Cyber Risk Management Practices

By Remmie Butchko , CIC

Georgetown Insurance Service, Inc.

Silver Spring, MD

As I wrap up my 5-part series on cyber risk and awareness I wanted to conclude by covering one of the most important issues we all face in business and in our personal lives, which is managing the risks associated with E-Commerce. E-Commerce can be defined as any commercial transaction which is handled electronically on the internet.

We are not computer experts. We are insurance professionals, but here are some areas where we have seen weaknesses or mistakes in managing Cyber Risks related to E-Commerce.

Do not leave the responsibility of purchasing Cyber Insurance to your IT personnel.  Most business owners we discuss Cyber Risks with defer the matter to their IT staff.   The IT staff always thinks everything is under control, so why purchase insurance? Everything is perfect until it is not. Hackers find new and inventive ways to breach systems all the time, you or your business could be one of the first to be breached with a new hack before patches or solutions are in place.

Assess your exposure to a breach. How many records do you have of Personally Identifiable Information (customers, employees, prospective customers, etc.)? Where is the data and how is it stored? Can it be accessed by laptop computers or mobile devices? The dollar impact of just notification costs can be huge. It is important to assess where you could be hacked, so you can eliminate loopholes and plan accordingly.

Test your own operations.   It might seem mundane, but try to breach yourself. Assess what your employees are doing and how they are handling customer data, passwords, and e-commerce. I’ve heard of businesses cleaning out ex-employee’s offices and finding numerous login ID’s and passwords underneath mousepads, keyboards, or just taped to their desk or monitors, including their own personal data. Using secure password protected lists, password protection programs, and two-step authentication are a few options to explore.

Read your contracts.   Many people think they are not exposed to Cyber Risks because the functions have been outsourced to third party vendors.   The risk transfer in these contracts has become very sophisticated, and you are responsible for more than you think. In particular, be sure to search for “Limitation of Liability” clauses. Discussing contracts with your legal team is also a good business practice.

Watch the paper.   It seems silly to discuss paper management when talking about Cyber Risks, but people still use pen and paper. Are employees documenting Personally Identifiable Information over the phone? Writing down credit card information? Social security numbers? Driver’s license numbers? Names, addresses and email addresses? Unfortunately, in today’s world nothing is secret, but everything needs to be handled as if it were Top Secret. Document shredding services are available and most offer onsite shredding so they are destroyed before leaving your premises.

These are just a few items to take into consideration, and unfortunately in the new world of e-commerce and the risks associated with it, it will probably become more complicated as time marches on. Discuss cyber risk insurance with your agent and make sure you have coverages in place to keep your business protected.

Disclaimer: All data, information, and opinions provided on this article, newsletter, or blog is for informational and educational purposes only. While every caution has been taken to provide readers with the most accurate information and honest analysis, please use individual discretion before making any decisions based on the information in this article, newsletter, or blog. Georgetown Insurance Service, Inc. is not responsible if its readers happen to experience loss, injury, or damage resulting from its display or use. All information is provided on an as-is basis. This article, newsletter, or blog does not represent the thoughts, intentions, plans, or strategies of any specific Insurance Carrier, Georgetown Insurance Service, Inc. partner or affiliate.

Leave a Reply

Your email address will not be published. Required fields are marked *