Blog Archives

Inside Tucson Business Article – Cyber Insurance: A Necessity in the Digital Age

Screen Shot 2016-08-08 at 2.04.01 PM

Linda Drake

Thank you to article author Linda Drake of Trailblazer Advisors and to Inside Tucson Business for allowing us to republish this article on our blog. Client Cyber Crime Insurance is available to all business customers of Grandpoint Bank and its divisions, The Biltmore Bank of Arizona, Bank of Tucson and Regents Bank.

Read the original article here:
http://www.insidetucsonbusiness.com/business_chatter/cyber-insurance-a-necessity-in-the-digital-age/article_3bbe8650-4f93-11e6-a8b2-8baff37c26c2.html↗

Whether you are a business large or small, old or new, the dangers of a cyber breach are lurking. The truth is that all businesses today are digital in one form or another. It is the age of the Internet of Everything! Cloud computing is the basis of almost all transactions and with every touch of the keyboard or data entry, there is an attached risk of a breach. And with that breach, comes the liability that might not just be disruptive to your business; it could be devastating.

The costs of a breach can be enormous. (Imagine losing a major bank transfer or assuming a loss of $10,000 for each cyber-security infraction.) By the way, your attacker can come from the outside or inside, as 70 percent of breaches are initiated by employees or former employees.

So what this thing called cyber insurance? Cyber insurance arose out of the traditional Errors and Omissions (E&O) coverage known to most businesses. Over time coverage was extended to viruses, data corruption to connected client systems, or damage affecting customers. Generally, early adopters were technology-based companies.

More than a decade ago, network security policies expanded to include breaches of confidential information. At that point, the retail segment adopted cyber insurance on a wide scale.

Coverage for any business could be simple or complex. The determining factor is an employer’s decision on degree of acceptable risk. Let’s take the simple first.

The Bank of Tucson, through Grandpoint Insurance Services, now offers cyber insurance coverage for its customers at a nominal cost. The coverage for business accounts protects against losses for funds transfer fraud (when someone impersonates your company for a funds transfer) and cyber deception (when a criminal pretends to be your vendor employee or client and gets you to transfer money to them). Mike Hannley, president of Bank of Tucson, announced the new product in the last month. Mike commented, “Internet criminals do not use guns for illicit gain, but they gladly use your computer and network for paydays!”

Let’s take a look at broader, more complex cyber insurance. That kind of cyber insurance may have several parts:

Network Security: Your network has failed in some form. It could be that someone is trying to shut down your network to in an effort to stop you from conducting business. Or, you’ve just experienced a data breach, some form of extortion, or tapped your system to advance a virus to all of your connected transmissions.

Privacy: Privacy is huge and does not necessarily have to be connected to a system failure. There are many known cases of information of physical records that are not properly disposed of, including human errors (think of a lost laptop with an easily penetrated passcode) or a hard drive with customer records that somehow got into the wrong hands.

Media Liability:  This aspect covers advertising injury claims like copyright, libel and slander. Coverage may extend to offline content as well.

Digging deeper, network security and privacy liability policies covers first and third party liabilities. First party means the direct costs of responding to a breach; third party means it applies when people sue or make claims against you.

First party inclusions: 

Costs of notifying anyone attached to the breach

Loss of profits and business interruption

Legal advice and regulatory obligations

Public relations expenses

Third party inclusions:

Regulatory fines and penalties

Damage and judgments related to the breach

Legal expenses

Costs of responding to regulatory inquiries

According to Jack Clements, CPA at the Clements Agency, “Every company, large or small, should at least consider cyber Insurance. There are so many examples of exposure to loss that it is difficult to list them all; some exposures are unique to certain types of businesses.”

“And don’t forget about controls; they are critical,” Jack continued. “In broad policies, premiums are based upon the quality of your controls. Many companies believe that their controls are so strong, that it can never happen to them. Believe me, it can and it will.”

Another aspect of this discussion is commonly known as “Social Engineering” or “Duping.” This is a scheme where a seemingly legitimate email is sent to you asking for money or confidential information. It happens all the time. Jack added, “In fact, an attempt was made on our office this week. We received a business email from my brother, with whom we do business, asking for a wire transfer. When we called him, we learned that it was completely fraudulent. Had we complied, the transaction would not have been covered by our Cyber Policy, since we willingly sent the money. We would, however, have been covered by the Social Engineering endorsement that we have on our package policy. Just another area to think about.”

Linda Drake is a 25-year, seasoned global entrepreneur, corporate executive, author and Certified Professional & Executive Coach. 

For more information on the Client Cyber Crime Insurance, visit www.grandpointinsurance.com (California Insurance License #0K82434).

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

Cyber security alert … There are only two kinds, which one are you?

cybersecurity-banner

Thank you to article author Linda Drake of Trailblazer Advisors and to Inside Tucson Business for allowing us to republish this article on our blog.

A common meme in the imploding industry of information security is the assertion that there are only two kinds of companies:

Those that have been hacked and those who don’t know they’ve been hacked!

Which one are you?

There are some stunning statistics* that every small and medium-sized business should know that require your attention and action for your protection.

No business or organization can prevent data breaches. A single credit card data breach can cost your business $217 per incident

According to experts, the cost of a company-wide data breach costs a minimum of $10,000

92 percent of companies experiencing a breach did not know it (they were notified by a 3rd party)

75 percent of breaches occur in businesses with less than 100 employees.

Only 25 percent of breaches are IT or hacker-related; this means 75 percent of breach events are related to current/former employees, customers, vendors, contractors and organized crime or social engineering.

Yet, 83 percent of SMB’s do not have a formal cybersecurity plan.

Most importantly, 64 percent of companies with 500 or fewer employees go out of business within a year of being hacked!

If the last statement does not compel you to take action, close your business down now!

The age of the ‘Internet of Everything’ is upon us. Companies need to harness this technology as an asset or potentially endure irreparable harm.  According to Gartner Research, companies incur four times the expense to respond to data breach events than the installation of appropriate security technology to prevent it.  Of course, the actual expense of a breach does not include the correspondent frustration, aggravation and untold embarrassment.

As a business owner you may be asking yourself, am I really at risk?  “Indeed, you really are!” retorted Kathy Delaney Winger, Esq., an attorney who practices in the area of cybersecurity.   “All companies must protect ‘Personally Identifiable Information,’ commonly termed (PII).” PII can be defined as any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”

“The truth is,” stated Kathy, “the definition of information is very broad, as is your obligation to protect it.  For example, even if a business owner hires a third party to perform services that involve the use of PII (such as payroll processors) the business owner may still be at risk if a breach occurs.”

According to Kathy, there are multiple factors that you should consider when thinking about cybersecurity and protecting your business.  “It’s critically important to be aware of the PII that your business is collecting, holding and/or sharing with third parties,” said Kathy.  “Once you’ve made yourself aware of it, you should take steps to protect the information and have a plan as to how you will handle matters (such as complying with your obligation to notify affected parties) in the event of a breach.”  Kathy recommends that business owners work closely with professionals who are knowledgeable in this area, including lawyers and companies that specialize in computer security.  According to Kathy, businesses should also discuss the issue with insurance professionals.  “I recommend that business owners consider purchasing cyber insurance that will protect the company should a breach occur,” said Kathy.  She continued “the statistics cited at the start of this article illustrate that, once a breach occurs, a company’s liability can be extensive.  Thus, business owners are well advised to insure against data breach losses just as they insure against many other kinds of losses.”

According to James Riley, CEO of JNR Networks, the number one technology virus is the user!  Most systems are compromised by users who knowingly or unknowingly create the vulnerability of access to your data.

So what steps should you take to protect your data and your company?

The first, most immediate action is modifying the approach to passwords.  Some IT experts suggest that you should treat passwords like underwear: don’t leave them where people can see them, change them often, do not lend them to others, and make sure they are a good “fit”. Further, the obfuscation of passwords is critical.

“Passwords should not include the obvious,” James suggests.  “Do not use passwords with your kids’ names, spouse, pets or anything that people know about you,” James commented. Passwords should be at least 8 characters that include upper and lower case, numbers and symbols.  The key to a unique and memorable password is the linking and twisting of terms that only have meaning to you.  “Spell words that are jumbled and have no relationship to each other, just to you.”

Beyond the password basics, James added, “All companies need at the very minimum, business grade (BG) antivirus software, BG firewalls, and BG equipment. But, all the best of these tools are nothing without the development of Acceptable Use Policies (AUP) that are established, reinforced and enforced in each company.”

One of our country’s greatest founding fathers had it right—

“By failing to prepare, you are preparing to fail.”

In the 18th century Ben Franklin had no idea that his words would be so applicable in this era coined, “The Third Wave of the Internet,” by AOL’s founder, Steve Case. The SMB bottom-line regarding cybersecurity is a simple message: explore, embrace, manage and, above all, control cyber technology before it controls you.

*Statistics presented by a panel of experts for AZ Tech Council at the recent Tech Junction Conference in Tucson.  Kathy Delaney Winger, Esq. of The Law Offices of Kathy Delaney Winger and James Riley, CEO of JNR Networks were two of the panelists.

Linda Drake is a 25 year, seasoned global entrepreneur, corporate executive, author and Certified Professional & Executive Coach.  As a CEO for CEO’s, Linda founded Trailblazer Advisors to catapult economic growth and leadership skills for business owners and senior management at any stage in the business lifecycle.  She believes that strong business leadership and entrepreneurism are the heart and promise of America. Linda is the President of the International Coaching Federation of Southern Arizona. 

Read the original article here:

http://www.insidetucsonbusiness.com/business_chatter/cyber-security-alert-there-are-only-two-kinds-which-one/article_993e8646-0d61-11e6-a13e-9bf1e63a7270.html↗

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp