Cyber Drill Down: Steps for Keeping your Company Safe

by Bethaney Wallace on March 11, 2015

We’ve discussed the costly impacts of a data loss in Where’s Your Data? and began talking about a Cyber Breach Response plan last month. Additionally, future Tips will provide more detail on how to protect your business from problems, hassles, and lawsuits. Once you have identified a risk, the first risk management step is always prevention.

  1. Prevention:

There are two major areas to focus your attention on if you want to prevent the costs and hassle of a data breach: employees and passwords. Most business owners don’t realize the importance of these very fixable flaws.

A recent IT Managers survey surprisingly reported 78% of data loss came from negligent and careless employees who were not following company policies. Personal devices and cloud storage all had significant and negative impacts.

Action

  • Employee policies, training, reminders, and enforcement are where you should start.
  • Brainstorm about how mistakes happen, such as, email auto-fills and other recent hacking attempts employees have seen.
  • Beware of “free” offers and strange emails from “friends.”
  • Discuss personal email received on company computers – this and social media messages are how phishers get into corporate databases.
  • Make sure everyone understands how mistakes can be disastrous.

Weak and shared passwords were the second biggest culprit.

Action

  • Again, employee policies, reminders, and enforcement are needed.
  • Automate that passwords must change every 90 days.
  • Mandate “strong” passwords – use available websites to test strengths.
  • No sharing! Ever!

Additional protection tactics:

Action

  • Regular, automatic software updates.
  • Segregated databases with passwords and encryptions for sensitive data.
  • Regular virus and malware updates, and complete scans.
  • Robust firewalls – both hardware devices and software.
  • Highly protected office Wi-Fi, and policies about use in public areas.
  • Automatic offsite back-ups – real-time/daily/weekly.

Resources =

Call Charles for a no obligation discussion about your concerns and questions.

Print This Post Print This Post

{ 1 comment }

Cyber Breach Response

by Charles T. Wilson on February 4, 2015

We humans have an ingrained “It won’t happen to me” attitude, as well as a head-in-the-sand reaction to things we don’t – or don’t want to – fully understand. It’s part of our nature.

However, there are millions of cyber-incidents every day in the U.S. – yes, millions per day! And any one of them could happen to you. Hackers stole personal information from 110 million accounts in 2014. And it’s not just focused on large government agencies or mega-corporations. Human/employee error was responsible for 96% of successful data breaches – either responding to phishing emails or the free iPad offers, or just sending out sensitive data to the wrong email addresses. And 25% of data breaches are from paper files.

As you can see, no one is exempt.

The costs can be significant – they include:

  • Business downtime, distraction and the cost of ruined hardware and software
  • Reputational damage impacting customer trust and continued shopping
  • Fines and penalties by the FTC and the Department of Health and Human Services (HHS).

An Idaho hospice was fined $50,000 for the loss of less than 500 patient records by HHS’s Office for Civil Rights. They had no policies or procedures for mobile device security (laptops) that contained HIPPA records.

So businesses must consider a data breach as almost inevitable: it will happen to you!

You need a Response Plan

There are five basic steps to create a simple, practical plan

  1. Prevention is always the risk manager’s first step – let’s do everything reasonable to prevent a data breach from happening. This means cyber and data security and employee training.
  2. Recognition of when a breach has been attempted or already occurred is missed by many small and mid-sized organizations.
  3. Notification must be handled quickly to avoid fines, and accurately to minimize costs. You need immediate access to a specialist privacy attorney and competent forensic computer analysis people.
  4. Protection for customers, clients and employees is key to avoiding lawsuits and making victims feel cared for.
  5. Communication must be ongoing after any major incident to close the loop and restore confidence with customers, regulators and employees.

Future RiskSmart Tips will dig deeper into these five steps with more detailed help.

Cost – Benefit

Your Plan doesn’t have to be elaborate, but having these steps mapped out is a proven best practice. There are myriad examples of companies – large and small – who dropped the ball and got themselves in significant financial difficulty.

  • You must respond quickly – to all your audiences: employees, clients, regulators.
  • In a potentially chaotic situation a planned response is one that works.
  • A response plan makes you look organized and professional – not up the proverbial creek without a paddle.

Call or email with questions or for no obligation help getting started.

Print This Post Print This Post

{ 0 comments }

Annual Risk and Protection Checklist

January 5, 2015

This month’s Tip is your reminder to get going with your prevention plans! As you organize your priorities for the New Year, remember to include the following. Below are seven key risk and protection reminders for your checklist. Many of these we know are important, yet they’re often not immediately urgent, so they fall to […]

Read the full article →

Where’s Your Data?

December 10, 2014

In Florida, a healthcare provider was recently charged with a lawsuit in light of a data breach. The results of their case mandated these specific precautions: Security awareness and training programs for all employees Training on laptop use and security Additional security, including GPS tracking, on all laptops New password rules, and full disk encryption […]

Read the full article →

Planning on a Disaster?

November 11, 2014

Humans are wonderful procrastinators. Our knee-jerk defense is, “Well, it won’t happen to me…!” And yet hardly a week goes by without news of businesses and homes destroyed by wildfires, floods, tornados, hurricanes and earthquakes. Prepare for survival We can’t prevent natural disasters, but it’s not hard to prepare for survival. Large-scale losses like these […]

Read the full article →

Stop! You’re Driving Dangerously!

October 8, 2014

Driving is dangerous enough by itself – and with rush hour traffic all day long, tight schedules and all kinds of cars, trucks and motorcycles trying to change lanes in front of you, it’s even worse. The National Safety Council reports that “Highway incidents remain the leading cause of occupational death” – estimated at 35% […]

Read the full article →

Insurance Account Reviews

September 8, 2014

Most clients don’t initially understand all the services their insurance broker can provide. An annual account review is an excellent example and a great learning experience. What’s an Account Review? It’s an opportunity to update your knowledge of insurance exposures and fine-tune your coverages. Pick a date mid-year to your policy expirations – when there’s […]

Read the full article →

How To Train Your Attorney

August 11, 2014

Do I hear a snort?  Or possibly an “Oh, sure?” Does the title sound like How To Train Your Dragon? And when you question an invoice you’ll get your eyebrows singed off? For many reasons, lawyering has evolved. Remember when your family doctor, the local GP, knew and did everything? Today they are all medical […]

Read the full article →

Safety Training and Recordkeeping

July 21, 2014

This is the last of RiskSmart’s Safety Series discussions (see Tips #85-#88 to see the previous posts). These will be consolidated into an e-book shortly and made available to subscribers. Two final elements of any safety plan are training and recordkeeping. These are not afterthoughts, but essential foundations and where the plan must start. Successful Training? […]

Read the full article →

Correcting Safety Hazards

June 17, 2014

We’ve talked about a Safety Plan as a critical foundation to ensuring business survival.  Many businesses round out the culture of Safety by including product and service reliability and quality – or as one client’s work shirts say, “No Excuses.” The previous Tip (#87, Communicating Safety) discussed the best techniques for identifying safety hazards.  Here […]

Read the full article →

Communicating Safety

May 2, 2014

(Part 3 of the Safety Series.  See Tip 85 and Tip 86 for the entire series.) A Safety program is a living, growing, changing system.  If not – if it’s on the shelf – it won’t survive day-to-day problems and priorities.  And everyone will be surprised when the accident does occur.  Everyone except OSHA, that […]

Read the full article →

The First Steps Toward Productivity, Quality and Safety

April 7, 2014

Many business people don’t quickly and easily connect the three areas mentioned in the Tip title.  How often do you see that? In simple terms, Productivity is “on time, on budget” and enhancing the bottom line profits of the firm.  Quality is producing products and services that meet or exceed customer expectations.  And Safety is […]

Read the full article →

Safety and the Bottom Line

March 11, 2014

In the past three to five years I’ve become painfully aware how fundamental safety is to risk management and to business owners’ bottom line. I’ve seen workers’ compensation “experience mod” rates soar with: a couple of nasty – but preventable – worker injuries; a shoulder “strain” that morphed into surgery and 9 months of rehab; […]

Read the full article →

Can You Make Cents of it All? Minimum Wages 2014 and Beyond

February 10, 2014

Federal, State and County laws throughout the US have varying minimum wages and they are changing at a more frequent rate than ever. Some studies indicate an increase will stimulate local economies and put less stress on social services; and yet other groups predict an exodus of businesses from the highest wage areas. While we […]

Read the full article →

2014 Risk and Protection Checklist

January 12, 2014

As you organize your priorities for the New Year, here are 7 key Risk and Protection reminders for your checklist.  Many of these we know are important, yet they’re often not immediately urgent so they fall to the bottom of the pile.  An annual schedule for these updates on your calendar can be effective in […]

Read the full article →

Can Your Business Run Without You?

December 9, 2013

While Charles continues his recovery, RiskSmart Tips would like to thank several colleagues for volunteering to contribute their professional views, particularly in the areas of avoiding, planning for, and managing business risk.  This month’s tip has been authored by Mike Van Horn of The Business Group. Can Your Business Run Without You? If all decisions […]

Read the full article →

Managing Your IT Risk

November 11, 2013

Symantec’s Internet Security Threat Report 2013 lists small businesses as the target of 31% of all cyber attacks in 2012, up from 18% in 2011. “While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by […]

Read the full article →

The Checklist

October 7, 2013

While Charles continues his recovery, RiskSmart Tips would like to thank several colleagues for volunteering to contribute their professional views, particularly in the areas of avoiding, planning for, and managing a crisis.  This month’s tip has been authored by Bart Gragg, founder of Blue Collar University®. Several years ago Charles introduced me to the bestselling […]

Read the full article →

The Extreme Case, and The Consequences

September 10, 2013

My name is Patrick Wilson; I am Charles’ son and am contributing this month’s blog. On July 25, my parents returned from a trip to visit family in New York State and Canada.  The next day was Friday, and my father found himself suffering from flu-like symptoms, including a headache, fatigue, and high fever.  By […]

Read the full article →

Fast Growth Can Be Risky Business

July 8, 2013

Many business people envy the companies that are on the “100 Fastest Growing” lists.  The risk manager says, “Be careful what you wish for.”  Sometimes what looks good from the outside can be a painful problem on the inside. What happens when you grow too fast? Mike Van Horn, President of The Business Group (businessownerstoolbox.com), […]

Read the full article →

The Fastest Way to Improved Productivity

June 11, 2013

What’s the fastest way to improve business productivity?  Lots of organizations struggle to just set basic priorities, get things done on time/on budget, and keep everyone focused and safe on the job.    There’s so much “noise” in today’s business world it’s hard to know who’s on first – with internet orders, marketing key words, employee […]

Read the full article →

Exit Checklist

May 7, 2013

“If you don’t know where you’re going you might wind up someplace else.” ~Yogi Berra Isn’t planning great?  Some folks seem to spend their time writing stuff down and never really doing anything.  While others write what they just did on a To Do list so they can cross it off.  Yogi’s quote above is […]

Read the full article →

Exit Stage Right

April 9, 2013

The last RiskSmart Tip was about Transitions   – the ones you or your business could experience whether you plan for them or not! This Tip will provide an initial Checklist to help you get started on a graceful exit.  It can’t cover everything: it’s intended as a starting point.  Your primary goal is to […]

Read the full article →

Transitions: Good News – Bad News

March 12, 2013

Good news might be when your MD says you’re as strong as a horse and you’ll live at least another 20 years!  The bad news is now you can’t avoid completing the Transition Plan for your business, rather than just slipping out the back door! Planning of any kind is a struggle for many.  Some […]

Read the full article →

Howdy Partner – Friend or Foe

February 12, 2013

I remember what is probably an apocryphal story about the Lone Ranger and his sidekick, Tonto riding over the ridge to face a large band of hostile Indians.  The Lone Ranger says, “I think we’re in some big trouble here, Tonto.”  And Tonto replies, “What you mean ‘we’ Kemosabe?”   Oops – friend or foe? Partnerships […]

Read the full article →

Annual Risk and Protection Checklist

January 8, 2013

What gets us into trouble is not what we don’t know.  It’s what we know for sure that just ain’t so.  ~ Mark Twain As you organize your priorities for the New Year, here are 7 key Risk and Protection reminders for your checklist.  Many of these we know are important , yet they’re often […]

Read the full article →

Disasters – 10 Ways to Be Prepared

December 11, 2012

Quote:  Better to remain silent and be thought a fool than to speak out and remove all doubt.  ~ Abraham Lincoln   Title: Disasters – 10 Ways to Be Prepared   “Disasters” for small and midsize enterprises (SMEs) can arise from many sources and come in all shapes and sizes.  Many studies report that 60% […]

Read the full article →

Annual Insurance Budget Alert

November 27, 2012

Many businesses and not-for-profit organizations want to plan for next year’s revenues and expenses.  For many, insurance premiums can have a major impact and may require adjusted pricing on products and services in 2013. RiskSmart Solutions has polled a number of California brokers for their best estimates and I’m pleased to provide these for your […]

Read the full article →

Annual Cold Weather Alert

November 20, 2012

Winter’s fast approaching – or already here – in many parts of the US.  Even the San Francisco Bay Area may experience some record lows over the next few weeks.  Is your business or home at risk? Consider extra protection for your exterior sprinkler valves, water pipes, faucets and hoses. Sprinkler valves need special jackets […]

Read the full article →

Time Change and Smoke Alarms

November 16, 2012

While many people have hard-wired smoke detectors as part of their home alarm systems, they often supplement that system with battery-powered extra units. Residential smoke alarms need to be on every level and are recommended in every bedroom – especially if doors get closed. Experts say to change your 9-volt batteries at least once a […]

Read the full article →

Saftey and First Aid Equal a Winning Strategy

October 9, 2012

Workers sometimes joke – particularly within earshot of a Safety person – that, “Safety comes third – first there’s lunch, then break!” At least they’re thinking about it! Safety = good investment ~ From a business perspective, safety is a good investment. Every safety professional will tell you it costs $6-10 to fix the accident […]

Read the full article →

Insurance Premium Audits

September 11, 2012

Many business insurance policies are subject to audit by the insurance company.  Initial premiums are calculated from revenue, payroll or other estimates. These estimates can change and, no surprise, the insurer wants more premium! What can go wrong? Revenue and payroll estimates can go up or down. While they’ll want additional premium for “up,” you’ll […]

Read the full article →

Certificates Not Always Certain

August 7, 2012

Certificates of Insurance and Additional Insured (AI) endorsements are usually a “best practice” whenever you hire subcontractors and certain suppliers and vendors.  Many businesses don’t understand the pitfalls of getting this right. Remember that insurance is the other side’s financial back-stop to indemnify you for losses due to their negligence or contractual responsibilities. Certificates and […]

Read the full article →

Advisors You Can Rely On

July 11, 2012

Last month’s Tip discussed the need for risk management in addition to an organization’s insurance broker.  What other “experts” do you depend on?  In today’s economy, with increased outsourcing, the list, and the risks, can be huge. Many businesses need – attorneys with various specialties, CPA/tax advisors and perhaps a bookkeeper, bankers, financial/investment planners, Human […]

Read the full article →

Why You Need a Risk Manager

June 13, 2012

Many mid-size organizations depend on just an insurance broker for their entire Risk Protection Program.  Today’s world is marked by increasing business complexity and insurance coverage restrictions.  Should we be surprised that execs still get blindsided by claims and lawsuits that aren’t covered by their insurance? Typically, larger firms have in-house risk managers for broad, […]

Read the full article →

Difference Between Business Expense and Investment

May 7, 2012

It’s easy in a rough economy to misunderstand the difference between a business expense and an investment.  They both look like the same cash out the door!  Unfortunately, when expense cuts are across the board, the law of unintended consequences can rear its ugly head. Short-sighted ~ I remember my employer, a major insurance organization, […]

Read the full article →

Take Care of Important Business First

March 29, 2012

Here’s a not-so-successful story about Risk Management.  It’s sad, and I wish I could have done more to prevent it. I was working with a start-up client to get a new Employee Benefits Program up and running.  We were in the “final” stages for several months:  there were just a couple basic decisions to make, […]

Read the full article →

Risk Profiles Save Money

March 4, 2012

Do duct tape and plastic sheeting form the cornerstone of your business security and protection plan?  Were things ever that simple?  Here’s the real question:  How do you handle the high costs of insurance premiums? If you take a common-sense approach to risk management, you can significantly reduce your risks, minimize your potential losses and […]

Read the full article →

Warning – Hard Insurance Market Ahead

February 8, 2012

The insurance market has been “soft” for a long time.  Renewals with lower costs now seem normal, and you may have gotten better coverage too, if your broker was paying attention.  Clients and RiskSmart Tips subscribers know this is not a forever thing.  Inside information and preparation can save you a lot of hassle – […]

Read the full article →

2012 Risk Protection Checklist

January 17, 2012

As you organize your priorities for the New Year here are 7 key Risk and Protection reminders for your checklist. Many of these we know are important, yet they’re often not immediately urgent and so they fall to the bottom of the pile. An annual schedule and planning can be effective in avoiding that last […]

Read the full article →