If you deal with sensitive customer data and information, you may have considered purchasing "cyber insurance." For those unfamiliar with the term, the International Risk Management Institute explains, "Cyber and privacy policies cover a business' liability for a data breach in which the firm's customers' personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to the firm's electronic network."
So is it a good investment? The answer depends upon your risk tolerance level. What you should know, however, is that just having cyber insurance may not get you off the hook if someone compromises your customers' private records. In 2013, for example, Cottage Health Systems in California discovered that hackers had stolen the records of more than 32,000 patients. The healthcare provider was sued for $4.1 million which was dutifully paid by their insurer, Columbia Casualty Company. Now, however, the insurance company is suing Cottage Health to recoup the payout. The problem, as Columbia Casualty sees it, is that their client didn't take proper care to prevent the breach from taking place.
On the one hand, the insurer's position seems reasonable. Insurance shouldn't be a license to act irresponsibly. Yet how would you feel if your auto insurance company failed to pay for a fender-bender because you were eating a breakfast sandwich when it happened? Ultimately the courts will decide where the line is drawn.
In the meantime, you might be interested in what sort of security measures insurance companies expect of their clients. Property Casualty 360, a publication for insurance professionals, suggests six rather common-sense precautions:
- Comply with state and federal regulations such as HIPAA and Gramm-Leach-Bliley (also known as the Financial Modernization Act of 1999) regarding proper care and management of sensitive information.
- Take the necessary steps to secure and protect all your devices, including smartphones and tablets... and educate your employees and contractors in proper use/maintenance of these devices.
- Keep track of all the places that data is stored (i.e. servers, the Cloud, individual laptops, smartphones ... etc.) and make sure each location is secure. (As well, know who has access and what/how much each individual can access.)
- Keep a watchful eye on your network with on-going monitoring in addition to regularly auditing your network for potential security vulnerabilities.
- Be diligent in seeing that everyone follows all company cyber-security policies (such as being sure that passwords are strong and are changed every few months).
- Be aware of vulnerability issues presented by the software packages you use (especially if they manage sensitive information), and if they might open back doors to hacking attempts. This means staying attuned to "ALERT" emails from reputable sources (SynchroNet is a great source for news and alerts you need to know about!).
Whether or not you decide to purchase cyber insurance, you should definitely be taking security precautions such as those listed above. The good news is that you're already on The SynchroNet Way, which means you already have a leg up on keeping your business records and customer information safe from harm. And if you still have any concerns about cyber security, we're always available to review your network for potential trouble spots, address any issues, and help you attain on-going peace of mind.