Small businesses face big cyber-risks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.azcentral.com/story/money/business/2014/09/04/small-businesses-face-big-cyber-risks/15106067/

Is your business prepared for the cost, liability and potential business
interruption of a data breach? Your business being hit by ID-theft
criminals is a frightening thought, but one you should consider. Thousands
of small businesses experienced a data breach around the same time as
Target was making headlines, according to a Department of Homeland Security
report published in August.

The report from DHS, in partnership with the Secret Service and others,
said the attacks were pervasive, with ID-theft criminals scanning computer
networks of businesses for vendors or employees who had remote access.
Hackers then were able to run programs to attain usernames and passwords
for network access.

So what is a business cyber-risk, and why should you care? Cyber-risks
include electronic and hard-copy information assets, computer networks,
e-business applications, and a website and Internet presence.
Cybercriminals really want and understand the value of the sensitive
information companies commonly have on customers and employees, and they
could care less about the financial, brand and other disastrous damage they
inflict on the businesses they hit.

When any organization fails to prevent its information from being lost or
stolen – known as a data breach event – that organization can be liable
and/or legally responsible and may be required to send notification letters
to affected individuals and provide them credit bureau monitoring in an
attempt to detect financial ID theft.

Other cyber-risks include intrusions to steal trade secrets and
cyberextortion, when a hacker threatens to steal or release confidential
information unless the business pays the criminal.

What can you do about cyber risks for your organization? Consider
cyberinsurance to help protect your business when you experience a
data-breach event. Cyberinsurance reimburses for expenses such as
notification costs, providing credit bureau monitoring, lost business,
reputation, crisis management and the cost of restoring lost data. It can
also cover accidental employee releases of confidential information or the
commission of an unauthorized act.

Not all cyberinsurance is equal; different policies have different
exclusions. Should you decide to get cyberinsurance, be sure to ask your
broker about the coverage in general and specifically about the following
list of common exclusions:

• Fraud and illegal activity.

• Unlawful collection of personal information.

• Spam or the distribution of unsolicited e-mails.

• Interruption of Internet access.

• Terrorism, as many cyberattacks originate in foreign countries.

• Undetected policy language in the court of law.

In addition, DHS recommends that companies limit the number of vendors with
company network access and require more complex passwords for vendors and
employees.

Small-business owners, please note: Your business is a target, and recent
statistics show that 31 percent of data breaches were organizations with
100 employees or less.

Mark's Most Important: Cyberinsurance may be a good option to help your
business minimize today's cyber-risks. Work with your insurance broker to
determine your cyber-risks and the best coverage for your organization.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!