Posts

Cyber Liability: Mitigating BYOD and E-discovery Risks

/in , , /by

The prevalence of employee-owned smartphones and other devices in workplaces across the country has grown considerably in the last few years and shows no sign of stopping. A recent study by Bitglass found that 85% of organizations surveyed allowed their employees to use their personal devices for work functions. If it wasn’t obvious already, the “bring your own device” (BYOD) era is here to stay. While there are numerous benefits of implementing a BYOD policy at your workplace, it can be problematic from an e-discovery standpoint, should your company enter litigation.


E-discovery Basics
Electronically stored information, or ESI, can be subject to discovery, which means it can be requested as evidence in court cases. ESI is a category of discoverable information separate from print documents, and includes both structured and unstructured data such as emails, instant message logs, Word® documents, PowerPoint® presentations and scanned documents.

In litigation, e-discovery is the process of identifying, collecting, preserving, reviewing and producing relevant electronic data or documents as evidence. Determining which ESI is relevant is not simple due to the lack of precedence and established standards; however, it is important to be able to quickly access the right ESI. While failing to produce all required ESI can be considered negligence, handing over too much data could mean disclosing privileged competitive information and jeopardizing corporate strategy or product plans.


BYOD’s Skyrocketing Popularity
Allowing employees to use their personal phones, laptops, tablets or other devices for work purposes has quickly become the new norm. Employees enjoy being able to use their own devices for several reasons:


· They can get more work done on their own devices with a more flexible schedule.
· They may prefer the operating systems of their own devices.
· Company-provided devices may lack the functionality that employees desire.
· Bringing personal activities into their work lives can lead to happier employees and more productivity.

Employees aren’t the only satisfied party. Employers can save money by not having to buy company-owned devices for employees to use, including technical support costs associated with diagnosing problems employees may have. In addition, many employers can save on telecommunication costs, as employees are often willing to self-fund their own mobile plans.


BYOD Litigation Risks
Allowing employees to bring their own devices can seem like a pretty good deal for both sides. However, there are inherent risks with the practice, especially from a legal standpoint. Employers must consider the following risks that may hinder the e-discovery process:

· Since you do not own employees’ devices, you do not have total control over the devices and how they’re used.
· There are many different types of data on devices, depending on the operating system, applications used, etc., and
· separating personal data from business data may be difficult.
· Data on devices can be stored in several locations.
· It is difficult to protect data on employees’ devices from harm, including theft and hacking.
· Employers cannot just seize an employee’s device for discovery—they need consent from the employee.


Best Practices for BYOD Policies and the E-discovery Process
If you have a BYOD policy at your workplace, or are planning to implement one, consider the following to ensure it is comprehensive and e-discovery-friendly:


· Have employees sign an agreement that lets them know how e-discovery requests will be handled, should the need arise.
· Consider using Mobile Application Management (MAM), which allows employers to control how applications perform on employee devices. It can control application encryption and even wipe sensitive data off the phone of a former employee.
· Consider purchasing and implementing one of the many applications capable of separating business data and personal data, making it easy for employers to locate discoverable data.
· Mandate that employee devices be configured to save certain information directly to the company servers.
· Create an acceptable use policy that lets employees know how you want them to handle company data on their personal devices.
· Prohibit employees from uploading sensitive company data to any third-party cloud storage system, such as Dropbox, Google Drive or Box.
· Sync data between employee devices and company servers regularly.
· Educate employees on best practices for keeping all data on their devices safe—the devices may contain sensitive company information.
· Mandate that employee devices be password-protected.
· Ensure that your BYOD policy is forthright and outlines the exact process for e-discovery, including a clear chain of custody.
· Ensure your IT and legal teams are on the same page. Your IT team should be able to advise the legal team on exactly what kinds of data are stored on employee devices and the best way to retrieve the data. The legal team, whether employed or contracted, should be familiar with the e-discovery process to advance the procedure as quickly as possible.
· Require compliance with your BYOD policy. In addition, keep the policy flexible to keep up with the ever-changing data landscape.
· Determine how you will handle the data on phones of former employees. Some companies remotely wipe former employees’ devices, but that can bring up questions about the ethics of deleting personal data from a device.
· Carefully decide which employees can use their own devices. BYOD may not be relevant or useful for all employees.
· Consider listing what devices are and are not acceptable. BYOD does not mean employees are free to use whatever device they wish. Employers may not want to offer support for certain devices due to the particular operating system or inherent security issues.
· Always put data security ahead of employee device security. Your company’s data should always be your number one concern.

Contact Competitive Edge Insurance today for more ways to help make sure your BYOD policy properly protects your company’s data.

The Key Differences between General Contractors and Construction Managers

/in , , /by

Hard to place insurance is not impossible to place. 

Although being a General Contractor (GC) and Construction Manager (CM) may sound like the same type of position, the difference is often overlooked in the industry. The difference between positions equates to a difference between the type of construction insurance needed.

General Contractor

A General Contractor “agrees to build the entire project—they’re the party ultimately responsible for the timely and proper performance of the work for a set price.”

The general contractor isn’t doing the manual labor at the job site, but instead managing the subcontractors who do.

In terms of insurance as a general contractor, general liability insurance is the type of high-risk coverage you should be looking toward. With construction coverage, there are specific risks to be made aware of, including: 

  • Canceled or non-renewed insurance coverage
  • Repeated rejection from multiple carriers within a short time period
  • Shock losses
  • The high volume of small claims
  • High risk of property damage, illness, injury, or death

Construction Manager

On the other hand, a Construction Manager, “is a consultant hired by a developer or property owner to manage and oversee the performance of contractors that they’ve hired. The developer, owner, etc. hire each of these contractors directly.”

When you’re a construction manager, the type of insurance that will give you the best coverage is professional liability insurance. 

The main difference between a GC and CM is the legality behind their hiring process, including coverage. The CM is hired, for lack of a better word, as a consultant whereas a GC is given a distinct payment with the job fully in their hands. The construction business needs to be protected with high-risk coverage, and Competitive Edge specialized in construction coverage.

At Competitive Edge Insurance, we work with insurance carriers across the country to place all types of business coverage. We are always seeking out new insurance companies to write hard-to-place and high-risk business insurance.

Don’t let cancellation dissuade you from finding comprehensive coverage. We can help! Learn more by connecting with Competitive Edge Insurance today.

Your Guide to Reducing Cybersecurity Risk

/in , /by

Cyber threats were at an all-time high during 2020. As a large portion of the population transitioned to a work-from-home environment, cyber attackers viewed this new reality as a wonderful opportunity to prey on cyber vulnerabilities. 

According to SonicWall, in 2020, 304.6 million ransomware attacks occurred. As well as 81.9 million crypto hacking attacks, 4.8 trillion intrusion attempts, and 5.6 billion malware attacks. With these statistics in mind, it’s important to start working toward mitigating your cyber risk today. 

Let’s start by understanding what a cybersecurity threat is. 

Cybercriminals target individuals and businesses alike. Cyber hacking ranges in damages– it can be as small as a pesky popup, or as large as malware that destroys your entire organization’s system. Understanding where your business may be at risk is just the beginning. 

As you likely know, data is one of your greatest assets as a business and is becoming increasingly important. Protect your digital assets, and ensure you have the protection needed to ensure the safety of your business and your client’s information. 

Preparing for a cyber attack.

Before an attack

First and foremost, you should put the proper controls in place. These controls may include:

  • Using secure Password-protected networks
  • Avoiding suspicious links
  • Ignoring online requests for private information
  • Password-protecting all devices that connect to the internet
  • Adding variation to your passwords
  • Reporting suspicious activity right when you see it.

You should also ensure your train and inform your employees of the proper protocol to begin mitigating your cyber risk. Employees need to be trained on how to avoid:

  • Email threats: Email is one of the most common ways for hackers to get sensitive information from your employees. Your employees should always verify the sender, never open suspicious attachments, and never click on links if you don’t trust the source. 
  • Spam threats: Ensure your employees know to use their spam filter, flag spam when it appears in your inbox, and know to only give their email to trusted sources.
  • Phishing threats: Employees should know to never offer sensitive information, be aware of potential suspicious links, double-check website addresses, verify who they’re communicating with, and trust their suspicions. 
  • Social Media threats: Employees should be sure to manage their privacy settings on social media, never click on suspicious links that have been shared with them, and think twice before posting and ensure they aren’t sharing information that may be harmful. 

During a cyberattack

In the case that a cyberattack occurs, you need to understand the steps you should take. First and foremost, you must take immediate action. If a problem is found, disconnect your device from the internet and restore your system fully. Lastly, report the incident to your IT Department as soon as possible! 

After a cyberattack occurs

Once you’ve taken the steps listed above, three are a few follow-up steps you should take. 

  • File a report with the local police: Ensure there is a record of the incident.
  • Report to the internet crime-compliant center: Report any identity theft to the Federal Trade Commission.
  • Consider other information: If your personal information was compromised, what else could be at risk? 

Cyber Insurance for Cybersecurity Threats

As you start to consider the potential cyber risks associated with your business, consider investing in Cyber Insurance. It’s important to understand what would be covered under your cyber insurance policy. 

  • Data Breaches
  • Intellectual Property Rights
  • System Failure
  • Damages to a Third-Party System
  • Cyber Extortion
  • Business Interruption

Traditional business liability insurance likely won’t cover the cybersecurity risks associated with your business. 

As cyber threats continue to proliferate, ensure your business remains protected.

How to Measure Your Company’s Cybersecurity Risk

/in , /by

With the increase of cyber attacks on the rise, companies every day worry they will become the next victim. According to Cybersecurity Ventures, the number of cyberattacks has nearly doubled since 2019 and quadrupled since 2016 — with a cyberattack incident occurring every 11 seconds in 2021. 

At Competitive Edge, we believe all businesses are vulnerable to cybercrimes, not only large tech corporations. Global cybercrime losses are estimated at $400 billion per year. But not to fret — there are preventative measures your company can take, starting with learning how to measure your company’s cybersecurity risk.

Be Weary of Third-Party Risk

According to a recent study, 59% of companies experience a breach because of a vendor or third party. Although most companies have a variety of security regulations in place, many still fall susceptible to third-party or vendor risk.

The biggest challenge considering third-party risk is gaining real-time data. For example, most companies evaluate third-party risk through an assortment of questionnaires, assessments, or tests. This assortment of data gathering makes it difficult to see beyond just the snippet of information provided, and beyond into the ever-changing terrain of cybersecurity risk.

We recommended evaluating and refreshing what cybersecurity metrics and Key Performance Indicators (KPIs) your company is currently tracking. There are many tools that can help  evaluate third parties’ risk prior to onboarding—but the diligence shouldn’t stop there. Continue to monitor your third parties and vendors even after they’ve onboarded to ensure they are upholding best safety practices. 

Don’t let third-party risk slip through the cracks!

Define your Company’s Strategy for Measuring and Communicating Risk

Data, data, and more data! When it comes to analyzing cybersecurity risk, it can be difficult to know where to focus your efforts. Risk-based reporting, however, is your best bet. Risk-based reporting, “as opposed to comprehensive, compliance-based, or incident-based reporting… is the approach best suited to reducing your organization’s exposure to cyber threats,” according to BitSight.

Risk-based reporting focuses on the big picture—not the small blips—and forces you to use context to deliver reports, delving into data concerning:

  • “Past performance
  • Risk concentration
  • Industry benchmarks
  • Financial quantification
  • Cybersecurity frameworks”

Furthermore, the phrase, “stay in your own lane,” does not apply to companies when measuring cybersecurity risk! In fact, we recommend you look to your competitors to gain further context on your own stance in terms of cybersecurity risk. By measuring your own risk in comparison to similar companies or competitors, you might take more pointed action about where your team’s focus is needed to stay safe.

Make Your Data Digestible

Now, you’ve done all the work, but how can you make it clear and easy to understand? Security ratings are the most widely used and understood language when delving into cybersecurity risk. Ensure that all company team members understand the data and what efforts will be made as a result to combat the risk and why.

Measures You Can Take to Stay Secure

The consequences of poor cybersecurity are catastrophic. Geospatial World says, “The best cybersecurity strategies are ones that are proactive in nature. Being able to respond to and recover from an instance of hacking is important, but stopping the incident before it even starts is what saves your organization more time, money, and pain in the long run.” To avoid these consequences, Competitive Edge recommends you:

  • Keep a tight rein on who has access to company information
  • Conduct employee background checks
  • Create individual accounts for employees
  • Of course, not only to have strict cybersecurity policies, procedures, and practices but to enforce them

Cybersecurity is the type of threat you don’t want to put off dealing with until it’s too late. That’s where we come in! Talk to our experts at Competitive Edge today to measure your company’s cybersecurity risk and see how you can obtain proper coverage. 

Don’t risk it.

Cyber Liability Coverage for the New Era of Ransomware

/in , , /by

With cybercrimes on the rise, it’s time to look not only at your practices but also your cyber liability coverage.

Read more

LET’S TALK

WANT TO KNOW HOW MUCH YOU COULD BE SAVING ON YOUR INSURANCE COSTS?

WANT TO KNOW HOW MUCH YOU COULD BE SAVING ON YOUR INSURANCE COSTS?

LET’S TALK

Connect With Us

Competitive Edge Insurance

LIC #0H31982

P: 619-259-5459
F: 619-377-0144

830 Orange Ave Suite L Coronado, CA 92118

Privacy Policy

Hours of Operation

Monday – Friday 8:00AM – 5:00PM

Saturday Closed

Sunday Closed

© Copyright 2021- Competitive Edge Insurance

site design by digitalstoryteller.io

© Copyright 2021- Competitive Edge Insurance
site design by digitalstoryteller.io