If you keep personal, financial information or medical records in paper of digital form you are at risk.  Lost laptops, network security breaches and even paper records thrown into a dumpster are in the news lately and new laws are now in place.

Recent losses include a stolen computer with 20,000 names, dates of birth and social security numbers.  A senior data analyst stealing and selling 17 million customer records.  45.6 million credit / debit card numbers stolen over a 19 month period and back up tapes stolen from a storage facility.

Areas of concern: Vendors & outsource contractors, Wireless Access Breach, Hackers & viruses and Rogue Employees.  New laws mandate contacting each client without reasonable delay – the average cost is $200 per lost record.

New Red Flag Rules take effect June 1, 2010.  These rules apply to any establishment (retail, auto dealers, health care providers) extending credit.  HIPAA rules concerning medical records include fines of up to $50,000 per loss.

Costs per record averaged $202 in 2008 with civil penalties of up to $2000 per record.

General liability policies provide no coverage as data loss is not ‘tangible property’.  Likewise, crime policies, professional liability and ISO property coverage does not apply.

Fortunately, we have a number of specialty security policies that have been designed to provide for this coverage gap.

Contact us today for a free analysis of your business and quote.

Data theft loss is big business on the black market side of life and files pull in countless thousands of dollars for extended databases of customer details. Specifically, the businesses most at risk for data theft loss are the ones that don’t protect themselves. From big corporations to family owned businesses, anybody who deals in the public sector, keeps customer or company records or otherwise documents personal or financial details is at risk.

Because the great majority of businesses fall into this category, don’t think for one moment that your own business is out of the danger zone. If you own a business, stop for a moment and think: What am I doing to prevent data theft loss from happening to my own business? If you answered nothing, chances are there are thieves who have their eyes on getting hold of those business records.

There are many types of businesses that get hit seemingly “out of the blue” and they wonder why. Staying wise to the ways of data theft is one way to prevent it from happening to begin with. If you think you’re at risk for data theft loss, chances are you’re right. If you think you’re not, chances are you’re wrong. Name one business that doesn’t keep records and financial documents pertaining to their transactions. There aren’t any. Do your business the justice of discovering the many ways data theft can occur and what you can do to safe guard yourself against a possible theft.

Businesses that operate on the Internet using laptops are especially vulnerable and many leave their connection wide open for hackers to have a go at. Wi-Fi connections are vulnerable because thieves are able to tap into an unprotected network very easily. Data encryption techniques and Wi-Fi security measures can seal this leak but you have to make smart security choices that are steadfast and reliable. Good luck in protecting your businesses from data theft loss!

Finance companies: Red flags rules surrounding finance companies have specific rules. Finance companies are especially vulnerable to identity and data theft. They can easily be targeted by thieves that know there are plenty of financial details for them to get their hands on. Thieves are creatures of opportunity and advance planning. If there is a avenue of thought to explore that allows them to gain access to the customers financial details, they’ll find it. Therefore, most criminal attempts have been addressed by the red flags rules and regulations.

Automobile dealers: Automobile dealers could get themselves into trouble with criminals committing identity fraud. Because there aren’t any regulations in place to line up customers identities with a database, crimes could be committed in the wide open. With no regulations in place, criminals can say they are so and so when in reality they are a previous car thief or criminal of similar proportions.

Mortgage brokers: 56% of mortgage brokers have never heard of red flags rules and what they are. Being able to get themselves into compliance will be a difficult task as only 17% of the existing mortgage companies are already following the rules. Making their own code of ethics and business practice should be one of the first things that mortgage brokers should do. In addition to the new red flags rules, additional protective measures taken with their own initiative can further safe guard customer details and financial documents pertaining to the company.

Utility companies: Utility companies may not seem like a likely victim for identity theft but identity theft runs rampant no matter what. All businesses need to know the red flags rules that are specific to their business so that they are not at a higher risk in their business genre. If the great majority of utility companies are red flags rules compliant, the ones that aren’t will become the main targets for the thieves and criminals.

Telecommunication companies: These companies keep extensive databases about their customers. Financial details, home addresses, phone numbers, they have it all. Thieves love these companies because they are so huge. The immensity of the database files makes for a thievery gold mine should they be able to gain access. These large database holding companies need to be especially careful to adhere to red flags rules and business practices that will keep them protected.

Medical practices: These businesses have some very specific rules when it comes to red flags rules. They have all been prompted to not only adhere to the rules but develop their own sets of identity theft protection measures through their business practices.

The following businesses are also mentioned in the red flags rules overview. They keep extensive records as well. Hospitals, law firms and any other company that receives payment for work once it is completed.

Dictating how a company may store the sensitive information of both employees and customer’s helps to keep the information secure. If businesses were allowed to create whatever type of index system they wanted, things would soon take a turn for the worst. Criminals would immediately take advantage of any inconsistency within the ranks of personal information storage and find a way to use it to their advantage.

Ensure any business you are a part of is in full compliance with any privacy laws in the books. If you know the business you work for is doing everything to be in cooperation with the law, you will have a much better time as an employee. There are many types and factions of privacy laws. General, specific and privacy laws by country! Specific privacy laws govern certain business types, like health care and online commerce. Any business with a strong focus on personal data and the collection of such will have strong privacy laws governing which information they can gather on a consistent basis. Privacy laws help keep information safe but the effort to keep information secure shouldn’t stop there.

Businesses will always be informed, one way or another, about the privacy laws that will be governing their business. What they won’t be told, is that thieves are craftier than that. They know how to meander around the laws that are plain to see and improvise about how to go about getting a hold of your data. You can take additional measures to safe guard the storage of sensitive information in a variety of ways but privacy laws have done a fairly good job and centralizing what information can be collected and the methods in which it can be stored.

There is more privacy legislation in the works to further protect businesses and their patrons. However, not all business owners are fans of these new legislation attempts. One hand always washes the other but there are many variables in business that a small change in legislation can affect. For example, a newly proposed privacy revision would regulate how ad tracking companies can track data and use it to display advertisements. It also would also prevent some online companies from using the data gained about customers offline. This would have a massive effect on the profit margins of some companies but if it is in the best interest of the consumer in order to prevent theft, then the legislation will probably be passed regardless of any profit loss by big business.

This type of insurance makes sure that you stay financially safe from whatever happens through the advent of a third party. Traditional liability insurance coverage aimed towards businesses do not cover any of the new and dangerous happenings on the Internet. If someone were to violate a privacy or copyright infringement, while being completely unaware of the occurrence, he or she would not be covered under traditional liability insurance. Because it happens on the Web, insurance coverages have emerged that include protection from these emerging business threats and loopholes.

Cyber Liability Insurance is also known as Technology Errors and Omission Insurance or Technology E & O. If you’re business inadvertently transmits a virus or keylogger to a possible client, even though you are completely unaware of its presence, you can be held financially liable for any damages that ensue. The disclosure or misuse of confidential information is also deemed to be a crime and is not covered in any insurance plans that we’re aware of. Copyright infringement accusations and alleged defamation can land an online business in hot water very quickly. It’s up to you to take the proper measures to protect your online business before such pitfalls can cause you a problem.

Cyber Liability Insurance is designed to keep honest, hard working online businesses in business for the long haul. Unfounded accusations and legal proceedings that result from common mistakes shouldn’t have to mean the elimination of your company. Instead, you can opt to purchase this insurance coverage and ensure that should such a disaster occur, like a virus or trojan being transferred to one of your clients computers, that you experience less of a financial burden. The financial loss you experience, coupled with the inclusion of this insurance coverage, may save your business from having to close its doors forever.

Cyber Liability Insurance just makes sense. It was only a matter of time before an insurance plan was developed to address the growing threats and problems the Internet presents. Without Cyber Liability Insurance, the many loopholes that thieves would use to completely run your business into the ground are left wide open. You shouldn’t take the risk of running an online business without some form of Cyber Liability Insurance, that is, if you care enough about your business to recover it when a disaster strikes. The choice is yours but many businesses have already locked in their ability to protect their business from online disasters.

Protecting your business is very easy if you know the right protocol to follow. The main areas where crime is the most prevalent is Internet fraud, spam, hacking, sexual predators and data theft. Knowing the perils your business will face will allow you to put the protection you need in place before a danger becomes a reality. Because every business is different, we’ll use a figurative example. A business opens on the Internet and to save money they do nothing for their business security measures. 6 months after opening, after they have become incredibly popular, they are struck by a band of Internet thieves that have been watching their business progress. After downloading all of their data records from an unprotected server, they make exorbitant purchases using the financial details of the businesses customers. Had the business had their site hosted on a protected server, they wouldn’t have fallen victim to the hacker’s efforts to download their data. Instead the hacker would have been denied access entirely.

If there is a way to damage your business through cyber crime, there is also a way that has been created to prevent it. Meaning, for every cyber crime problem there is already a solution. Instead of listing the gargantuan amount of different crimes there are, take the initiative to research the types of crimes your business is vulnerable to. For example, a business that sells cuts of lean meat online may be vulnerable to having their shipments hijacked before they reach their destination. Crimes initiated in the cyber world can also be taken into real life scenarios. Being aware of this will help you to devise a plan that will keep your business safe in both online and offline ventures.

You may not think it will happen to you but that is exactly what cyber thieves count on. Many people make no efforts to protect their business from things they can’t see. It’s this kind of twisted logic that allows cyber crime to be so prevalent. Do some thorough research and get a team of people together to discuss the risks your business is subjected to and the many ways you could become a victim of these crimes. Online crime follows a Web of possibility, action and reaction, just like the links people follow. Trying to imagine a sequence of events that could ruin your business will put you one step ahead of the game when it comes time to protect your business.

-   Have a formal process in place to update software, firewalls and anti-virus programmes regularly and promptly.
-   Safeguard mobile devices that hold sensitive personal data.  Encryption is a key tool to do this.
-   Safeguard personal information within the workplace, segregating pay information and personal details on a separate part of the network and restricting access to staff on a “least privilege” need to know basis.
-   Develop a firm set of operational and procedural guidelines to support security policies and standards that must be followed to maintain security.
-   Implement regular staff training on security procedures and employ rigorous staff vetting when hiring.
-   Make sure you have a crisis management plan in place which has been rehearsed and can be executed as soon as you detect a potential security breach.
-   The first 24 hours of a security breach is critical:  implement the crisis plan immediately.  Time is of the essence, particularly if regulatory reporting is required.
-   Having insurance in place is a big bonus for companies involved in a security breach.  In addition to covering many of the major costs, insurers have many of the resources to advise a company on what they need to do, as well as expert contacts to handle the situation expediently.