Close

(704) 728-7232 info@techassure.com

Tag Archive for: network Risk

by

5 Ways BYOD Policies Can Increase Data Breach Vulnerability

If you are responsible for managing risks in your organization, you know that any unforeseen incident can endanger the assets and earning capacity of a business. While it’s clearly important to have a solid insurance program in place, having a comprehensive risk control plan in place is equally important.

As the concept of Bring Your Device (BYOD) enjoys growing popularity amongst businesses, many employees are celebrating their newfound freedom of accessing data on the go beyond the confines of the cubicle. By using the BYOD concept, companies are enjoying reduced costs in the form of decreased expensive hardware configurations and are seeing the benefits of having a growing mobile workforce. However, what these firms did not anticipate was the growing possibility of data security breaches.

Hackers can breach company networks using linked applications, such as a company’s email account to access, extract and erase sensitive data. By accessing social media and personal email accounts, hackers easily obtain the information they need to wreak havoc.

In addition to securing a solid corporate insurance program for your organization, there are five things your company can do to overcome these security risks with BYOD. Jeff Stark, CPA, describes the following measures to help prevent a data security nightmare.

Identification of weaknesses and risk assessments. Sensitive data can’t be protected if it is not identified. As a result, Stark recommends that you begin by educating users on which data is confidential. It’s also important to follow up with assessments of your firm’s physical and network security. The rule of thumb is that if there is easy remote access to data storage sites from mobile devices, then effective network security is not sufficient. One measure is to ensure a password policy consisting of minimum character lengths, special characters, and changes to the password on a regular basis. Remember to have your IT department insist that employees not write down their frequently changing passwords and leave them in plain site in their workspace.

Establish levels of access. General users should not be granted access to the same areas that administrators and other higher end IT personnel have. Stark recommends that these “super-users” access a separate rights account or role for network management.

Use firewalls and encryption. Firewalls prevent unauthorized access to begin with and are a basic requirement. Network encryption adds a second layer of protection to prevent the wrong parties from accessing sensitive data.

Use offsite backup systems. Catastrophic data losses occur when in-house equipment fails or is breached. Whether it is cloud-based and/or physically located offsite, data is more adequately protected from many types of disasters as well as physical security breaches and damages.

Periodic auditing. Just because you have established data security measures, it doesn’t mean that you can now rest and let your guard down. You must carry out periodic risk assessments because of ongoing changes and upgrades in software and hardware which may change access capabilities. Stark recommends that you conduct audits at least once a year or whenever you make major change to the network.

While the BYOD concept has saved costs and facilitated a mobile workforce, it has also created a whole new set of security issues that you must address. As your organization assesses risks and establishes a solid insurance program, consider taking steps to prevent catastrophic data losses through breaches that can occur easily without a BYOD policy.

The members of TechAssure Association assist companies with insurance and risk management solutions that are unique to the technology sector. For more information on cyberliability insurance and other services, please give us a call.

by

The Importance of Protecting Your Firm with a Solid Network Risk Program

In a world of constantly advancing technology, more of our information is stored online than ever before. With greater amounts of important data being put into cyberspace, a need to protect this information is increasingly relevant. Protecting your capital with cyberliability coverage has never been easier.

The members of TechAssure can help you structure an insurance and risk management program that can save your assets and reputation when a technological error occurs. Being protected from liabilities relating to processes run by computers and other technology sources is especially important in the tech and life sciences industries. So what types of instances may require the need for network risk?

A simple but common problem in the technology industry occurs with the loss of customer data. This can happen for a variety of reasons, from the company accidentally deleting the information to the installation of defective or virus-laden software. No matter what the cause, the customer is never happy to lose their saved information. Having a solid risk management plan can help restore the relationship between you and the client and ensure a future relationship with them. It also can convey trust while building your client base and raising rounds of finance.

Taking steps to develop a solid insurance and risk management plan around your cyberliability exposures is an intelligent investment for your company. Contact us to learn more about the cyberliability insurance products and risk management services offered by the TechAssure members.

by

Beef Up Computer Security with These No-Cost Tips

Your business survives on its data. Information about your customers, products in development, budgets, and employees must remain confidential and secure if you want your company to prosper. Protecting against viruses, corporate espionage, hackers, and malware generally requires some spending on software, hardware, and training. However, some basic tips can beef up your security without cost.

Prohibit the use of any password-protected websites on mobile devices in coffee shops, restaurants, and other areas with unsecured networks. This should extend not only to accessing confidential parts of the company website but also to personal email accounts that employees use to conduct business. Hackers can use unsecured networks to break into your computer. They can also use their smartphones to physically record the usercode and password you type in.

In the office, require that any unused mobile devices be locked in a drawer or cabinet. It’s too easy for a company visitor to pick up a smartphone that’s just sitting on a desk in plain view. When not in use, monitors should be turned off either manually or automatically with screen savers. This prevents potentially sensitive data from being left on display.

Hackers can use networked cameras and microphones to look inside your company or listen to private conversations. If possible, turn these devices off or disconnect them from the network when not in use. If they must remain on, such as when built into a laptop or tablet, put a piece of black tape over the lens or microphone.

If you’d like more information on improving security for your company or how we can use out expertise to implement more comprehensive insurance and risk management solution for your network, security and privacy exposures, please contact us.

by

California, are you Ready for More Changes?

Again the California bill, designed to expand data security breach notification law, has cleared the senate. The California state Senate passed SB46. This bill has been expanded to include a number of additional items. Bill SB46 expands the triggers to include passwords, user names, security questions and answers and more. The additional list of triggers expands the responsibilities that a firm has on their reporting requirements.

As this bill makes its way to the Assembly for review, California firms will need to review their new requirements, processes and procedures for managing their risks.

A TechAssure member can help you better understand your network, security and privacy risks.

by

Are You Ready for Canada Privacy Reform?

Coming to Canada soon! Are you ready? Canada’s Federal Privacy Commissioner has released a roadmap for getting Canada’s federal private-sector law ready for the future.

Big Data and changes in the privacy world have made it important to get Canada in a more current state.

Canada’s Federal Privacy Commissioner is calling for measures that are strong enough to ensure organizations invest appropriately in privacy, require organizations to report breaches, increase transparency, hold firms accountable and create legislation that evolves to keep up with the changing laws.

If you need assistance in better understanding your network, security and privacy risks, please contact our TechAssure member in Canada.

by

Examples of Network Risk Exposures Help Firms Identify Need for Assistance

January 4, 2013 – In general, Network Risk Insurance protects your com­pany from risk and liabilities associated with processes and commerce through computer networks.

There are many examples of network risk exposures to companies, but the following are a few examples of areas where a firm may be exposed.

Example of First Party Exposures:

First Party: A hacker attacked and brought down your mission critical servers.

Examples of Third Party Exposures:

Third Party: If the hacker causes damages to a third-party for whatever reason, and that party sues your business, your network risk policy should cover these losses and provide for a defense.

Third party exposures also include internet, media, internet E&O, breach of security, release of virus and contracted disputes.

TehAssure member’s offers comprehensive coverage against first party exposures and third party claims including business interruption, cyber extortion, damage to intangible property, and public relations. Talk to your TechAssure member about:

  • Coverage for claims alleging negligence in the provision of internet services.
  • Coverage for liability associated with a failure or network security.
  • Coverage for liability associated with dissemination of electronic content.
  • Coverage for Business Interruption due to certain non-physical perils.
  • Coverage for damage to one’s own intangible assets (e.g. code, data, etc.).
  • May be endorsed to cover Miscellaneous E&O

Every firm has different risks and exposures. Contact a TechAssure member today.

Follow us on Twitter at: http://www.twitter.com/techassure