Cyber Liability: Mitigating BYOD and E-discovery Risks

/in , ,

The prevalence of employee-owned smartphones and other devices in workplaces across the country has grown considerably in the last few years and shows no sign of stopping. A recent study by Bitglass found that 85% of organizations surveyed allowed their employees to use their personal devices for work functions. If it wasn’t obvious already, the “bring your own device” (BYOD) era is here to stay. While there are numerous benefits of implementing a BYOD policy at your workplace, it can be problematic from an e-discovery standpoint, should your company enter litigation.


E-discovery Basics
Electronically stored information, or ESI, can be subject to discovery, which means it can be requested as evidence in court cases. ESI is a category of discoverable information separate from print documents, and includes both structured and unstructured data such as emails, instant message logs, Word® documents, PowerPoint® presentations and scanned documents.

In litigation, e-discovery is the process of identifying, collecting, preserving, reviewing and producing relevant electronic data or documents as evidence. Determining which ESI is relevant is not simple due to the lack of precedence and established standards; however, it is important to be able to quickly access the right ESI. While failing to produce all required ESI can be considered negligence, handing over too much data could mean disclosing privileged competitive information and jeopardizing corporate strategy or product plans.


BYOD’s Skyrocketing Popularity
Allowing employees to use their personal phones, laptops, tablets or other devices for work purposes has quickly become the new norm. Employees enjoy being able to use their own devices for several reasons:


· They can get more work done on their own devices with a more flexible schedule.
· They may prefer the operating systems of their own devices.
· Company-provided devices may lack the functionality that employees desire.
· Bringing personal activities into their work lives can lead to happier employees and more productivity.

Employees aren’t the only satisfied party. Employers can save money by not having to buy company-owned devices for employees to use, including technical support costs associated with diagnosing problems employees may have. In addition, many employers can save on telecommunication costs, as employees are often willing to self-fund their own mobile plans.


BYOD Litigation Risks
Allowing employees to bring their own devices can seem like a pretty good deal for both sides. However, there are inherent risks with the practice, especially from a legal standpoint. Employers must consider the following risks that may hinder the e-discovery process:

· Since you do not own employees’ devices, you do not have total control over the devices and how they’re used.
· There are many different types of data on devices, depending on the operating system, applications used, etc., and
· separating personal data from business data may be difficult.
· Data on devices can be stored in several locations.
· It is difficult to protect data on employees’ devices from harm, including theft and hacking.
· Employers cannot just seize an employee’s device for discovery—they need consent from the employee.


Best Practices for BYOD Policies and the E-discovery Process
If you have a BYOD policy at your workplace, or are planning to implement one, consider the following to ensure it is comprehensive and e-discovery-friendly:


· Have employees sign an agreement that lets them know how e-discovery requests will be handled, should the need arise.
· Consider using Mobile Application Management (MAM), which allows employers to control how applications perform on employee devices. It can control application encryption and even wipe sensitive data off the phone of a former employee.
· Consider purchasing and implementing one of the many applications capable of separating business data and personal data, making it easy for employers to locate discoverable data.
· Mandate that employee devices be configured to save certain information directly to the company servers.
· Create an acceptable use policy that lets employees know how you want them to handle company data on their personal devices.
· Prohibit employees from uploading sensitive company data to any third-party cloud storage system, such as Dropbox, Google Drive or Box.
· Sync data between employee devices and company servers regularly.
· Educate employees on best practices for keeping all data on their devices safe—the devices may contain sensitive company information.
· Mandate that employee devices be password-protected.
· Ensure that your BYOD policy is forthright and outlines the exact process for e-discovery, including a clear chain of custody.
· Ensure your IT and legal teams are on the same page. Your IT team should be able to advise the legal team on exactly what kinds of data are stored on employee devices and the best way to retrieve the data. The legal team, whether employed or contracted, should be familiar with the e-discovery process to advance the procedure as quickly as possible.
· Require compliance with your BYOD policy. In addition, keep the policy flexible to keep up with the ever-changing data landscape.
· Determine how you will handle the data on phones of former employees. Some companies remotely wipe former employees’ devices, but that can bring up questions about the ethics of deleting personal data from a device.
· Carefully decide which employees can use their own devices. BYOD may not be relevant or useful for all employees.
· Consider listing what devices are and are not acceptable. BYOD does not mean employees are free to use whatever device they wish. Employers may not want to offer support for certain devices due to the particular operating system or inherent security issues.
· Always put data security ahead of employee device security. Your company’s data should always be your number one concern.

Contact Competitive Edge Insurance today for more ways to help make sure your BYOD policy properly protects your company’s data.

Why Does My Business Need Cyber Insurance?

/in ,

Did you know, according to Advisorsmith and Insurance Journal, 42% of small businesses have experienced a cyberattack within the past year and 53% have experienced multiple data breaches?

Cyberattacks target personally identifiable information, personal health data as well as confidential financial information and can result in significant and often devastating financial loss for your business. In fact, the National Cyber Security Alliance found that 60% of small businesses that fell victim to a cyberattack were forced to close within six months due to the high financial costs necessary to recover.

Read our full guide on why your business needs cyber insurance, as well as how you can protect your business from these risks below.

What is Cyber Insurance?

Cyber insurance is a coverage policy that helps protect your business and mitigate financial risk in the event of a cyberattack. Retrieving your company data and rebuilding your systems is time-consuming and costly. 

In addition, the loss of time and productivity, when a data breach does occur can damage your credit, damage your reputation with customers, cost you in service providers restructuring your security, and prevent further losses and possible penalties for improper handling of sensitive financial data.

What Does Cyber Insurance Cover?

Coverage can vary depending on the policy, however, cyber insurance generally covers: 

  • Regulatory fines, legal fees, and penalties
  • Credit and fraud monitoring services
  • Crisis management and public relations
  • Finding and addressing the security defect
  • Notifying customers of a data breach
  • Restoring personal identities of affected customers
  • Recovering compromised data
  • Repairing damaged computer systems

What Businesses Need Cyber Insurance?

Every business that uses digital data—such as saving client information to your network or cloud—needs cyber insurance. However, some businesses are more heavily targeted by cybercriminals because of their valuable data and resources, such as:

Financial Services

According to Business Insider, financial firms are 300 times more likely to be targeted than other companies. Wow!

Financial services are specifically targeted because of their access to financial accounts and/or services such as allowing customers to pay bills online, transfer funds, and view account balances.

Financial institutions including the Securities and Exchange Commission, Equifax, HSBC, Lloyds Banking Group, JPMorgan as well as many other firms have all experienced cyber breaches and attacks.

Health Care

Health care organizations are responsible for significant amounts of sensitive information and, as a result, could potentially put the private records of millions of patients at risk. HIPAA Journal reports that 89% of healthcare organizations have experienced a data breach.

Small Businesses and Start-Ups

Small businesses are often targeted by cybercriminals because of their limited resources and lack of security expertise. According to the National Cyber Security Alliance, 83% of small businesses have no formal cyber security plan and 69% have no plan at all.

What Happens to My Business If I Don’t Have Cyber Insurance?

A cyberattack on a business without cyber insurance can result in the loss of hundreds of thousands of dollars between:

  • Various legal fees and fines
  • Recovery of compromised data
  • Damaged computer systems
  • And other necessary costs

According to the Ponemon Institute, the average small business pays $690,000 to recover from a cyber-attack, whereas middle-market companies can pay upward of $1 million.

Due to the devastating financial fallout, many businesses that experience a cyberattack without cyber insurance can’t recover and are forced to permanently close their doors. 

Cyber insurance is a rapidly growing space and constantly evolving to fit the needs of any business. With the right policy, you can protect your business from the high costs and destructive effects of a cyberattack.

To learn more, read on for seven steps to avoid cyber security threats.

Seven Steps to Avoid Cyber Security Threats

/in , ,

Cyber security is more important today than ever before. Many businesses, especially small businesses, are the victims of cyber attacks daily—and the outcome for many is detrimental. In fact, did you know that 60% of small businesses who fall victim to cyber attack close their doors within six months?

The fact of the matter is that cyber threats—whether they be ransomware or phishing—are too grave to ignore the risks. Preparation and prevention are key to keeping your business safe. In this article, we’ll discuss seven steps to avoid cyber security threats.

Train Your Staff

First things first, train your employees. Make the guidelines of your business’s cyber security policy abundantly clear. Apart from training, employees should also be familiarized with and taught how to identify suspicious activity. Lastly, employees should know safe practices for sending and receiving data.

For example, they need to know how not to send excel spreadsheets in an email. Instead, create a zip file or convert the document into a PDF. Why? It is very easy to scrape data from an excel file while in an email.

Train Your IT

Your Information Technology (IT) department should additionally be trained. An IT department, according to Jobs.net, “oversees the installation and maintenance of computer network systems within a company.” They also help businesses maintain their digital infrastructure and provide troubleshooting.

This considered, IT departments need to know what to look for when it comes to cyber security threats.

Regularly Update Software

Firstly, your software should be particularly designed to block ransomware. Secondly, this software should be routinely updated.

To many people’s surprise, cyber attacks often happen when systems and/or software aren’t fully up-to-date, leaving room for weakness. These points of weakness are then exploited by cybercriminals to gain access to your network.

Don’t let it get to this point.

Promote a Security-Focused Culture

Forbes states that “the security culture of an organization is foundational to its ability to protect information, data and employee and customer privacy.”

(“Security culture” being “the ideas, customs and social behaviors of an organization that influence its security”).

According to Maryville University, encouraging a strong security culture within a business might look like:

  • Holding regular training sessions for employees to help them recognize external threats 
  • Teaching employees strategies for minimizing their risk of being hacked

Backup and Encrypt Data

Imagine, your business experiences a cyber attack—and none of your data is backed up. This would result in serious financial loss as well as loss of data, not to mention downtime.

Be sure to back up and encrypt your data instead. We advise you to encrypt:

  • Client and customer information
  • Employee information
  • And all other business data

Minimize Access to Your Systems

When it comes to allowing others access to your data, whether it be passwords, email, or a host of other personal information, some humans can lean a bit too far to the trustworthy side.

Having control over who can access your network is crucial—whether online or in-office. Better safe than sorry!

Invest in Cybersecurity Insurance

Of course, we have to mention the benefit of investing in cyber security insurance.

A cyber liability policy might include:

  • Data Breach Coverage
  • Business Interpretation Loss Reimbursement
  • Cyber Extortion Defense
  • Forensic Support
  • Legal Support
  • Coverage beyond a General Liability Policy

When it comes to cyber risk, there’s nothing worse than being ill-prepared. Read on to learn more about cyber coverage: how necessary is it?

How Small Businesses Fall Victim to Cyber Attacks

/in ,

Cyber attacks are on the rise—and no business, big or small, is immune to the devastating financial loss that a cyber attack can have. So, let’s discuss a few aspects of cyber attacks to look out for, including:

  • What is phishing?
  • Why is it a problem?
  • Why are small businesses targeted?
  • How can your business prevent becoming the victim of a cyber attack?

Let’s dive in.

What is Phishing?

Phishing is an ever-growing concern defined as the “technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.”

According to Brenda Jo Robyn, founder of Competitive Edge Insurance, phishing is “any activity that compromises your organization’s security.”

For more on phishing, read our article: “Why Is Phishing the #1 Thing Killing Small Businesses?

Why is Phishing a Problem?

Let us provide an example of the dangers of phishing.

On February 5, 2021, according to The Pew Charitable Trusts, “a plant operator for the city of about 15,000 on Florida’s west coast saw his cursor being moved around on his computer screen.”

The cursor continued to move, “opening various software functions that control the water being treated [and boosting] the level of sodium hydroxide—or lye—in the water supply to 100 times higher than normal.”

If you didn’t know, the consequences of this breach could have been deadly if not caught immediately, as lye poisoning can result in:

  • Burns
  • Vomiting
  • Severe pain
  • Bleeding

While most cases might not involve the extremes of lye poisoning, this example shows the severity of phishing today. As a result, governments, states, businesses (big or small), and individuals should act accordingly to strengthen their cybersecurity efforts.

Why Do Data Thieves Focus on Small Businesses?

The consequences of a cyber attack on a small business are particularly severe. 60% of small businesses that have been hit by a cyberattack end up shutting down within six months of the attack.

Despite the irreversible aftermath of falling victim to a cyber attack and the fact that 43% of online attacks are now aimed at small businesses, CNBC reports that only 14% are prepared to defend themselves.

Interested in some more statistics?

Cyber attacks are not only extremely expensive to recover from but they also damage your business’s reputation and productivity, and can even be dangerous in the event of personal data being stolen.

This is why it is crucial to protect your small business from cyberattacks. But how can you protect yourself? What can the Florida plant case study teach us?

How Can You Prevent Phishing?

Luckily, there are measures you can take to prevent phishing as a business owner. Let’s discuss some options.

Training

  • Training your employees: To be vigilant; educate them on common phishing traps, email scamming tactics, and how to send data securely (In the Florida case study mentioned earlier, the employee who noticed the breach reported it immediately).
  • Training IT: To know what to look for

Be sure to document your training and review it on a weekly or quarterly basis with employees and staff.

Due Diligence

Ensure your business is conducting thorough, routine cybersecurity due diligence.

According to Security Scorecard, cybersecurity due diligence is “the process of identifying and addressing cyber risks across your network ecosystem.” Doing so provides “insights into potential gaps in network security so that they can be addressed before they are exploited by cybercriminals.”

For those who are interested in seeing where their business is in terms of safety, read on to learn how you can measure your company’s cybersecurity risk.

Have a Planned Crisis Response in Place

When it comes to cyber risk, there’s nothing worse than being ill-prepared. Of course, we couldn’t write about cyberattacks without mention of investing in a cyber liability insurance policy for your business.

A cyber liability policy might include:

  • Data Breach Coverage
  • Business Interpretation Loss Reimbursement
  • Cyber Extortion Defense
  • Forensic Support
  • Legal Support
  • Coverage beyond a General Liability Policy

As a small business, you must be prepared—because the consequences can be insurmountable. Interested in learning more about cyber insurance and why you need it? Read on in our article “Why Does My Business Need Cyber Insurance?

Why is Phishing the #1 Thing Killing Small Businesses?

/in , ,

What is phishing? And no, we’re not talking about the activity of catching fish for food or sport. Phishing, spelled with a ‘ph,’ is an ever-growing concern defined as the “technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”

But why is phishing especially harmful to small businesses? Why are they being targeted? We have all the answers and more, thanks to Brenda Jo Robyn, founder of Competitive Edge Insurance.

So, welcome to ‘Why is Phishing the #1 Thing Killing Small Businesses?’ We hope you stick around to learn something new, including how you might protect yourself as a small business owner.

What is Phishing?

Today, phishing can come in a variety of forms. According to Brenda Jo, phishing is “any activity that compromises your organization’s security… It can come in the way of an email or a text or an application.” These applications that retrieve your data can be on your computer, phone, even your iPad. Scammers target you and ask questions to get your information in really creative ways.

An Example of Phishing

Let’s say you receive an email that you’ve been expecting from Bank of America. Why not just ignore it? Well, because…

“It looks like you really should open it. [After all,] it’s a secure document for the bank you’ve been working with lately,” says Brenda Jo. The culprits know you’ve been waiting for this specific type of document to arrive in your inbox because they’ve been screening your emails. 

“So, now they have captured that you’re working with this bank and now this bank is sending you a secure document that you need to open… You open it out of their Google docs, and all of a sudden, bam, you got a worm or a virus on your computer,” says Brenda Jo.

“That’s going to either start going through all your files and looking for stuff. They’re gonna track your emails or they’re going to track your keystrokes.”

Phishing is huge right now. Brenda Jo continues. “I can’t stress enough how important it is to make sure that your computers and data is secure from others. There are a lot of what are called ‘bad elements’ or ‘bad actors’ out there that are trying to steal your data… Right now data is money. And the more data you have, the more money you can make.”

How Dangerous is Phishing for Small Businesses?

The statistics speak for themselves. Right now, 60% of small companies that have been hit by a cyber attack are closing their doors within six months. The reason? It is very costly to come back from a cyber attack.

Most small businesses don’t have the collateral, backing, or lines of credit to make themselves whole again after an attack of this caliber.

How Can Small Businesses Protect Themselves from Phishing?

Training

Focus on training.

  • Training your employees: (For example, they need to know how not to send excel spreadsheets emails! Instead, create a zip file or convert the document into a PDF. Why? It is very easy to scrape data from an excel file while in an email.)
  • Training IT: They need to know what to look for.

Due Diligence

Due diligence is the bare minimum. Document your training and go over it on a weekly or quarterly basis. Next, ensure your IT systems are multi-layered. This means not only having firewalls on your computers and servers but also helpful, educated IT personnel available.

Develop a Planned Crisis Response

A planned crisis response includes a cyber liability policy. As Brenda Jo says, “one of the things that kills the small business is the lack of PR or response to their clients and/or vendors when a phishing attack occurs and data has been compromised.”

“It’s very expensive to go and let everybody know, ‘Hey, your information was taken and here’s the year’s worth of credit monitoring’”—especially if the data is health-related. 

You might face both federal fines as well as fines from the state government. The costs add up, and that’s where cyber liability comes in to help.

Reach Out to Competitive Edge Today

As you look at your coverage, think of the potential for cybersecurity issues, evaluate your tolerance for risk, and take the time to look at your policies in detail. As experts, we at Competitive Edge can tell you where you are vulnerable and what the risk might cost you. It is then your decision to accept the risk or mitigate it with coverage. You know what we would do.
Interested in learning more about the dangers of ransomware and why the need for cyber liability coverage is increasing? Read on in cyber liability coverage for the new era of ransomware.

Four Types of Insurance Coverage for your Business

/in , , , , ,

There are so many options for insurance that it can be overwhelming to know which research steps to take as a business. At Competitive Edge, we help you navigate what coverage best fits you and your business. 

Health and Wellness 

Niche beauty insurance solutions can miss areas of business insurance that might bridge gaps in the event of falls or other general liability claims. With health and wellness insurance, unique situations are bound to arise depending on your business’s current environment and changes. 

The various Health and Wellness sectors that Competitive Edge caters to include: 

  • Beauty 
  • Spa Owners
  • Hair Salon Owners
  • Nail Salon Owners
  • Fitness
  • Yoga Studio Owners
  • Pilates Studio Owners
  • Dance, BarreFit, and Additional Exercise Studio Owners
  • Martial Arts Studio Owners
  • Health
  • Naturopathy Practices
  • Audiologists
  • Speech and Occupational Therapy Centers
  • Alternative Therapy Centers
  • Acupuncturists

To provide you with the right coverage from the right carrier, we need to know about your business. It’s not enough to put all cosmetology companies in one box, all spas in another, and all beauty product companies in yet another pre-planned box.

Cyber Liability

Cyber liability is a growing industry because of the evident rise in technology, and the hacking that comes with progress.

Does this sound like news to you? Don’t worry—we already wrote an article here for you to read about reducing cybersecurity risk. 

It’s important to understand what might be covered under your cyber insurance policy. 

  • Data Breaches
  • Intellectual Property Rights
  • System Failure
  • Damages to a Third-Party System
  • Cyber Extortion
  • Business Interruption

Traditional business liability insurance likely won’t cover any cyver risks associated with your business. 

Bonding

Surety bonds offer an important secondary level of coverage. 

A surety bond is a contract involving three parties. It is a promise to be liable for the debt, default, or failure of another.  These three parties include:

  • The Principal: The party that purchases the bond and undertakes the obligation to perform the act as promised.
  • The Surety: An insurance company that guarantees the obligation to be performed. If the principal fails to perform the act as promised, the surety has a contractual obligation for the losses.
  • The Obligee: The party who requires and receives the benefit of the surety bond.

There are two categories of surety bonds: contract surety bonds and commercial surety bonds.

Contract surety bonds are typically written for construction projects. If a contractor defaults, the surety company is obligated to find another contractor to complete the contract. Another option for the surety company is to compensate the project owner for the financial loss incurred. There are a few bond types of contract surety bonds.

Contract sureties are required during a federal construction contract valued at $150,000 or more. State and municipal governments have similar regulations. Note that contract sureties may also be used with a private owner.

Commercial surety bonds, on the other hand, cover a broader range of surety bonds. These are required of individuals and businesses by federal, state, and local governments.

These bonds can be required by the government to obtain a license. For example, mortgage brokers, contractors, and auto dealers may be required to obtain a license or permit bond. These bonds can also be required to protect various statutes, regulations, ordinances, and other government entities.

General Business Insurance

General business insurance covers areas such as property damage, bodily injury, product liability, libel, slander, and copyright infringement.

Hindsight is no place for general business insurance conversations as lawsuits are a sad reality for many businesses. Just one bodily injury or property damage claim can take away everything you’ve worked so hard to build. General liability insurance provides businesses with coverage for most damages, injuries, medical costs, legal fees, and settlements in the case that you’re being sued.

Construction Insurance

Shock losses from large claims can make it difficult to get affordable insurance in the high-risk field of construction. If your insurance was canceled or non-renewed, we can help. 

Our depth of experience and exemplary reputation with the carriers we work with can find a home for your hard-to-place and high-risk clients can find the right coverage. The fact is, every business can find coverage, you just have to take the time and know where to look. 

The businesses we work with include: 

  • Roofing
  • Construction
  • Commercial Property
  • Commercial Real Estate
  • General Liability (CGL)

Errors and Omissions Insurance

In the CRE industry, agents are at higher risk of being accused of failing to meet a client’s expectations, failing to document decisions or actions, or failing to act in a customer’s best interest. This could be an error on a title or an oversight in a property listing, which could lead to a costly lawsuit. 

Errors and Omissions (E&O) insurance covers against financial losses from lawsuits filed as a result of an agent’s work in the real estate profession. These policies cover liability related to the following issues:

The client may claim that you made an error that led to financial loss. In a lawsuit regarding professional mistakes, you may be at risk of losing big, considering the size of commercial property transactions.

An example of this is when a real estate agent misstates the square footage of a property. If the agent has Errors and Omissions Insurance, however, they may be covered for attorney’s fees, court costs, settlements, judgments, and fines. 

Potential E&O Exclusions

While it’s important to know what E&O insurance covers, it’s also important to understand potential exclusions. Some common exclusions in E&O coverage include claims resulting from dishonest or criminal acts. As well as claims associated with a polluted property. If any agent causes bodily harm or death to another person, or the agent causes damage to someone’s property, their claims will not be covered under E&O insurance. 

In the CRE industry, it’s more common to face a lawsuit related to errors and omissions so it’s best to be covered before you need it. Roger J. Stewart is an expert in providing coverage for real estate professionals and has helped various CRE investors and agents avoid risk and save money throughout the years.

At Competitive Edge Insurance, we work with insurance carriers across the country to place all types of business coverage. We are always seeking out new insurance companies to write hard-to-place and high-risk business insurance. 

Don’t let cancellation dissuade you from finding comprehensive coverage, we can help! 

Contact us today at Competitive Edge to find out more information.

Your Guide to Reducing Cybersecurity Risk

/in ,

Cyber threats were at an all-time high during 2020. As a large portion of the population transitioned to a work-from-home environment, cyber attackers viewed this new reality as a wonderful opportunity to prey on cyber vulnerabilities. 

According to SonicWall, in 2020, 304.6 million ransomware attacks occurred. As well as 81.9 million crypto hacking attacks, 4.8 trillion intrusion attempts, and 5.6 billion malware attacks. With these statistics in mind, it’s important to start working toward mitigating your cyber risk today. 

Let’s start by understanding what a cybersecurity threat is. 

Cybercriminals target individuals and businesses alike. Cyber hacking ranges in damages– it can be as small as a pesky popup, or as large as malware that destroys your entire organization’s system. Understanding where your business may be at risk is just the beginning. 

As you likely know, data is one of your greatest assets as a business and is becoming increasingly important. Protect your digital assets, and ensure you have the protection needed to ensure the safety of your business and your client’s information. 

Preparing for a cyber attack.

Before an attack

First and foremost, you should put the proper controls in place. These controls may include:

  • Using secure Password-protected networks
  • Avoiding suspicious links
  • Ignoring online requests for private information
  • Password-protecting all devices that connect to the internet
  • Adding variation to your passwords
  • Reporting suspicious activity right when you see it.

You should also ensure your train and inform your employees of the proper protocol to begin mitigating your cyber risk. Employees need to be trained on how to avoid:

  • Email threats: Email is one of the most common ways for hackers to get sensitive information from your employees. Your employees should always verify the sender, never open suspicious attachments, and never click on links if you don’t trust the source. 
  • Spam threats: Ensure your employees know to use their spam filter, flag spam when it appears in your inbox, and know to only give their email to trusted sources.
  • Phishing threats: Employees should know to never offer sensitive information, be aware of potential suspicious links, double-check website addresses, verify who they’re communicating with, and trust their suspicions. 
  • Social Media threats: Employees should be sure to manage their privacy settings on social media, never click on suspicious links that have been shared with them, and think twice before posting and ensure they aren’t sharing information that may be harmful. 

During a cyberattack

In the case that a cyberattack occurs, you need to understand the steps you should take. First and foremost, you must take immediate action. If a problem is found, disconnect your device from the internet and restore your system fully. Lastly, report the incident to your IT Department as soon as possible! 

After a cyberattack occurs

Once you’ve taken the steps listed above, three are a few follow-up steps you should take. 

  • File a report with the local police: Ensure there is a record of the incident.
  • Report to the internet crime-compliant center: Report any identity theft to the Federal Trade Commission.
  • Consider other information: If your personal information was compromised, what else could be at risk? 

Cyber Insurance for Cybersecurity Threats

As you start to consider the potential cyber risks associated with your business, consider investing in Cyber Insurance. It’s important to understand what would be covered under your cyber insurance policy. 

  • Data Breaches
  • Intellectual Property Rights
  • System Failure
  • Damages to a Third-Party System
  • Cyber Extortion
  • Business Interruption

Traditional business liability insurance likely won’t cover the cybersecurity risks associated with your business. 

As cyber threats continue to proliferate, ensure your business remains protected.

How to Measure Your Company’s Cybersecurity Risk

/in ,

With the increase of cyber attacks on the rise, companies every day worry they will become the next victim. According to Cybersecurity Ventures, the number of cyberattacks has nearly doubled since 2019 and quadrupled since 2016 — with a cyberattack incident occurring every 11 seconds in 2021. 

At Competitive Edge, we believe all businesses are vulnerable to cybercrimes, not only large tech corporations. Global cybercrime losses are estimated at $400 billion per year. But not to fret — there are preventative measures your company can take, starting with learning how to measure your company’s cybersecurity risk.

Be Weary of Third-Party Risk

According to a recent study, 59% of companies experience a breach because of a vendor or third party. Although most companies have a variety of security regulations in place, many still fall susceptible to third-party or vendor risk.

The biggest challenge considering third-party risk is gaining real-time data. For example, most companies evaluate third-party risk through an assortment of questionnaires, assessments, or tests. This assortment of data gathering makes it difficult to see beyond just the snippet of information provided, and beyond into the ever-changing terrain of cybersecurity risk.

We recommended evaluating and refreshing what cybersecurity metrics and Key Performance Indicators (KPIs) your company is currently tracking. There are many tools that can help  evaluate third parties’ risk prior to onboarding—but the diligence shouldn’t stop there. Continue to monitor your third parties and vendors even after they’ve onboarded to ensure they are upholding best safety practices. 

Don’t let third-party risk slip through the cracks!

Define your Company’s Strategy for Measuring and Communicating Risk

Data, data, and more data! When it comes to analyzing cybersecurity risk, it can be difficult to know where to focus your efforts. Risk-based reporting, however, is your best bet. Risk-based reporting, “as opposed to comprehensive, compliance-based, or incident-based reporting… is the approach best suited to reducing your organization’s exposure to cyber threats,” according to BitSight.

Risk-based reporting focuses on the big picture—not the small blips—and forces you to use context to deliver reports, delving into data concerning:

  • “Past performance
  • Risk concentration
  • Industry benchmarks
  • Financial quantification
  • Cybersecurity frameworks”

Furthermore, the phrase, “stay in your own lane,” does not apply to companies when measuring cybersecurity risk! In fact, we recommend you look to your competitors to gain further context on your own stance in terms of cybersecurity risk. By measuring your own risk in comparison to similar companies or competitors, you might take more pointed action about where your team’s focus is needed to stay safe.

Make Your Data Digestible

Now, you’ve done all the work, but how can you make it clear and easy to understand? Security ratings are the most widely used and understood language when delving into cybersecurity risk. Ensure that all company team members understand the data and what efforts will be made as a result to combat the risk and why.

Measures You Can Take to Stay Secure

The consequences of poor cybersecurity are catastrophic. Geospatial World says, “The best cybersecurity strategies are ones that are proactive in nature. Being able to respond to and recover from an instance of hacking is important, but stopping the incident before it even starts is what saves your organization more time, money, and pain in the long run.” To avoid these consequences, Competitive Edge recommends you:

  • Keep a tight rein on who has access to company information
  • Conduct employee background checks
  • Create individual accounts for employees
  • Of course, not only to have strict cybersecurity policies, procedures, and practices but to enforce them

Cybersecurity is the type of threat you don’t want to put off dealing with until it’s too late. That’s where we come in! Talk to our experts at Competitive Edge today to measure your company’s cybersecurity risk and see how you can obtain proper coverage. 

Don’t risk it.

Cyber Liability Coverage for the New Era of Ransomware

/in , ,

With cybercrimes on the rise, it’s time to look not only at your practices but also your cyber liability coverage.

Read more

Cyber Coverage—How Necessary Is It?

/in ,

Working Remotely is the ‘New Normal’– How Can Cyber Insurance Help You?

In July, we all saw the ramifications of a well-performed hack. Twitter experienced the most catastrophic security breach in its company’s history. With Elon Musk, Barack Obama, Joe Biden, Bill Gates, and other high-profile Twitter users among the hacked users. This hack caused Twitter to shut down all blue-checked accounts. This breach of security cost Twitter users more than $118,000 and the company more in their reputation in just a few short hours.

With most of business and social interaction moving toward technology-centered avenues, this can be troubling for most business owners. What will your company do if this happens to you? Has the global pandemic and stay-at-home orders made you more vulnerable to potential cyber-attacks? How can you protect yourself and your company? Let’s explore!

Consider Investing in Cyber Insurance 

Cyber insurance covers the expense incurred due to a data breach, virus, or other cyber-attacks and fraud. It can also cover legal claims that come from a security breach. As companies utilize cloud software, personal computers and laptops, and other technology-based means to store their sensitive data, their risk for a security breach becomes exponentially larger.

The Identity Theft Resource Center claims that in 2018 businesses experienced 571 breaches in security, which exposed 415 million employee and customer records. 

When you do experience a breach as a company, federal law requires you to perform an extensive list of to-dos. If you have cyber insurance coverage, your carrier will take that responsibility on.

How has your Business Become More Vulnerable?

As businesses moved to a new work-from-home model, cyberattacks increased. With most company communication done through e-mail, Slack, or other online platforms, the risk of a breach exponentially increases. This could cause a company to experience massive monetary loss and reputation damage. 

What are the signs you may be at risk of experiencing a cyber attack?

  • You are receiving requests for transactions, like direct deposits or electronic fund transfers
  • Unsolicited communications are coming through by unknown companies or people
  • Links within the email do not match; check links by rolling your cursor over the link to see if the two match with the content and the email address.
  • Requests with a high sense of urgency, asking you to complete documentation immediately.
  • Requests for usernames and passwords, or other personal details like banking information.

What can you do to help mitigate this risk?

  • Limit your use of large email attachments and programs that put pressure on your company’s bandwidth ecosystems.
  • Do not forward emails with attachments that contain highly restricted or company confidential information to personal accounts. 
  • Avoid reading, talking about, or leaving confidential information in unsecured work-from-home areas.
  • Log-off of your work device when you’re not using it.
  • Shred sensitive documents.
  • Restart your computer regularly.

These tips along with the added security of cyber insurance should prepare your business for potential cybersecurity breaches. Learn more about how cyber insurance can help your company today. 

LET’S TALK

WANT TO KNOW HOW MUCH YOU COULD BE SAVING ON YOUR INSURANCE COSTS?

WANT TO KNOW HOW MUCH YOU COULD BE SAVING ON YOUR INSURANCE COSTS?

LET’S TALK

Connect With Us

Competitive Edge Insurance

LIC #0H31982

P: 619-259-5459
F: 619-377-0144

830 Orange Ave Suite L Coronado, CA 92118

Privacy Policy

Hours of Operation

Monday – Friday 8:00AM – 5:00PM

Saturday Closed

Sunday Closed

© Copyright 2021- Competitive Edge Insurance

site design by digitalstoryteller.io

© Copyright 2021- Competitive Edge Insurance
site design by digitalstoryteller.io