Should a Small Business Have Cyber Insurance?

I am asked this question almost every week. It is really small business data breach insurance. All the publicity regarding hacked servers in the news media has spooked a lot of people. It seems just about everyone in this day and age uses the internet to promote their business and or products and services. That alone will not require any insurance. But if you are collecting client information and storing it on a PC or server in your office that has a vulnerability issues written all over it.

You might think that most data breaches are caused by hackers or malicious attacks. But more than half of data breaches are caused by system glitches and human error.

  • An employee mistakenly sends a batch of personnel files to the wrong email address.
  • A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system.
  • While on business travel you lose your cell phone, which has sensitive customer information stored in your email’s Inbox.

Data that is maintained in a cloud environment is somewhat safer. You are relying on that vendor to have the correct security. Once again, this should not be taken for grant it. You should be discussing the software you have or are about to invest in with an internet specialist or your IT professional.

Here are some of issues that you must consider if a breach occurs:

  • Breach notification to customers
  • Credit card monitoring services
  • Costs to retain a public relations consultant to help restore your reputation
  • Consulting and forensic fees to identify and resolve the cause of a data breach
  • Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information

You can probably get a get an “add on” to your business liability policy that will cover the above actions.

So my answer to the questions regarding a small business needing Cyber Insurance is most likely “yes” if you fit into the above description. If you are having a vendor handle one of these areas for you, I would discuss their plan of action for stopping problems and if a breach does happen what is their response.

It is only going to get more complicated and your business is going to more involved with data type tools and software.

Jim Mahlmann

COO

NetCetra LLC

The Dark Side of the Internet

I was amazed how many people never heard of the dark side of the internet when asked by a State of NJ Security officer at a recent seminar for small businesses on internet security. Going there is not advised but being aware of it and what it is is imperative. It is interesting to hear what people say or think when you mention this area of the internet. It is not dark but it is pretty scary to see what can be purchased and done there. I am especially talking to parents with kids in high school and beyond. The danger does not seem to disturb them the same way, so surfing around seems OK to them.

All it requires to get there is to go to torproject.org.  It looks innocent enough. According to the home page everyone uses it. It was started by our government a few years ago to help people in suppressed countries view what the rest of the world saw on the internet. The problem is it not only hides those people but it hides terrorists, drug dealers, gun smugglers and pedophiles to name a few. Buying ransom wear to attack some business is a snap. Buy it there for $3 or 4 and you can even get someone, for part of the proceeds, who will set up the product to try and infest whoever you are after. They even have a rating system for every different malware that is offered. Comments about how good the software is, with rating system.

Would like to know where to buy a semiautomatic weapon? Not a problem. How about a great deal on legal and or illegal drugs. Paying too much for a prescription? They have the deals. They showed us one site that sold pot and guns. The main reason they cannot bust these sites very easily is the fact that they are up and then gone in a few days. Shipping is never a problem. Everything is shipped by the regulars like; UPS, Fed Ex and US Mail. Things are just packed in regular consumer boxes. Maybe a few boxes of laundry detergent that contain a broken down weapon are delivered to a person’s door.

We saw one search engine result that had 234 pedophile web sites available.

Dark, no, Scary, yes.

One thing that people use who go on this level of the internet is a flash drive with the programming and bit coin wallet on it. This way it is plugged in and no one knows you are using it. Nothing visible on your computer and they showed us a variety of flash drives that did not look like flash drives. One looked like a chap stick.

The US government started it and continues to support it as well as other countries and individuals. Be alert.

Cyber Security

There are two excellent events happening in the next few weeks that I strongly recommend you attend one of them  or send someone in your office. One wrong move could cost you thousands of dollars and or loss of data as well as the man hours or cost that were put in to develop your work.

1) Cyber Security & Big Data Analytics Symposium  by SBA- $40.00

Friday, March 31, 2017 – William Paterson College, Wayne, NJ 9:30 to 2:30 PM

 

2) Cybersecurity Summit – NJBIA -$129 Member $149 Non-Member

Friday, April 21, 2017 – APA Hotel Woodbridge, NJ 8:30 AM – 1:00 PM

Is your web site under attack?

Of course it is. Most web sites are under attack by many different forms of spiders and bots. You should maintain a good relationship with your provider. Check all your monitor specs either directly or question support to discover if there are any weaknesses. Forms are a favorite target to spam through. Make sure you have a Captura button or some kind of human interaction required.
If you are using a WordPress site, make sure you have one good security plug-in like WP All in One set up and running correctly. ALWAYS update your plugins to the latest versions. Some are for security and some are for better performance.
Always remove email addresses and their mailbox if you have not used them in a while. This is a favorite way for spammers to send tons of spam out and then your good email address will be black listed if it is the same domain name.
Some people will use FTP permissions to make changes. When dormant for too long be sure to remove or make the password very difficult.
These are all the basic things you need to monitor regularly to protect your site, business and reputation as well as your fellow internet users.

Breaches on the Internet Are Very Serious For everyone.

As someone who is a partner is a data center with many different types of server applications as well as email servers, we have continual added more security through various means. A simple example of this is the quality of the passwords now required and the complexity of the “Çaptura” request information form on web sites. And yet with all the news about security breaches, we still get complaints of the increased complexity of using these applications. We sometimes feel that the average person is saying that they will never bother little old me. How wrong can people be. Yes it is not as easy as the old days but that is not due to lack of cutting edge software but because of it.
It is time to wake up and understand it is the same principle as locking your front door and turning on a security system. These are the times we live in.

Heartbleeding Out: Internet Security Bug Even Worse Than First Believed

Warnings from Cisco and Juniper suggest the encryption bug is much more widespread—and potentially catastrophic—than initially thought as the networking companies check the vulnerability of their browsers.

The Heartbleed Internet security bug is shaping up to be worse than researchers first realized, possibly compromising routers and other networking infrastructure for a variety of companies.

Cisco, one of the world’s top networking equipment manufacturers, confirmed Thursday that it’s investigating dozens of its routers and video teleconferencing devices and software for the Heartbleed vulnerability. Juniper Networks, another top networking company, has also alerted clients some of its equipment has been compromised by Heartbleed. A message posted to Juniper’s service website Friday said many of its systems would be offline through Saturday while the company performs maintenance.

The Heartbleed vulnerability takes advantage of a flaw in OpenSSL, a free encryption protocol used by thousands of websites around the world to protect visitors’ sensitive data, such as usernames and passwords. Heartbleed essentially lets hackers get an undetectable look at the data transmitted between a user and a server after it’s been decrypted.

U.S. government pulls out of ICANN ( Domain Name Registration and Rules)

It may not mean much to most people but that is the US organization that controls all the domains of the world. The US being the biggest and most open nation has maintained control of the this organization through a relationship with the Internet Corporation for Assigned Names and Numbers. This is a government agency. This agreement is over in 2015 and the government does not want to continue it. They would like to see a world governing body. I think we all know that the white house is behind this.

This is a very dangerous move that could cause a lot of changes to the internet. It would allow countries like China and Russia to tighten control and slow down and stop some of the openness and freedom we now have.

The end of the contract means the NTIA will not be able to continue to push ICANN to improve its services, as it has in recent years, NetChoice executive director Steve DelBianco said. In addition, ICANN could now “escape its legal presence in the US, despite having many contracts that are adjudicated under U.S. law,” he said.

U.S. Senator John “Jay” Rockefeller, a West Virginia Democrat and chairman of the Senate Commerce, Science and Transportation Committee, called the announcement the “next phase” of a longtime commitment the U.S. government has made toward a global governance model.

Spam

Spam keeps evolving and getting better and better at getting us to click on email links we should never trust.

Look very carefully at any notice from a branded company or bank. They would never use alias emails or send anything that was really important through your email service.

If you are really stumped then call the company to be sure.