Protect your business from cyberattacks
Cyberattacks on businesses are increasing and, although it’s the data breaches at corporate giants like Target and Home Depot that make the news, small and medium-size organizations are more frequent victims. In 2014, 60 percent of all targeted attacks struck small and medium-size organizations, according to Symantec. The cost of cyberattacks is high, averaging $217 per record that was subject to theft, misuse or corruption, according to a 2015 Ponemon Institute study.
Overall, 57 percent of organizations responding to a Symantec survey are worried their data is not safe. Yet data security is very important to consumers — 88 percent say this is an important factor when choosing a company to do business with — more important than the quality of the product (86 percent) or the customer service experience (82 percent).*
Safeguard your company’s data
Help keep your firm’s data safe and protect your financial security with these steps:
Carefully consider the types of data you collect and store. By keeping more sensitive information than necessary, you expose your company and its customers to greater risk. After the Target data breach, for example, a New York Times article reported that there was no reason for Target to have stored the four-digit PINs for their customers’ debit cards.
Allocate more resources to preventing, detecting and resolving data breaches. Following the Target data breach in late 2013, 61 percent of respondents in a Ponemon Institute research report indicated that the budget for security increased an average of 34 percent. The most common technology investments are security incident and event management, endpoint security, intrusion detection and prevention, encryption/tokenization and web application firewalls.
Create a response plan. Assemble a response team, which may include legal, marketing, customer service, IT, human resources and corporate communications personnel. The team should assess vulnerabilities, review the types of data that the company stores and identify the groups that could be affected by a data breach.
Develop and enforce security-minded IT policies. Automate regular checks on technical controls, such as server and firewall configurations, password settings and patch management.
Install smart chip card readers and phase out magnetic stripe terminals. Chip cards are more difficult to duplicate, and require customers to enter a secure code before they can be used. If you don’t make the switch before Oct. 1 this year, your business — not Visa, MasterCard or another credit card company — may bear the liability for counterfeit fraud when you accept payment with a magnetic stripe card.
Purchase cyber liability insurance. Most standard commercial insurance policies do not cover many of the cyber risks to which your company may be vulnerable. Coverage of these cyber risks through insurance requires the purchase of a special cyber liability policy. You may need coverage for one or more of the following:
- The costs associated with a breach, such as investigation and remediation of an incident, consumer notification and support, costs of providing credit monitoring services to affected consumers, legal costs and regulatory fines.
- The costs associated with restoring, updating or replacing business assets stored electronically.
- Business interruption and extra expense related to a security breach.
- Liability associated with libel, copyright infringement or reputational damage to others when the allegations involve a business website or social media.
- Expenses related to cyber extortion or cyber terrorism.
Unfortunately, there is no way to guarantee that your business won’t be affected by a cyberattack. But by being proactive with security and protecting your finances with insurance, you may reduce the risk of an attack and/or lessen its consequences.
* Source: Symantec ISTR20 Internet Security Threat Report, April 2015, Volume 20.