The recent headlines about internet “hacking” and security breaches have focused on large retailers such as Target, Neiman Marcus and Home Depot and big banks like JPMorgan Chase. Unfortunately, fraud and financial data losses are not limited to retailers or even to one industry. Small snow removal and ice management businesses are increasingly vulnerable to cybercrimes like online identity theft, hacking or phishing.
Today, with almost every business involved with some form of internet connection or storage of data such as customer lists, employee information, books, records, receipts, tax documents and, of course credit cards, nearly 83 percent of small businesses do not have a contingency plan outlining procedures for responding and reporting data breach losses.
SUPPLIERS, EMPLOYEES, CUSTOMERS AND CLIENTS
According to the National Cyber Security Alliance, a nonprofit cyber security educational organization, one in three small businesses is a victim of cybercrime each year with 60 percent of those victimized going out of business within six months.
We correspond through e-mail, transfer information through the internet, and hold business meetings online. Many snow removal businesses are even completely paperless. Often overlooked is the fact that businesses that take only names, social security numbers, or other sensitive customer information, may be required by law to take a number of expensive steps to protect this data from loss and theft.
No business can hope to remain safe from cyber threats if they fail to take the necessary precautions. A data breach or hacking incident can not only harm the snow removal business, it can also lead to a lack of trust on the part of customers, partners and suppliers. Small businesses must make plans to protect their operation from cyber threats and help employees stay safe online. In fact, it is the snow removal contractor’s obligation to protect the data and the financial information of its customers, suppliers and employees.
THE PROBLEM TIMES TEN
Most states have breach notification laws. In other words, many states require written notification to be sent to individuals – and, in many cases, businesses – affected. Even where laws are not in place, a reputable business should provide breach notification.
It is not only business websites, but also an employee’s activity on social media sites that can trigger liability, especially if the business is responsible for the sites. Defamatory statements, leaked information and copyright infringement are all growing concerns.
Losing the trust of customers can be much more damaging than the financial cost of repairing the effects of any breach. Making matters worse, a snow removal business can be held liable for the loss of third-party data. If there is a data breach, the operation could find itself facing expensive damage claims.
DO-IT-YOURSELF RISK MANAGEMENT
The increasing threat of data security breaches makes it important for every snow and ice removal business to reinforce their security practices. But, how can any contractor, business owner or manager hope to manage this risk?
Security experts agree that the easiest place to start is strong password protection. Yes, password protection, something that a surprising number of IT-sophisticated businesses often fail to master. Many recently exposed “hacking” cases have been traced back to weak passwords that were either (1) not encrypted or “salted,” or (2) not changed regularly.
If managing passwords for all of the operation’s servers, apps, cloud services, databases, tablets and laptops seems daunting, there are affordable password management professionals and software that will do it — usually avoiding the big price tag of cyber insurance.
INSURANCE TO THE RESCUE
Little of a business’s data is typically covered under today’s insurance policies. Thus, liability for any loss of customer or employee data is probably not protected. Admittedly, some of a snow removal business’s insurance policies might offer general liability protection.
Directors and Officers (D&O) liability may, for instance, provide a measure of coverage for these areas. Unfortunately, as the risk escalates, it is only after a hack attack that many contractors discover what is and what isn’t covered by their insurance policies.
Business interruption insurance rarely helps in the event of a system failure because of a malicious employee, computer virus or hack attack. While few so-called “umbrella” policies or blanket liability insurance policies cover these types of losses, a relatively new type of policy, “Cyber Liability Insurance” is available.
Some of the biggest names in the insurance industry, including AIG, CAN and Chubb, are now offering cyber liability policies. Although there are no firm numbers regarding the size of the cyber insurance market, most analysts say it has been growing at an annual rate of 20 to 30 percent since 2013.
Cyber liability policies were created to cover identity theft, business interruptions when hackers shut down a network, damage to a business’s reputation and costs associated with damage to data caused by a hacker. Policies can also cover the theft of digital assets, malicious attacks via computer code, human errors that disclose sensitive information, credit monitoring services and lawsuits.Cyber insurers reportedly are still amassing the date needed to price the risk of cyber incidents. After all, the damage that can be inflicted by cyberattacks is wide-ranging and often hard to pin down. This can include specific dollar amounts stolen or extorted through ransomware, the loss of customer data (and the cost of notifying and protecting victims), the value of lost business and business opportunities and, of course, damage to the snow removal operation’s reputation.
Even smaller snow removal and ice management businesses are beginning to recognize the importance of cyber insurance in today’s increasingly complex and high-risk digital landscape. However, this awareness has been coupled with skepticism about the true value of cyber liability insurance. Whether because of its cost, the limits imposed or the tight terms and conditions, only 25 percent of U.S. businesses have purchased cyber liability insurance policies.
Cyber liability insurance can cover hacker attacks, viruses and worms that steal or destroy a business’s data. Even email or social networking harassment and discrimination claims can be covered along with trademark and copyright infringement. Cyber liability insurance often covers profits lost because of a system outage caused by a non-physical peril such as a virus or attack.
When looking into cyber insurance, common sense dictates that all potential risks should be covered, including laptops and mobile phones. Portable devices make it much easier to both store and to lose information. For example, a missing USB stick, a stolen iPad or a laptop left in a taxi are all real possibilities and, for a hacker, a goldmine. There are viruses being built just to attack mobile devices.