as well as notifying affected individuals, and more). Read about this new law here.
Some questions to ask yourself when thinking about purchasing cyber liability insurance for your business include;
How much personal info does your company collect, store, and have access to?
The first step is to analyze how much personal data your company is storing. Personal info includes everything from names, addresses, account passwords, financial details, and more.
How many of these records contain “sensitive” personal information?
It’s also important to know how much personal info being stored is “sensitive” and should be protected with extra care. Examples of sensitive information include banking information (credit card details, etc.), login info, and employee social insurance numbers (SINs). It’s important to take extra steps to ensure this type of sensitive info is very secure.
What security controls do you have or can you put in place to help reduce the risk of liability?
You must assess the level of security you have on your data. Do you have firewalls? Are you encrypting data at all? Your internal technology team should be performing periodic audits of your security measures as it pertains to protecting personal information stored on your servers.
Do all computing devices and portable media need to be encrypted?
It’s great if you have security measures in place such as encryption and strong password enforcement, but a business must ensure all possible devices with access to their sensitive data are secure. This may or may not include any portable devices like cell phones, memory cards and/or thumb-drives that you’re employees may be using to access client information.
Are there 3rd party service providers you work with that have un-encrypted data stored with them?
Many businesses work with 3rd party providers in data storage, so it’s important to ensure that these partners are also securing this data properly too. This is especially crucial for Customer Records Management (CRM) applications, or apps that run on mobile devices, tablets and other personal devices.
Could you look into claims against your company, months or years after the intrusion occurred?
Another factor to consider is how long your data is stored, and how far back you can access data and it’s records. If a business discovers an attack months or years after the attack actually took place, it’s important for that business to be able to go back in time far enough and have the ability to analyze what took place during the attack. This ensures that action can be taken to eliminate the exploit or threat for future attacks.
THE BOTTOM LINE:
These days, businesses need to think about their cyber liability more than ever. As we discussed, there are several questions you need to think about when considering cyber liability insurance for your business. If your business collects and stores any personal/sensitive information on clients, partners, etc., you should be protected from cyber attacks both in a security sense but also in proper insurance as well. Contact a Harbord Insurance rep today to discuss cyber liability insurance options for you and your business.