Odd ways businesses get hacked.

3 ways your Small Business can be Hacked

If your small business has eve been hacked, you know the importance of cyber security for small business.  You more than likely know that data breaches are no longer just a problem for big business. Any business can be hacked and the ways in which a business is hacked are very widespread. Here are 3 ways your small business can be hacked that are within your control to stop.

Hacked

Not periodically resetting a password

A few years ago there was a hack that occurred between two baseball teams, the St. Louis Cardinals and the Houston Astros. This hack occurred because a rogue employee (Chris Correa) within the Cardinals Organization guessed what the password of a former Cardinals Employee who now works for the Astros (Jeff Lunhow). It has never been confirmed what exactly the password was and if Correa knew what Lunhows’ password was when he was with the Cardinals, but Correa has admitted that he guessed the correct password for Lunhows’ log in credentials with his new team the Houston Astros.

This could have been prevented by simply resetting a password periodically and not using the same password for all log ins. Here is one tactic, many people use to remember their password when it has to change.  Start with a password like:

BaSkeTBaLl_2741+3657

The word Basketball can change with the seasons.  For instance, you could use the word baseball in the Summer and Football in the Fall.  You could also keep the same password and change the special character. In this example you would change the _ and the +. Be careful using this method because you are not changing much about the password.

Old Employees Still Have Network Access

When an employee leaves your organization there shoul dbe adequate steps taken to ensure the terminated employee no longer has access to any networks or internal files. There also may be several Sales as a Service (SAAS) companies out there that your business has an account with, but the terminated employee is the only employee who used the account. Having a way to keep access to those accounts or to change the password is important.

Third party vendors getting hacked

Two of the largest data breaches in history, Home Depot and Target, were started by a third party vendor being hacked first. In both of these cases a small business was hacked several weeks or months previously and the criminals waited until they realized they had access to the much larger database through this vendor partnership.  In the case of Target it was a local HVAC company that serviced a few of their locations in the Pittsburgh area. Home Depot had a vendor partner that processed the credit and debit card transactions at their self check out stations in most of their locations.

3 TYPES OF CYBER INSURANCE EVERY BUSINESS SHOULD HAVE.

What if my business does not deal with computers.  Does that mean I really don’t need Cyber Liability Insurance?  What if I am the only person in my business who uses a computer.  Doesn’t that mean I don’t face all that much risk?  Let’s say I might need Cyber Insurance, but what kind and how much?

Do any of these statements sound familiar? If so, you definitely need Cyber Liability Insurance. The term Cyber Liability Insurance is used pretty generally because cyber security is such a young sector and the data about the risks are changing very rapidly.  Business owners and insurance companies are still having trouble determining who is at risk and how much risk those businesses actually face. Just because this is a new type of insurance coverage does not diminish the importance it can have for protecting your business.

Many business owners think a data breach can only occur to a big multi-national corporation. For the big data breaches that make the news, this is certainly true, but the truth is most data breach first start out with small mom and pop businesses. These mom and pop businesses are first hacked with the hackers intention of gaining access to a much larger database.  This usually occurs through carious types of vendor partnerships. In the case of Target and Home Depot both of these breaches were first accessed by a much smaller business partner, who was hacked.  For this reason it is immensely important for you to talk with an experienced independent insurance agent about all the risks your business faces.

Cyber Liability Insurance

The three main types of Cyber Liability Insurance Coverage are Cyber Security, Cyber Liability and Technology Errors and Omissions Insurance. The first two deal with risks relating to a Data Breach. The third deals with companies that provide technology services and products.

Cyber Security

Cyber Security Insurance is also known as Privacy Notification and Crisis Management Expense Insurance.  This coverage includes coverage for first party damage to you and your business. This coverage does not protect your business from damage done to third parties. Cyber Security Insurance deals specifically with the immediate response costs associated with a data breach. In many cases it is required by law to find out how the breach occurred, notify those affected and provide credit monitoring services for one year.

Examples of costs included in Cyber Security Coverage include:

  • hiring a forensics expert to determine the cause of the breach, suggest measures to secure the site and prevent future breaches

  • hiring a public relations agency to assist in dealing with the crisis

  • setting up a post-breach call center

  • notifying affected individuals whose personally identifiable information (PII) has been compromised

  • monitoring these individuals’ credit (usually for 1 year)

  • paying the costs to “restore” stolen identities as a result of a data breach (e.g., expenses of notifying banks and credit card companies)

Cyber Liability

Cyber Liability Insurance, also termed Information Security and Privacy Insurance, covers the insured’s liability for damages resulting from a data breach. It does not cover expenses that deal with the immediate response cost. This type of insurance protects businesses which sell products and services directly on the internet.  Also, it protects businesses which collect data within its internal electronic network. The most common forms of data breach involve personal or financial information like credit card numbers, bank account information, social security numbers, health information, trade secrets or intellectual property.

The types of situations where this information are accessed include:

  • An employee’s car is broken into and a business laptop is stolen.

  • An email containing sensitive customer information is sent to the wrong person.

  • Important paperwork, like a credit application, is taken during a break-in.

  • Failure to timely disclose a data breach.

Technology Errors and Omissions

Technology Errors and Omissions Insurance, also referred to as Professional Liability or E&O, is a form of liability coverage that protects businesses who provide or sell technology services and products. This coverage prevents businesses from bearing the full cost of defending against a negligence claim made by a client, and damages awarded in a civil lawsuit. This can include business who sell and service computer products, but it can also include graphic designers and advertising agencies who create digital content that can harm a company’s reputation. It covers computer programmers who may create faulty code for a website that causes that business to mail products to the wrong addresses.

Cyber Liability Insurance is a new and emerging part of the insurance industry and it is not going anywhere. These risks are only going to become stronger as more and more business operate online. Before too long Cyber Security Insurance will be a normal part of businesses insurance policy just like workers compensation Insurance and general liability Insurance are today. Now is the time to consider if and how much cyber insurance your business needs.

Eight CyberSecurity Tips for Small Businesses

Cyber Security

In-depth Training for Employees in Cyber Security Prevention

You and your information technology expert need to come up with basic security practices for your employees. There need to be clear and concise rules of behavior for your employees regarding passwords and customer information.

Protect all sensitive Information from Cyber Attacks

Starting with just keeping the computers clean and always running the latest security software on schedule.  Make sure you are install all of the proper malware, antivirus, and key software updates. If you and your IT Professional are constantly paying attention to cyber security, the employees will take more of an interest as well.

Make sure you purchase the proper Cyber Insurance Policies

Cyber Security Insurance comes in two forms that are usually packaged together. The first is commonly referred to as Data Breach Insurance and it covers your first party damages to you and your business. The other coverage is commonly referred to as Cyber Liability Insurance. This coverage protects your business from the third party liability your business may have to customers and other parties who may be damaged by a data breach that occurs within your business.

Get the best answers to Data Breach and Cyber Security Insurance questions at MyInsuranceQuestion.com

Do not forget about having a policy regarding Mobile Devices 

Mobile devices are such a common part of our lives now that many people forget to realize their phones are a prime target for criminals to access a business’s sensitive information. Many employees may want to have access to their company email on their phones, especially if they travel much for work.  Having a well thought out policy that you are comfortable with and adequate measures to check that your employees are following the procedures is essential.

Make backup copies of important business data and information

There should always be a way for you to retrieve customer’s sensitive information. Microsoft one drive is a great fairly new software program that allows you to store and share information internally.  If you can afford it, having a second server at a separate location may be necessary depending on how much information your business does store.

Cyber Security Insurance is needed for most small businesses.

Strictly control access to your computers and create user accounts for each employee

This can help dramatically if you have an internal problem. Knowing who was logged in at the time of the access can help determine where to go to find information about a hack. It may be as simple as an employee who opened a zip file in an email and they are scared to bring that to your attention fearing retribution or it may help you find the source of employee theft.

Secure your Wi-Fi networks

Properly securing your Wi-Fi network may seem like something obvious to prevent a hack. For small businesses owners without a lot of technology experience may not know how to do this or the need for this type of security. This should be the first and foremost thing a small business should do to prevent unauthorized access.  This is important to consider for businesses that are open to the public or may offer Wi-Fi access to their customers.

A Strong Password is essential to a good Cyber Security Program.

Passwords and authentication

Passwords protection is crucial to defending your business from a data breach.  It is important to give your employees hard examples of what is a good password and what is not.  What may seem secure to one employee may be something as simple as October which is not acceptable in the least bit.  Here are some examples of password you can use to demonstrate strong and weak passwords.

6f8Il,E6pg%j2

This would be an example of a password that is extremely secure.

BaSkeTBaLl_2741+3657

This would be an example of a password that is a little less secure, but easier to remember.

JoeSmith or password

These are examples of terrible passwords that should never be used.

You will find many employees like to use something similar to the middle password. This is because it has some resemblance to a word they can associate with to remember the password more easily.  I personally like this because, in the Fall I might use Football or Autumn, in the Winter I might use basketball or Thanksgiving. As long as you are keeping the other numbers and special characters random it is difficult for hackers to hack through these secure passwords.  The birthdays of yourself or a family member should never used. There should also be a time period for how frequently a password must be changed. Every 90 days is a good rule of thumb, but many businesses have different requirements based on the needs of their organizations.

5 Insurance Policies you might not realize your Small Business needs.

Once a year every small business owners takes on the daunting task of purchasing insurance for their business. Most start with the bare minimum coverage. In most states it is legally required to have workers’ compensation and general liability coverage in place before you open your doors. This is just the bare minimum coverage a business needs to protect it from the risk the business faces. A few other coverages, like commercial property or auto coverage, are obvious to most business owners.  There are several other risks business owners may face that they may not realize. Here are 5 such coverages business owners may not realize they could benefit from.

 

Inland Marine

Inland marine coverage is a specialized form of property insurance for equipment your business owns that is not a piece of property nor a vehicle. It is frequently referred to as ‘floaters’ coverage. This is because the equipment covered is meant to be in transit.  A prime example of a company who needs this coverage is a landscaping company who has trailers and lawnmowers that they transport away from their premises on a regular basis.

Hired and Non-owned Auto

Many small businesses think if they do not own vehicles they do not need any form of auto coverage. That may be right, but in many instances this is not correct. If you have employees who run simple errands like running to the post office or to the bank to make change for the register than your business is liable for injuries that happen as a part of that business activity.  Another common time this coverage comes in hand is when you have employees who travel and use a rental car as part of their trip. In most instances the coverage you buy from a rental car coverage will cover the car you are driving, but not other liability risks related to the business. Hired and Non-owned Coverage take help protect your business from those risks.

Cyber/Data Breach Coverage

Cyber insurance consists of two coverages that are almost always sold in tandem. One covers first party damage to you and your business and the other covers third party liability to third parties who may be damaged by your business as the result of a data breach.

EPLI

Employment Practices Liability Insurance is a specialized type of liability coverage for wrongful acts the may arise from the employment process. This coverage includes claims that include wrongful termination, discrimination, sexual harassment, and retaliation.  Depending upon the carrier and the particular policy you secure it can extend to cover claims like inappropriate workplace conduct, defamation, invasion of privacy, failure to promote, deprivation of a career opportunity, and negligent evaluation.  Lawsuits of this type have been on a steady increase for two decades.  If you stay in business long enough it is a matter of when, not if, you face an EPLI Claim.

Owners and Officers Coverage

This type of insurance coverage is specifically designed to cover defense costs and damages arising out of wrongful act lawsuits brought against an organizations board of directors or officers.  It is crucially important to have this coverage in place for growing small businesses and especially Non-profits.  Officers can provide very beneficial guidance to these types of organizations and one claim, whether founded or not, can result in huge losses for the organization.

4 ways your Small Business can prevent a Data Breach

In today’s day and age, there are many ways businesses take and face risks. Some businesses are in industries where they take risks just in the fact that they are open for business. That can be a roofing company who has employees who climb on top of a house on a daily basis. Other businesses face risks in hiring and firing employees, generating enough revenue to stay afloat and most importantly the risk of becoming victim to a data breach.  Most business owners do not think twice about purchasing commercial property insurance, but many still hesitate to secure small business data breach insurance.  This is a mistake because it does not matter the size nor the scope of your business, every business is a target for being hacked and every business is at risk for a data breach.

Obtain the best information about how to protect your small business from a cyber attack and where to buy small business data breach insurance at myinsurancequestion.com

Two of the largest data breaches in history were Target and Home Depot. Both of those breaches were accessed by first hacking in to a smaller company before gaining access to the larger company. Niether of these businesses had Small Business Data Breach Insurance. In the case of Target, the company was Fazio Mechanical Services and in the case of Home Depot, the company provided credit and debit card processing. These companies had been hacked weeks if not months prior to accessing the system of the larger company.  If your business works for any larger business than you could be at risk of being a target for hackers. If you choose to protect your business with data breach insurance this may not be as damaging.  Even if your business does not partner with larger companies you could still be a target for hackers just to get the information of your customers. This is a costly risk that you are taking without properly insuring your business and without taking precautions to protect your business. According to the Ponemon Institute it costs a business on average $174 per record. Other studies show it costing more. Taking these numbers in to consideration it would cost your business more than $17,000 for just 100 records being compromised. if that were 1,000 records it would cost $174,000. If that is not a cost your business can withstand than you need to have Small Business Data Breach Insurance Coverage and on top of that you need to be taking the proper steps to preventing this from happening. Here are four simple things your business can do to prevent a data breach.

Train your employeesLearn about the needs for Small Business Data Breach Insurance at My Insurance Question.com

The prevention of data breaches starts with your new hire training. If an employee is going to be using a computer they need to be trained on how to protect the company from being at risk. Do not assume employees know how to do this. Many employees may be very capable of doing a job for your business that is necessary. This does not mean they are computer savy and are properly trained to protect your business from intruders. Take the time and effort on the front end to properly prepare your employees to defend your business against hackers and it will provide dividends on the back end.

Help each employee protect their work space

Logging out and locking up your desk when away and over night are crucial. Even if the employee is just stepping away to the restroom it is crucial to lock up their devices. In most business environments, there are customers, vendors and other employees who may gain access to your computer while you are away.  You do not have to create a culture of mistrust to do this. On top of locking down your devices it is also important to not write down passwords on a post it note or some other piece of paper. It may be rare, but if these passwords fall in to the wrong hands it can cost your business immensely.

Require long passwords 

Passwords need to have certain requirements to be allowed. The best way to make this easier for your employees is to give them examples of what you want. here are a few examples of how someone can make a password strong and still make them rather easy to remember.

6h1fl,j2Oc49=

This would be an example of a password that is extremely secure.

BaSeBaLl_2345+6789

This would be an example of a password that is a little less secure, but easier to remember.

JoeSmith or password

These are examples of terrible passwords that should not be allowed.

I like using something similar to the middle password because I can change the word Baseball with the time of the year. In the Fall I might use Football or Autumn, in the Winter I might use basketball or Thanksgiving. This allows me to change the password frequently but not having to remember an entirely new password. There should also be a time period for how frequently a password must be changed. Every 90 days is a good rule of thumb, but many businesses have different requirements based on the needs of their organizations.

Shred everythingTo prevent a Small Business Data Breach make sure your employees shred everything that could be used in a cyber attack.

In today’s day and age, there is no reason any personal information should ever be disposed of without first being shred. There are outside businesses that can dispose of the shredded material. Some of these businesses will even recycle this paper, which is something you can share with your employees, customers and vendor partners. If any of these groups are environmentally conscious this can be a bonus to them and will add to your credibility as a business.