Cyber security threats to medical offices, health care organizations and patient safety are real. Health information technology, which provides critical life-saving functions, consists of connected, networked systems and leverages wireless technologies, leaving such systems more vulnerable to cyber-attack. Recent highly publicized ransomware attacks on hospitals, for example, necessitated diverting patients to other hospitals and led to an inability to access patient records to continue care delivery. These cyber-attacks expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data. From small, independent practitioners to large, university hospital environments, cyber-attacks on health care records, IT systems, and medical devices have infected even the most hardened systems.
Medical Offices and Health Care Organizations Need To Make Cyber Security a Priority
Given the increasingly sophisticated and widespread nature of cyber-attacks, the health care industry must make cyber security a priority and make the investments needed to protect its patients. Like combating a deadly virus, cyber security requires mobilization and coordination of resources across myriad public and private stakeholders, including hospitals, IT vendors, medical device manufacturers, and governments (state, local, tribal, territorial, and federal) to mitigate the risks and minimize the impacts of a cyber-attack. The U.S. Department of Health and Human Services (HHS) and the Health Care and Public Health (HPH, Health Sector, Health Care Industry) sector are working together to address these challenges. Cyber security threats to medical offices happen more often then you think.
Biggest Cyber Security Threats To Medical Offices and Health Care Organizations
Being aware of cyber security threats to medical offices can be helpful in the fight against data breaches.
E-mail phishing attacks
Ransomware attacks
Loss or theft of equipment or data
Insider, accidental or intentional data loss
Attacks against connected medical devices that may affect patient safety
Download our Health Industry Cyber Security Practices Guide
This guide reviews:
E-mail protection systems
Endpoint protection systems
Access management
Data protection and loss prevention
Asset management
Network management
Vulnerability management
Incident response
Medical device security
Cyber security policies
The entire publication considers the recommendations made by HHS divisions including, but not limited to, the Assistant Secretary for Legislation, the Assistant Secretary for Public Affairs, the Assistant Secretary for Preparedness and Response, the Centers for Medicare and Medicaid Services, the Food and Drug Administration, the Office for Civil Rights, the Office of the Chief Information Officer, the Office of the General Counsel, the Office of the Inspector General, and the Office of the National Coordinator for Health Information Technology, as well as guidelines and practices from DHS and NIST
Why Should You Worry About Cyber Security and Take Action Now?
Health care organizations are committed to providing the very best care to their patients. While the thought of risking patient safety to a cyber-attack is terrifying for any health care professional, it can be difficult to justify investments in cyber security when there are pressing opportunities to invest in equipment, materials, training, and personnel, which more visibly relate to patient care. Cyber security threats to medical offices need your attention
According to a study from IBM Security and the Ponemon Institute, the cost of a data breach for health care organizations rose from $380 per breached record in 2017 to $408 per record in 2018.8 Across all industries, health care has the highest cost for data breaches.
Most health care personnel are experts at identifying and eradicating viruses in patients, not computers. Cyber security has expanded the scope of patient wellness to include protecting the technology, networks, and databases that enable uninterrupted and accurate patient care. This includes securing computer systems, protecting data and training personnel to be cyber-vigilant.
Cyber attacks disrupt health care personnel’s ability to provide life-changing and life-saving capabilities.
Can a Cyber Attack Happen To My Medical Office?
It is tempting for those who own a health care practice or are part of a small-to-medium–sized health care organization to think that cyber attacks only affect large hospitals and health care organizations. The reality is that cyber-attacks are indiscriminate and adversely affect healthcare practices of every size and specialization. The IBM X-Force Threat Intelligence Index 2017, a recent study designed to track cyber security incidents around the globe, identified the top-targeted cyber attack industries, stating: “It is worth noting that the health care industry, which fell just outside the top five in terms of records breached, continued to be beleaguered by a high number of incidents. However, attackers focused on smaller targets, resulting in a lower number of leaked records in that industry.”
The “smaller targets” mentioned in the report may include small or medium-sized organizations. Hackers look for targets that require the least time, effort, and money to exploit. Do not make the mistake of thinking that your practice, no matter how small, is not a target for indiscriminate cyber-attacks. Malicious actors will always exist. Whether you are a small-practice physician or the chief information security officer (CISO) of a large health care entity, your job is to make it difficult for these attackers to succeed.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive medical office insurance quote!
We’ve heard it many times, “A cyber attack won’t happen to my business,” thinking that your business is too small, it couldn’t be a target for cyber crime. Fact is, you are exactly who they are looking for. Small businesses are just as likely to get hacked as large businesses, you just don’t hear about it in the news.
The cyber security community has largely concurred that cyber crime damages will cost the world a predicted 6 trillion dollars annually by 2021. That is doubled from 2016 stats. It is also predicted that a business will fall victim to a ransomware attack every 14 seconds in 2019.
Could Your Small Business Recover From an Abrupt Loss of $256,000?
Because that’s how much a single cyber security hack could cost a small business, according to a recent analysis in Tech Republic. In 2017 data breaches cost companies an average of $225 per compromised record.
You can protect your business in a number of ways. Download our extensive Cyber Security Planning Guide to protect your business from cyber threats. We also offer comprehensive Cyber Liability Insurance, this will help with the large cost of a cyber breach or malware attack.
We fall victim to our own thoughts: if we don’t hear about it happening, we assume it isn’t. That’s dangerous thinking for a small business. While large corporations can bounce back from cyber attacks, it’s much more difficult for small businesses to recover.
It’s never been easier to make your own ransomware. There were 4.3 times more ransomware variants in Q1 2017 than in Q1 2016. Remote desktop is the new “in”, 2/3 of ransomware infections were delivered via Remote Desktop Protocol. Another reason why believing a cyber attack won’t happen to my business is simply not realistic.
Example of Cyber Extortion
A company reported the notice of a ransomware attack. The attack was on the company’s servers AND it’s backup servers, which made restoration difficult. The ransomware was a variant of the Mamba strain, which encrypts the entire hard drive, rather than encrypting individual files like most ransomware variants. Because restoration from backsups was not a viable option, it was determined that paying the ransom (20 Bitcoin)would be the quickest way to address the situation. The firm worked with a bitcoin broker to secure the necessary funds and coordinated the exchange with the attacker.
There was no evidence that information had been stolen from the company’s systems before, during or after the attack and therefore, no legal notification obligations were triggered by this incident. Total payout including privacy counsel, forensics and the ransom payment was approximately $300,000.
Don’t Let Your Business Become A Victim of a Cyber Attack
It’s easy to think that a cyber attack won’t happen to my business, but in reality it’s more likely that your business is exactly what cyber criminals are looking for.
The risk of Cyber attack is real! Your GL insurance policy does not cover Cyber breach. If your business relies on computers/network, computerized equipment/machinery; if you take personally identifiable information (PII) such as name, address, credit and debit cards, social security numbers, financial or medical records, driving licenses, date of birth, mother’s maiden name, biometric information (fingerprint), you need Cyber Liability Insurance coverage.
Cyber Liability Insurance Coverage
A Cyber Liability Insurance Policy can cover:
Data Breach response
Ransom payment
Social Engineering, eCrime
Business Interruption/income loss due to Cyber attack
Costs to notify affected individuals of data breach
Data Recovery costs
Data & Network Liability
Regulatory Defense & Penalties
Payment Card Liability
Forensic and legal costs
Public relations and crisis management
Consequential reputational harm
Education and Loss Prevention Tools
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
10 Cyber Security Resolutions to Reduce Your Data Exposures
Cyber security threats and trends can change year over year as technology continues to advance at alarming speeds. As such, it’s critical for organizations to reassess their data protection practices at the start of each new year and make achievable cyber security resolutions to help protect themselves from costly breaches. GDI Insurance Agency, Inc. is here to help protect your business with Cyber Liability Insurance.Call us today 209-634-2929
The following are cyber security resolutions your company can implement to ensure you don’t become the victim of a cyber crime:
Provide
security training—Employees are your first line of defense when it comes to
cyber threats. Even the most robust and expensive data protection solutions can
be compromised should an employee click a malicious link or download fraudulent
software. As such, it’s critical for organizations to thoroughly train
personnel on common cyber threats and how to respond. Employees should understand
the dangers of visiting harmful websites, leaving their devices unattended and
oversharing personal information on social media. Your employees should also know
your cyber security policies and know how to report suspicious activity.
Install
strong anti-virus software and keep it updated—Outside of training your
employees on the dangers of poor cyber security practices, strong anti-virus
software is one of the best ways to protect your data. Organizations should
conduct thorough research to choose software that’s best for their needs. Once
installed, anti-virus programs should be kept up to date.
Instill
safe web browsing practices—Deceptive and malicious websites can easily
infect your network, often leading to more serious cyber attacks. To protect
your organization, employees should be trained on proper web usage and
instructed to only interact with secured websites. For further protection,
companies should consider blocking known threats and potentially malicious
webpages outright.
Create
strong password policies—Ongoing password management can help prevent
unauthorized attackers from compromising your organization’s password-protected
information. Effective password management protects the integrity, availability
and confidentiality of an organization’s passwords. Above all, you’ll want to create
a password policy that specifies all of the organization’s requirements related
to password management. This policy should require employees to change their
password on a regular basis, avoid using the same password for multiple
accounts and use special characters in their password.
Use
multi-factor authentication—While complex passwords can help deter cyber
criminals, they can still be cracked. To further prevent cyber criminals from
gaining access to employee accounts, multi-factor authentication is key.
Multi-factor authentication adds a layer of security that allows companies to
protect against compromised credentials. Through this method, users must
confirm their identity by providing extra information (e.g., a phone number,
unique security code) when attempting to access corporate applications,
networks and servers.
Get
vulnerability assessments—The best way to evaluate your company’s data
exposures is through a vulnerability assessment. Using a system of simulated
attacks and stress tests, vulnerability assessments can help you uncover entry
points into your system. Following these tests, security experts compile their
findings and provide recommendations for improving network and data safety.
Patch
systems regularly and keep them updated—A common way cyber criminals gain
entry into your system is by exploiting software vulnerabilities. To prevent
this, it’s critical that you update applications, operating systems, security
software and firmware on a regular basis.
Back up
your data—In the event that your system is compromised, it’s important to keep
backup files. Failing to do so can result in the loss of critical business or
proprietary data.
Understand
phishing threats and how to respond—In broad terms, phishing is a method
cyber criminals use to gather personal information. In these scams, phishers
send an email or direct users to fraudulent websites, asking victims to provide
sensitive information. These emails and websites are designed to look
legitimate and trick individuals into providing credit card numbers, account
numbers, passwords, usernames or other sensitive information. Phishing is
becoming more sophisticated by the day, and it’s more important than ever to
understand the different types of attacks, how to identify them and preventive
measures you can implement to keep your organization safe. As such, it’s
critical to train employees on common phishing scams and other cyber security
concerns. Provide real-world examples during training to help them better
understand what to look for.
Create an
incident response plan—Most
organizations have some form of data protection in place. While these
protections are critical for minimizing the damages caused by a breach, they
don’t provide clear action steps following an attack. That’s where cyber
incident response plans can help. While cyber security programs help secure an
organization’s digital assets, cyber incident response plans provide clear
steps for companies to follow when a cyber event occurs. Response plans allow
organizations to notify impacted customers and partners quickly and
efficiently, limiting financial and reputational damages.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more. We offer tools like this cyber security resolutions report to help you manage risks within your business.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley, Northern California and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
Getting a new computer, notebook, tablet or other technology for your business or personal life is often necessary to keep up with the times. After purchasing new technology, you may decide to dispose of your old devices. Whether you recycle, give to a family member or employee or donate to a charity, a school or a soldier, you need to protect the information on the devices from exposure. However, removing your information is harder than it seems. Systems are set up to protect us from losing information we need—when we delete a file, we can still get it back. Similarly, others who get your discarded computer or other device can get it back, too. Safely disposing of your electronic devices is a necessity.
You need to take extra steps to remove information from your computer or smart phone before the disposing of your electronic devices. That private data could harm you, your employees or your business if it ends up in the wrong hands. Private data, such as insurance and banking information and account numbers, tax information, Social Security numbers, health information, customer names, addresses and accounts, employee payroll and benefit information and passwords all have value to hackers and thieves, opening the door for identity theft. Your business reputation is at risk, along with customer confidence, and significant financial losses are a very real possibility.
Removing information from computing devices is called “clearing.” The National Institute for Standards and Technology (NIST) states that clearing is “a level of media sanitation that does not allow information to be retrieved by data, disk or file recovery utilities. It must be resistant to keystroke recovery attempts from standard input devices [such as a keyboard or mouse] and from data scavenging tools.”
Techniques for Removing Information
Three ways of removing information from your computing devices before disposing of your electronic devices, from the least effective to most effective, are deleting, overwriting and physically destroying the device holding your information.
Deleting
Deleting information is not effective. It removes pointers to information on your device, but it does not remove the information. This “holding area” essentially protects you from yourself—if you accidentally delete a file, you can easily restore it. However, you may have experienced the panic that results from emptying the trash bin prematurely or having a file seem to disappear on its own. The good news is that even though it may be difficult to locate, the file is probably still somewhere on your machine. The bad news is that even though you think you’ve deleted a file, an attacker or other unauthorized person may be able to retrieve it.
Do not rely on the deletion method you routinely use when working on your device, whether moving a file to the trash or a recycle bin or choosing “delete” from a menu. Even if you “empty” the trash, the information is still there. It can be retrieved.
Overwriting
Overwriting is effective on all computing devices. It puts random data in place of your information, which cannot be retrieved because it has been obliterated. While experts agree on the use of random data, they disagree on how many times you should overwrite to be safe. While some say that one time is enough, others recommend at least three times, followed by “zeroing” the drive (writing all zeroes).
There are software programs and hardware devices available that are designed to erase your hard drive, CD or DVD—but because these programs and devices have varying levels of effectiveness, it is important to carefully investigate your options. When choosing a software program to perform this task, look for the following characteristics:
“Secure Erase” is performed. Secure Erase is a standard in modern hard drives. If you select a program that runs the Secure Erase command, it will erase data by overwriting all areas of the hard drive, even areas that are not being used.
Data is written multiple times. It is important to make sure that not only is the information erased, but new data is written over it. By adding multiple layers of data, the program makes it difficult for an attacker to “peel away” the new layer. Three to seven passes is fairly standard and should be sufficient.
Random data is used. Using random data instead of easily identifiable patterns makes it harder for attackers to determine the pattern and discover the original information underneath.
Zeros are used in the final layer. Regardless of how many times the program overwrites the data, look for programs that use all zeros in the last layer. This adds an additional level of security.
Physical Destruction
Physical destruction is the ultimate way to prevent others from retrieving your information. Of course, you should physically destroy the device only if you do not plan to give it to someone else.
Specialized services will disintegrate, burn, melt or pulverize your computer drive and other devices. If for some reason you do not wish to use a service, it is possible for you to destroy your hard drive by drilling nails or holes into the device yourself or even smashing it with a hammer. Never burn a hard drive, put it in the microwave or pour acid on it.
Some shredders are equipped to destroy flexible devices such as CDs and DVDs. If you smash or shred your device yourself, the pieces must be small enough that your information cannot be reconstructed; 1/125” is ideal. Wrap the CD or DVD in a paper towel when destroying it to limit shrapnel.
Magnetic devices, such tapes, hard drives and floppy disks, can be destroyed by degaussing—exposing them to a very strong magnet. Degaussers can be rented or purchased. Because of the expense, degaussing is more appropriate for businesses than for individuals. It should not be used if someone else will be using the device because degaussing destroys not only the information but also the “firmware” that makes the device run.
Mobile Phone and Tablet Advice
Although the exact steps for clearing all information from your mobile phone or tablet before disposing of your electronic devices are different for each brand and model, the general process is the same:
Remove the memory card if your device has one.
Remove the Subscriber Identity Module (SIM) card.
Under Settings, select Master Reset, Wipe Memory, Erase All Content and Settings (or a similarly worded option). You might need to enter a password you have set, or contact a local store that sells the equipment for assistance with a factory-set password.
Physically destroy the memory card and SIM card, or store them in a safe place. (Memory cards can typically be reused, and SIM cards can be reused in a phone that has the same carrier.)
Ensure that your account has been terminated and/or switched to your new device.
For detailed information about your particular device, you can consult online documentation or the staff at your local store.
Your Cyber Liability Experts
For more information on disposing of your electronic devices and keep your sensitive data safe, contact GDI Insurance Agency, Inc. today 209-634-2929.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
What You Need To Know About The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is the first comprehensive data privacy law in the United States. Beginning Jan. 1, 2020, the CCPA generally grants consumers the right to:
Know what personal information is being collected and sold or disclosed about them, and to whom it is sold or disclosed;
Say no to the sale of their personal information; and
Equal service and price, even if they exercise their privacy rights.
The California Consumer Protection Act applies to most companies that do business with California residents.
The CCPA grants consumers a right to privacy with respect to their personal information.
Effective in 2020, the CCPA will apply to most companies that do business with California residents.
The CCPA directly impacts the types and uses of consumer information that is collected and stored by businesses.
What You Need To Do
The California Consumer Protection Act has major implications for a large number of businesses across the United States. Employers in all states that collect personal information from consumers should determine whether they are subject to the law and, if so, prepare for compliance in 2020. This could mean significant changes to internal systems and processes regarding the collection, sale and disclosure of consumer information.
Overview ofCalifornia Consumer Protection Act
The CCPA grants California residents a general right to privacy and control over their personal information in consumer transactions. Specifically, the law grants consumers in California the following rights:
The right to know what personal information is being collected about them;
The right to know whether their personal information is being sold or disclosed, and to whom;
The right to say no to the sale of their personal information (or, for individuals under age 16, a requirement that the consumer affirmatively consents to the sale of their personal information, known as “the right to opt-in”);
The right to access their personal information; and
The right to equal service and price, even if they exercise their privacy rights.
The California Attorney General will generally enforce the CCPA, and may impose civil fines of up to $7,500 per violation for intentional violations (fines will be less for non-intentional violations). In addition, the CCPA allows California residents to file a lawsuit against a company for any data breaches resulting from the company’s failure to implement reasonable security practices and procedures.
However, companies generally have 30 days from the date the business receives notice of an alleged violation to remedy it, if possible. If a violation is remedied within the 30-day period, fines will not apply.
Affected Entities
The California Consumer Privacy Act applies to all businesses that do business in California, collect personal information of California residents, and determine the purposes and means of processing that information, and that also satisfy one or more of the following thresholds:
Have annual gross revenues in excess of $25,000,000 (as adjusted annually);
Annually buy, receive for commercial purposes, sell or share for commercial purposes the personal information of 50,000 or more California residents, households or devices; or
Derive 50 percent or more of their annual revenues from selling personal information of California residents.
This coverage extends to any entity that controls or is controlled by a business that meets the criteria above.
Definition of Personal Information
Under the California Consumer Privacy Act, “personal information” means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked (directly or indirectly) with a particular consumer or household.
Personal information includes, but is not limited to, the following:
A real name, alias, postal address, unique personal identifier, IP address, email address, account name, Social Security number, driver’s license or state identification card number, passport number or other similar identifiers;
An individual’s signature, physical characteristics or description, telephone number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, or any other financial, medical, or health insurance information;
Commercial information (including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
Biometric information;
Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website, application or advertisement;
Geolocation data;
Audio, electronic, visual, thermal, olfactory, or similar information;
Professional or employment-related information;
Education information;
Inferences drawn from any personal information to create a profile about a consumer reflecting his or her preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
“Personal information” does not include publicly available information (information that is lawfully made available from federal, state or local government records). Information is not “publicly available” if that data is used for a purpose that is not compatible with the purpose for which the data is publicly maintained.
De-identified information is exempt from the CCPA if it cannot reasonably identify, relate to, describe, be capable of being associated with or be linked (directly or indirectly) to a particular consumer.
Action Steps for Employers
Due to its expansive coverage and the large number of companies that do business with California consumers, it is likely that the CCPA will have a significant impact on many businesses across the United States. Before the law takes effect in 2020, employers in all states that collect personal information from consumers should determine whether they are subject to the California Consumer Privacy Act and, if so, prepare for compliance.
This could mean significant changes to internal systems and processes regarding the collection, sale and disclosure of consumer information. Employers should consider enhancing their cyber security strategies prior to 2020, and ensuring that any third party agreements involving consumer data are revised to comply with the California Consumer Privacy Act.
While cyber security is a growing concern for consumers globally, California’s CCPA is the first comprehensive data privacy law in the United States. As a result, it is likely that other states may implement similar legislation in an effort to protect consumers in their states. Even if a company isn’t affected by the CCPA, it might benefit the employer to review, and potentially revise, its data privacy practices in preparation for any data privacy laws that may be enacted in the future.
Get Your California Cyber Liability Protection Today
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability insurance coverage grows with it. GDI Insurance Agency, Inc. is here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk.
When you think about what usually causes a business interruption, natural disasters such as fires, earthquakes and floods probably come to mind first. These events can physically damage your property and equipment, making your work space unusable for a time. The damages from Hurricane Florence and Hurricane Harvey are great examples of how a natural disastercan put a halt to a business’ day-to-day operations. Many of those affected businesses remain closed to this day.
While natural disasters are still the main reason for an interruption, another cause is quickly moving up the ranks: cyber attacks. As businesses continue to rely on computers and digital storage of essential data, cyber attacks will continue to be a potential exposure. Read on to learn how a cyber attack could lead to a business interruption and what you can do to mitigate the risk.
How can a cyber attack cause a business interruption?
Hackers, thieves and other unauthorized individuals have become adept at exploiting weaknesses in a business’ computer system, whether through traditional hacking methods or social engineering. There are several types of attacks that could completely cripple your ability to perform normal business activities, including:
Malicious code that renders your website unusable
Distributed denial of service (DDoS) attacks that make your website inaccessible to employees and customers alike
Viruses, worms or other code that deletes critical information on a business’ hard drives and other hardware
It is quite easy to see how any of these events might leave your company scrambling to do business. Unfortunately, many smaller businesses don’t have the manpower available to detect the problem and work on fixing it, which only increases the length of an interruption.
Third-party interruptions can have a major effect on your business
You can still be affected even if it isn’t your business that experiences a cyber attack. Imagine what would happen if one of your vendors suffered an attack, resulting in a complete shutdown of its warehouse or website. Unfortunately, attacks on third parties are often out of your control. Such an event could have a profound effect on how much business you are able to do, and that would trickle down to your customers, who may rely on your products or services.
Ways to prevent a cyber attack from causing a business interruption
A common saying in the cyber security world is, “It’s not if you’ll be a victim of a data breach, but when.” While 100 percent protection is impossible, you can help lower your chance of business interruption due to a cyber attack by following these tips:
Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their functions, the data they store and process and their importance to the organization.
Make sure all firewalls and routers are secure and kept up to date.
Implement a cyber security policy that educates employees about the dangers of computer intrusions and how to prevent them. GDI Insurance Agency, Inc. can help you draft a cyber security policy specifically tailored to your company.
Download and install software updates for your operating systems and applications as they become available.
Implement a strict password policy and have employees change system passwords every 90 days.
Limit employee access to company data and information, and limit authority to install software.
Make sure you are covered by a cyber liability insurance policy.
How Can Cyber Liability Insurance Coverage help?
Most traditional commercial general liability (CGL) policies will not cover business interruption losses due to a cyber event. Luckily, cyber liability insurance coverage can fill that void.
Should your business be unable to perform normal business operations, a cyber liability insurance policy can help pay for expenses related to an interruption. The coverage pays for:
Lost income due to the cyber attacks
Profits that would have been earned had the cyber attacks not occurred
Operating expenses, such as utilities, that must be paid even though business temporarily ceased
Rented or leased equipment
Cyber liability insurance coverage also helps protect your business from the following events:
Data breaches, including costs for customer notification, some legal costs and credit monitoring for those affected
Damages to third-party systems, if, for example, an infected email from your servers crashes the system of a customer or vendor
Data or code loss due to a natural disaster or malicious activity. Physical destruction of equipment is covered under a different policy.
Cyber extortion, including ransomware, which is malicious code installed into a computer on your network that prevents you from accessing it until a ransom is paid
Even though business interruptions due to cyber attacks are relatively uncommon, being unprepared for one could prohibit you from doing business as usual. Contact GDI Insurance Agency, Inc. today to find out how we can help you avoid a business interruption.
California’s Leader in Insurance and Risk Management
As one of the fastest growing agencies in California, GDI Insurance Agency, Inc. is able to provide its clients with the latest and greatest of what the insurance industry has to offer and much, much more.
We are headquartered in Turlock, CA, with locations across the heart of California’s Central Valley and beyond to provide a local feel to the solutions and services we provide our clients. We pride ourselves on exceeding our client’s expectations in every interaction to make sure that our client’s know how much we value and appreciate their business. Contact us today 1-209-634-2929 for your comprehensive cyber liability insurance quote!
We use cookies to optimize our website and our service.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
