All posts in Technology

Data Breach Basics


        Understanding and Preventing Data Breaches

Technlogytop

A data breach is an incident where private data is accessed and/or stolen by an unauthorized individual. Data can be stolen by a third party, such as a hacker, or by an internal actor (perhaps a disgruntled or recently fired employee).

According to the Ponemon Institute’s Cost of Data Breach Survey, the average per record cost of a data breach was $201 in 2013, and the average organizational cost of a data breach was $5.9 million.

What do Target, Nieman Marcus and Apple have in common? All these companies were victims of a data breach in 2013, totaling millions of stolen records that include personal information such as Social Security numbers, credit card numbers and bank account numbers.

If your company handles critical assets such as customers’ personal data, intellectual property or proprietary corporate data, you are at risk of a data breach. It doesn’t matter if you are a Fortune 500 company or a small “ma and pa” shop—cyber thieves are always looking for their next score. It is often assumed that smaller businesses can escape attention from cyber crooks, but according to Verizon Communication’s 2013 Data Breach Investigations Report, 31 percent of data breaches were at companies with 100 or fewer employees. No company of any size is completely safe from a data breach.


technologybottom

Data Breach Prevention Techniques


        Understanding and Preventing Data Breaches

Technlogytop

To reduce the chance for a data breach, it is wise to develop an IT risk management plan at your organization. Risk management solutions should leverage industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:

     • Create a formal, documented risk management plan that addresses the
     scope, roles, responsibilities, compliance criteria and methodology for performing
     cyber risk assessments. This plan should include a description of all systems used
     at the organization based on their function, the data stored and processed
     and importance to the organization.

     • Review the cyber risk plan on an annual basis and update it whenever there
     are significant changes to your information systems, the facilities where
     systems are stored or other conditions that may affect the impact of risk
     to the organization.

Not all companies have the resources to create and implement a fully customized plan. However, there are many simple, cost-effective steps any business can take to help prevent a data breach.

     • Never give sensitive information like Social Security numbers or credit
     card numbers out over the phone unless you can verify the identity of the person
     on the other line.

     • Shred all credit reports and other sensitive data before disposal.

     • Educate employees about phishing and pharming scams. Remind them
     not to click on anything that looks suspicious or seems too good to be true.

     • If your company doesn’t have an IT department, hire an outside
     company to set up the proper security measures for your computer network.

     • Always monitor credit reports and other financial data for the
     company. If you see things that don’t belong, investigate.

     • Do not allow employees to write down passwords in the office.

     • Always encrypt sensitive data.

What do Target, Nieman Marcus and Apple have in common? All these companies were victims of a data breach in 2013, totaling millions of stolen records that include personal information such as Social Security numbers, credit card numbers and bank account numbers.

If your company handles critical assets such as customers’ personal data, intellectual property or proprietary corporate data, you are at risk of a data breach. It doesn’t matter if you are a Fortune 500 company or a small “ma and pa” shop—cyber thieves are always looking for their next score. It is often assumed that smaller businesses can escape attention from cyber crooks, but according to Verizon Communication’s 2013 Data Breach Investigations Report, 31 percent of data breaches were at companies with 100 or fewer employees. No company of any size is completely safe from a data breach.


technologybottom

What to Do if You Have a Data Breach


        Understanding and Preventing Data Breaches

Technlogytop

It is common to have an “it will never happen to us” philosophy when it comes to data breaches. Unfortunately, that thinking can lead to lax security measures and carelessness when it comes to protecting sensitive information. If your company suffers a data breach:

     1) Act quickly. Report the breach immediately to local law enforcement.
     Notify important suppliers, vendors and partners.

     2) Alert your customers. If there is a data breach involving customers’
     personal information, activate your plan to alert them. The information
     compromised could be incredibly harmful to your customers, so alert them as
     soon as possible.

     3) Investigate. If you do not have the resources to do an internal investigation,
     consult a third party. The quicker the breach can be dealt with, the
     fewer negative effects your company will endure.

     4) Take measures to lessen the chance of a future breach. Fortunately, a data
     breach can be a good learning tool for your company. Analyze why
     the breach happened and take steps to make sure it doesn’t happen again.

The Federal Trade Commission (FTC) has many resources available to assist you and your company in recovering from a data breach.

What do Target, Nieman Marcus and Apple have in common? All these companies were victims of a data breach in 2013, totaling millions of stolen records that include personal information such as Social Security numbers, credit card numbers and bank account numbers.

If your company handles critical assets such as customers’ personal data, intellectual property or proprietary corporate data, you are at risk of a data breach. It doesn’t matter if you are a Fortune 500 company or a small “ma and pa” shop—cyber thieves are always looking for their next score. It is often assumed that smaller businesses can escape attention from cyber crooks, but according to Verizon Communication’s 2013 Data Breach Investigations Report, 31 percent of data breaches were at companies with 100 or fewer employees. No company of any size is completely safe from a data breach.


technologybottom

Why Cyber Liability Insurance is Important


        Understanding and Preventing Data Breaches

Technlogytop

Chances are, your company doesn’t have a “rainy day fund” capable of paying for data breach remediation. Fortunately, there are insurance options available to make recovery easier.

Cyber liability insurance policies can cover the cost of notifying customers and replace lost income as a result of a data breach. In addition, policies can cover legal defense fees a business may be required to pay as a result of the breach.

It’s important to remember that it is cheaper to prevent a data breach by securing data than it is to lose that data from a breach. A data breach insurance policy can give you peace of mind and allow you to allocate resources to help keep data secure.

What do Target, Nieman Marcus and Apple have in common? All these companies were victims of a data breach in 2013, totaling millions of stolen records that include personal information such as Social Security numbers, credit card numbers and bank account numbers.

If your company handles critical assets such as customers’ personal data, intellectual property or proprietary corporate data, you are at risk of a data breach. It doesn’t matter if you are a Fortune 500 company or a small “ma and pa” shop—cyber thieves are always looking for their next score. It is often assumed that smaller businesses can escape attention from cyber crooks, but according to Verizon Communication’s 2013 Data Breach Investigations Report, 31 percent of data breaches were at companies with 100 or fewer employees. No company of any size is completely safe from a data breach.


technologybottom

Authentication Systems


        Handling E-Commerce Risks

technology2top

To avoid chargebacks, it is up to the e-commerce merchant to apply the right tools and controls to verify the cardholder’s identity and the validity of the transaction. When used efficiently, these systems can reduce fraudulent transactions and the potential for customer disputes.

     • Address Verification Service checks a credit card holder’s billing
     address with the issuer, providing merchants with an indicator
     of the validity of the transaction.

     • Card Verification Value numbers are printed on the back of credit
     cards and can help ensure that the customer is in possession of
     a genuine card.

     • Fraud Screening examines transactions and calculates the level of
     risk associated with each transaction, providing merchants with
     risk scores.

Selling your goods online can enhance customer relationships, attract new customers and increase sales revenue. However, if you are considering expanding your business online, it is important to understand what is required to maximize information security and minimize credit card payment risks. E-commerce sites that have little or no fraud controls in place can experience a chargeback rate of 10 percent or more. It is important to understand the basics of credit fraud before opening up for business online.

technlogy2bottom

Industries at Greatest Risk of Search Engine Risks


        Search Engine Risks

technology2top

According to the DOJ, industries considered a part of critical infrastructure businesses account for a disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about Internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time. These industries include:

     • Agriculture

     • Chemical and drug manufacturing

     • Computer system design

     • Finance

     • Health care

     • Internet service providers

     • Petroleum mining and manufacturing

     • Publications/broadcasting

     • Real estate

     • Telecommunications

     • Transportation and pipelines

     • Utilities

It’s no secret that your technology company depends on the capabilities of your computer systems to function. So you should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cybercrime, including cyber attacks, cyber theft and other computer security incidents. According a 2013 survey of more than 800 small businessowners by the National Small Business Association, the average cost of a single cyber attack was nearly $9,000. Your business is at stake, meaning you should do everything you can to protect yourself.

technlogy2bottom

Take Precautions to Protect Your Business from Search Engine Risks


        Search Engine Risks

technology2top

There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by:

     • Enacting a stricter Internet use policy

     • Putting more strict website blockers or filters in place

     • Educating employees about the hazards that risky search engine
     exploration can present

Some of these solutions may cost you in the short run, but lowering your risk will ultimately save your company dollars in potential identity fraud, monetary cyber theft or informational cyber theft if you look long term.

It’s no secret that your technology company depends on the capabilities of your computer systems to function. So you should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cybercrime, including cyber attacks, cyber theft and other computer security incidents. According a 2013 survey of more than 800 small businessowners by the National Small Business Association, the average cost of a single cyber attack was nearly $9,000. Your business is at stake, meaning you should do everything you can to protect yourself.

technlogy2bottom

The Web’s Most Dangerous Search Terms


        Search Engine Risks

technology2top

A 2009 study by McAfee, Inc., an Internet security company, exposed the riskiest searches one can perform on common search engines like Google and Yahoo. McAfee searched 2,658 popular keywords and phrases across 413,368 URLs to analyze the risk percentage of certain terms. Note that McAfee defines risk percentage as the maximum percentage of “risky” sites a user could encounter on a single page of results, where “risky” means red-flagged for viruses, malware and other damaging items. Here are some notable findings:

     • The study deemed the search term “screensavers” as the most
     dangerous keyword to use in public search engines, because it
     returned a maximum risk of about 59 percent.

     • Entering the word “lyrics” in any phrase in a public search
     engine returns one risky site for every two search results.

     • Any employee who clicks on a search engine result that contains the word
     “free” has nearly a 22 percent chance of infecting your company’s computers
     with threatening material like spyware, spam, adware, viruses or other malware.

     • The least risky search terms are health-related topics and
     searches about the recent economic downturn—these items have
     only a 0.4 percent maximum risk.

It is essential to remember that the list of dangerous search terms is ever changing. Hackers want to impact the highest amount of people with the least amount of effort, so they aim for the key search terms used most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the Internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the Internet’s most dangerous search terms list and are a high risk for infecting your company’s computers.

It’s no secret that your technology company depends on the capabilities of your computer systems to function. So you should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cybercrime, including cyber attacks, cyber theft and other computer security incidents. According a 2013 survey of more than 800 small businessowners by the National Small Business Association, the average cost of a single cyber attack was nearly $9,000. Your business is at stake, meaning you should do everything you can to protect yourself.

technlogy2bottom

The Risks of Web Searches


        Search Engine Risks

technology2top

As an employer, you should educate your employees about searching certain topics on the Internet because of the risk of coming across websites encrypted with viruses or malware that could be detrimental to your operating systems. Stress that the potential for cybercrime could affect employees individually as well as company-wide. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.

It’s no secret that your technology company depends on the capabilities of your computer systems to function. So you should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cybercrime, including cyber attacks, cyber theft and other computer security incidents. According a 2013 survey of more than 800 small businessowners by the National Small Business Association, the average cost of a single cyber attack was nearly $9,000. Your business is at stake, meaning you should do everything you can to protect yourself.

technlogy2bottom

Possible Exposures Covered by a Typical Cyber Liability Policy


        Cyber Liability Insurance

Technlogytop

Data breaches
Increased government regulations have placed more responsibility on companies to protect clients’ personal information. In the event of a breach, notification of the affected parties is now required by law. This will add to costs that will also include security fixes, identity theft protection for the affected and protection from possible legal action. While companies operating online are at a heightened risk, even companies that don’t transmit personal data over the internet, but still store it in electronic form, could be susceptible to breaches through data lost to unauthorized employee access or hardware theft.

Intellectual property rights
Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.

Damages to a third-party system
If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.

System Failure
A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss. While the physical damages to your system hardware would be covered under you existing business liability policy, data or code loss due to the incident would not be.

Cyber Extortion
Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.

Business Interruption
If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day to day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by ether rerouting traffic to a different site or overloading an organizations server.

As technology becomes increasingly important for successful business operations, the value of a strong Cyber Liability Insurance policy will only continue to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses. In an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, or an ill-advised post on a social media site can be read by hundreds in a matter of minutes, protecting yourself from cyber liability is just as important as some of the more traditional exposures businesses account for in their general commercial liability policies.

technologybottom

12