Cyber-attacks are a real threat to most small businesses.
Many businesses think- “I don’t keep my customers personal data, so I’m not at risk of a cyber attack.”. That isn’t completely true. If you do collect any personal information for any reason, including employee data or prospect information or more you may be at risk. Many assume that because they are using a third party software product that they aren’t responsible. This also isn’t true. Anytime you collect any type of personal information, you could be putting yourself at risk.
Cyber attacks aren’t always done by someone in a foreign country looking for information from big stores. More than 50% of attacks are on small businesses.
This happens a wide variety of ways. For instance, did you know email is the most popular method to get data? They often use legitimate login information. One common ploy is that someone will pretend to be your “support” personnel and ask unsuspecting employees to give login information. Another common problem is when laptops are lost or hacked. Another common situation is when an employee is working remotely using public wifi. Furthermore, the “bad guys” are still finding success with phishing schemes. Some claims have come from instances where a disgruntled rogue employee steals names, addresses, social security numbers and other personal information from customer files.
Some other real world examples include:
A manufacturer nearly transferred $315,000 to China based solely on an email request to pay for raw materials that appeared to be legitimate.
A man sent an email to his ex-girlfriend hoping to monitor what she did on her computer. She opened the email on her work computer, and over the course of two weeks, the spyware emailed the man more than 1,000 screenshots of confidential data on 150 customers.
If any of these things happen to you, finding and remedying the issue can be very costly and slow. There are very specific steps you likely have to take. For instance, at least 47 States require notification of breach to customers. This has to happen a certain way and at an expense to your organization. Furthermore, if you have a breach or loss, everything stops in your business until you address the situation. This may require forensic experts, steep legal fees and more. The expense of resolving this can be in the hundreds of thousands of dollars or more.
How do you minimize these risks? Your traditional business insurance doesn’t typically cover this type of situation. Fortunately, there are now additional insurance solutions available to help not only cover the cost of paying to notify all clients, hiring forensic experts, data restoration expenses and other required legal steps, but the insurance companies often have a team of experts to help you address the required steps and get your business running again even more quickly. Check with your insurance agent to see where your most likely risk are and what products can best protect you in the event of a cyber-attack.
Have more questions on Cyber risk? Need help with commercial insurance? We’d love to help. We can be reached at www.keslarinsurance.com or 603-273-0953. Keslar Insurance Agency is an independent insurance agency offering business, home, auto and life insurance in NH and in ME.