5 minute read
Yo u ’ v e B e e n H a c k e d ! A r e Yo u C o v e r e d ?
f e a t u r e
You’ve Been Hacked! Are You Covered?
by Rich Stazzone
Williams & Stazzone Insurance Agency
Cybercriminals are everywhere stealing personal information about you, your business and your customers. It is not a matter of IF but WHEN you will be affected by a Cyber Attack. Since 2015, the number of businesses reporting a breach is on the rise, large business victims have increased 73%, medium business victims have increased 100% and small business victims have increased 200%. Is your organization next? Are you protected? How will you pay for this if you are hit? Our world today is data driven and sensitive information is stored and transferred electronically. Protecting that information is a priority for all organizations.
The most common areas of concern are claims arising from unauthorized access to data containing both personal and business identity information and then determining and notifying those whose information was accessed. These concerns also include computer fraud for loss of money or securities due to fraudulent transfer instructions. Cyber liability does not just come from a computer; there could be a theft of data from an external hard drive, smart phone or tablet. The threats are not always from unknown persons — it could be from an unhappy vendor or employee.
Emerging Cyber concerns are extortion/ransomware and social engineering scams. Ransomware is
Reporting CyberCrime
by the National Cyber Security Alliance
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries. The good news is that federal, state, and local law enforcement authorities are becoming more sophisticated about cybercrime and are devoting more resources to responding to these threats. However, law enforcement needs your help to stop the nefarious behavior of cybercriminals and bring them to justice. Who to ContaCt
• Local law enforcement: Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency (either police department or sheriff’s office) has an obligation to assist you, take a formal report and make referrals to other agencies, when appropriate. Report your situation as soon as you find out about it. Some local agencies have detectives or departments that focus specifically on cybercrime.
• The Internet Crime Compliance Center (IC3): IC3 will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local or international law enforcement or regulatory agency that has jurisdiction over the matter. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center (funded, in part, by the Department of Justice’s Bureau of Justice Assistance) Complaints may be filed online at https:// www.ic3.gov/ .
additional resourCes
• Anti-Phising Working Group (apwg.org) • Financial Fraud Enforcement Taskforce (StopFraud.gov) • U.S. Computer Emergency Readiness Team(us-cert.cisa.gov) • U.S. Postal Inspection Service (uspis.gov) • Texas Attorney General (texasattorneygeneral.gov)
evolving and becoming more advanced with infections up 40% within the past year. Extortion events can have a significant impact on business’ operations and often require payment of ransom to regain access to data and systems. (Editor’s note: See the July 2017, Texas Dealer cover story to read about a Dallas dealer and TIADA Past President who experience the extortion firsthand.)
Now is the time to evaluate the security of your system and procedures to help you fight fraud. Beginning to train employees to recognize and report suspicious emails can help prevent a ransomware event. Most businesses can strengthen controls over privileged access at little cost, by requiring privileged users to use stronger passwords and separate admin accounts and by prohibiting regular users from having local administrative privileges. Also, businesses need to make sure that they are backing up critical network resources, as well as proprietary software and databases that cannot be easily replaced. Finally, it is critically important for businesses to test their backup and recovery capabilities at least once a year, to be sure that the backups will be available when needed the most.
Cyber Risk insurance is now a necessity in our modern-technology driven-electronic communication world. The cost of dealing with a data breach goes beyond repairing databases, strengthening security procedures or replacing lost laptops. Regulations requiring notifications of affected customers also drive-up costs for companies in which a data breach compromises personal or confidential data. Depending on the terms of coverage, a dealer can get a standard milliondollar policy for around $2,000 annually. There are some smaller policies in the market too, even as low as $250,000, but cleaning up a data breach can get expensive in a hurry. It is recommended a dealer purchase a basic policy with a $250,000 limit at an annual cost of $300 annually vs. having no coverage at all.
Different underwriters may use different factors to rate the potential customer, but most underwriters use revenue when measuring the overall risk. $15 million in revenue is the separation line between small and large dealers for some underwriters; the Cyber Risk policies premiums start to increase at that point. To determine the appropriate policy for your dealership you will need to visit with your agent. Traditional business insurance may not be enough to protect companies from cyber-crime. It is important to note there are many coverage options to Cyber Risk insurance to help cover you for the cost associated with getting hacked and also to protect your business against potential liability.
R i c h S t a z z o n e i s a D e a l e r I n s u r a n c e S p e c i a l i s t a t Wi l l i a m s & S t a z z o n e I n s u r a n c e A g e n c y — A P r e f e r r e d B u s i n e s s Pa r t n e r o f T I A DA .
