Every employee exposes his/her employer to significant cyber risk every single day. To say this is a huge area of risk for all businesses would be a monumental understatement. Computers, cell phones, laptops, iPads, flash drives, copy machines – anything that stores information and connects to the Internet is a potential opportunity for a data breach. If that's not alarming enough, here are a few stats to consider.
- Malicious cyber attacks increased 81% in 2011 (according to security vendor Symantec Corp)
- Almost half of small and medium sized businesses with over 100 employees have spent over $10,000 recovering lost data, while half of companies with 5 to 19 employees have spent over $1000 (according to Rubicon Consulting survey for Symantec)
- In 2011, 15% of Americans (36 million people) were notified of a data breach with their personal information (Javelin Strategy & Research 2011 Report)
- In a study by the Ponemon Institute, 36% of data breaches involved a lost laptop or other mobile, data-bearing device
- In 2010, some 16 million confidential records were exposed through more than 662 reported security breaches, according to the national nonprofit Identity Theft Resource Center (ITRC)
All of this exposure and all of these breaches, and only about 25% of companies are buying stand-alone cyber coverage.
Our friends at LeBaron and Carroll Insurance have shared the following ideas with us about what you and/or your clients should be doing to prepare your businesses for the inherent risks of using computers and mobile devices.
- Perform a full risk assessment
- Have an information security policy in place
- Be sure the responsibility for your compliance program has been assigned to someone as a formal job responsibility
- Train all employees
- Put physical safeguards in place
- Put technical safeguards in place
- Regularly test for areas of vulnerability
- Develop a response plan in the event of a breach
And, because you never know where the next threat lies, and no safeguards are likely foolproof, especially in the area of data breach, you need to be financially prepared. Not properly protecting yourself and your clients in this critical area could prove, well... critical.
Photo by mikogo.