It’s boom times for hackers. Earlier this year, the bug Heartbleed exploited flaws in Open SSL, the cryptographic tool used to provide security and privacy for apps like email, IM and some VPNs. Target was rocked during the 2013 holiday shopping season when it was discovered that someone installed malware in the retailer’s security and payments system and stole 40 million consumer credit cards numbers. And just this June, we learned that a group linked to the People’s Liberation Army of China may have been hacking into sensitive U.S. defense and European satellite and aerospace industry data since 2007.
Data was undoubtedly more secure back when all you had to worry about was somebody guessing that you’d used your dog’s name for a password. These days, our world is interconnected, intertwined and increasingly vulnerable to hackers. The Internet of Things – a network that hooks up everything from smart phones to toasters – has created welcome mats that invite in third-world scammers, the Russian mafia and the kid across the street. It’s bad enough when personal data is hacked; when it’s business data with confidential client information, it can mean costly lawsuits. Fortunately, the insurance industry saw this coming and responded with data breach coverage. And, no, you don’t need to be a global conglomerate. There are data breach policies designed to protect small businesses from the financial devastation of a malicious hack. Here’s what you need to know.
Patches and Anti-Virus Programs Provide Limited Protection
Do not be lulled by the promised security of patches and off-the-shelf virus protection. They work, but they often fall short, and it’s hard to stay ahead of the bad guys, especially those who may be working within your organization. Jeffrey Roman, writing for HiscoxBroker.com, cites Mike Weber, a vice president at forensic investigation firm Coalfire Labs as believing that despite efforts to eliminate Heartbleed from Internet-facing systems, internal systems are still vulnerable:
“Enterprises are justifying the presence of this vulnerability through ‘exposure’ – since the internal systems can’t be accessed by the Internet at large, the systems are at much lower risk of attack. While that may be mathematically true, those that can do the most damage – the insider threat – are able to exploit these systems for a much more targeted and damaging attack.”
Weber adds compromised servers add to the problem. Unpatched internal systems, he says, can go on to establish an SSL connection outbound to a server that could initiate the heartbeat request and exploit it.
The bottom line? If somebody is hell-bent on hacking into your system, you’re going to need something to protect you from the financial ramifications.
Protecting Your Business from Cyber Hacks
According to an article in The Boston Globe , the threat of cyber hacking has sent US businesses scrambling to buy insurance against data breaches and the expense of dealing them. “One in three companies now has insurance to specifically protect against such losses. Last year, cyber insurance policies sold to retailers, hospitals, banks, and other businesses jumped 20 percent, according to Marsh LLC, a New York insurance brokerage firm that tracks the market.”
Cyber insurance is not a new coverage; it’s actually been around for more than a decade, but is getting a lot more attention now because of high-profile hacks. Policies are typically offered as an optional add-on to a Business Owner’s Policy or General Liability Policy, although some companies also offer separate data breach coverage. You can learn more and get quotes for policies here.
Some of the areas data breach policies cover include:
- Breach of notice costs – covering your legal requirement to inform everyone who may have been affected.
- Response coverage – assists with public relations and advertising costs to restore your business reputation.
- Damages and defense costs – covers costs associated with any lawsuits resulting from a breach.
- Service provider breach – provides some protection if your cloud-stored data or other third-party storage is breached.
Do Your Part
You can take steps to safeguard your data, particularly when you’re carrying it around on a laptop. TheHartford.com offers these tips:
- Don’t check your laptop with your luggage.
- Carry your laptop with you at all times in a non-descript case that doesn’t scream “I’m a laptop!”
- Take your laptop with you when you step out of a meeting.
- Never allow anyone to roam around your workplace unescorted.
- If you have to leave your laptop in your car, lock it in the trunk or conceal it. By the way, only give a valet an ignition key.
- If you leave it overnight in the office, lock it a cabinet or secure it to a stationary object with a locking cable.
- Avoid automatic log-ins.
- Consider a laptop theft alarm system.
 Jeffrey Roman, “Heartbleed Bug: What Risks Remain?” http://www.hiscoxbroker.com/hiscox-pro-solutions/cyber-data-risks/
 Deirdre Fernandes, “More firms buying insurance for data breaches: Companies seek added protection,” http://www.bostonglobe.com/business/2014/02/17/more-companies-buying-insurance-against-hackers-and-privacy-breaches/9qYrvlhskcoPEs5b4ch3PP/story.html
 “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data
 “Hackers Tied to China Seen Attacking U.S.-European Industry,” http://www.bloomberg.com/news/2014-06-10/hackers-linked-to-china-seen-attacking-u-s-european-industry.html