Legal Issues Pertaining to Sweeping
Cyber Risk Minimization and Insurance Options
by Ranger Kidwell-Ross
Cybercrime isn't just about an individual having his computer restart over and over again, anymore. The crimes have gotten worse, with loss of money becoming the most common of them all. The attacks are getting bigger, affecting multiple organizations, sometimes various governments at one time.
The following @30-minute Zoomcast seminar by Reid Wellock, President of Fifth Wall Solutions, discusses the concepts outlined below in detail. Click on the image below to access on YouTube; we highly recommend watching it.
Our Systems Have Become More Vulnerable
The better the technology gets and the more we use it, the easier it is for a criminal to exploit. The migration of most organizations, from moving all of their crucial data, from dedicated servers, to third-party cloud services, has made the data more vulnerable than ever. It allows them to access all the information from a single point and thus, use it for their own benefit.
In order to tackle the problem in this situation, it is important to prioritize data according to the importance of data that criminals want to steal. Putting a defense around systems and data is a matter of priorities according to how critical they are. If a breach were to occur, then also prioritize having a good enough detection system to identify it and quickly take the corrective action.
It is always best to select the right person in an organization to be in charge of tackling cyber security. Whoever is chosen to take the lead must identify the key actions properly and clearly discuss the actions with executive colleagues and ensure that the actions are being executed. When it comes to cyber security, employees are potentially a biggest vulnerability for a company.
Organizations should therefore further educate their staff to make sure that all employees are completely aware of cyber security risks such as phishing emails and the social engineering that takes place. The leaders of taking action of cyber security must properly communicate the security plan of action, and explain why it is central to the success of a business.
Tackling the problem of cyber crime doesn't end there. Organizations need to continually reassess their position, regularly investing money and time into assessing the cyber threats, practises and systems. Many companies rely on the integrity of their capabilities digitally to maintain their reputation and the way that they operate.
These are the two main types of losses...
Perhaps the most common of these are data breaches. Typically, this means a cyber criminal has hacked into your database and gained access to the personal data of your customers and/or employees. They can take away info like names, addresses, social security numbers, credit card and banking information and more.
Perhaps equally as common are social engineering attacks. These involve a criminal posing as a trusted team member. They pose to have a logical-sounding issue that has the end result of getting some of your company's money. For example, you or accounts payable may receive an email that looks like it's coming from a member of management. It requests that they or a vendor be sent some money, often including bank routing information. Only after the money has been sent do you realize a scam has taken place.
Computer fraud is also common. In these situations a hacker finds a way to electronically access your banking information, after which they re-route outgoing payments to their account.
Cyber extortion and/or ransom often involves infected email attachments. Your employee unwittingly opens an infected email or one with an infected attachment. The click allows the cyber criminal to gain access to your system, which allows them to seize your data while also 'freezing' your system such that it's no longer available to you. This is then followed by a demand for money for (you can only hope) unfreezing your data. Money is often required to be paid via Bitcoin, since it's difficult to trace.
Multi-factor authentication (MFA) is becoming mainstream. Required with most insurance coverage for cyber, this is using both a primary (password) and secondary method of authentication to prove the right people are logging in. These take the form of a second set of numbers; a particular photo; or getting a code to the connected cell phone.
It's becoming more important since it is an additional safeguard for your company's data and network. Utilizing MFAs are also a way to show your insurance company that you're serious about data protection.
You are often liable for network and information security liability if personal data has been hacked from your network. This can be the case even if a another company actually administers your network since you chose them to do that. Your customers were relying on YOU to make sure their data stayed safe when you did so. You are the one typically held liable for securing the personal information of whoever you've collected it from.
Regulatory liability exists that requires you to notify all affected parties when your data has been breached. This is expensive to do, which is yet another reason why insurance against data breaches can be so important in today's environment. You may also become subject to regulatory action by state or federal authorities, depending upon the situation.
These days having insurance products to cover the above many types of cyber-risks has become increasingly important. To even apply for high dollar policies, in addition to completing an application you will have to also answer questions about your company's current safeguards. This can require financials, firewall and backup information, personnel policies and training, your disaster recovery plan and more. However, a few companies, like Fifth Wall Technologies – represented in the following brief Zoomcast informational video by cyber liability professional, Reid Welloch, along with Phil Duncan of Binddesk Insurance – offers a lower amount (in the case of Fifth Wall up to $250k for under $400/year) with just a quick online application. For many power sweeping contractors that should suffice. For municipalities, though, such a small-dollar policy is probably not appropriate.
Reid Wellock is President of Fifth Wall Solutions. His goal is to bring awareness of the emerging threats posed by cyber-hacking and criminality to the business community. Wellock is not an attorney and this is not intended to provide legal advice.
© 2005 - 2022 World Sweeper
Legal Issues Contents