You Need Some Data Security Insurance

cyber liability insurance I have homeowner’s insurance, automobile insurance, health insurance and life insurance.  Businesses have insurance against errors and omissions, general liability, malpractice, loss of business, and a hundred other things.  We all have insurance against losing what is most valuable or to help us pay for large unseen expenses.

Insurance companies give us an incentive to lower our premiums, which translates into them helping us help ourselves.  Many health insurance plans give you an incentive to lose weight, exercise and quit smoking.  Automobile insurance companies give me an incentive to drive safely and put my car in a garage.  Homeowner’s insurance companies give me a discount if I have a home security system.  Of course this helps the insurance company because it decreases the likelihood of paying a claim, but it also helps you and me.

We all take great precautions to insure ourselves against eventual problems, so why don’t we do the same with our most important asset, information?  Most people have important information on their home computers.  We store family photos, financial information, the kid’s homework and most likely the logins and passwords to sites all over the internet.  In our businesses, we store customer data, financial information, product designs, software code, strategic plans, contracts, budgets, employee salaries and a host of other critical information.

Do you have an insurance policy that covers losing all that information?  Most businesses have backups of their critical data, whether it’s done locally or to a cloud-based service.  That protects you if you have a hardware failure or if someone accidentally (or deliberately) deletes your information.  That means you have a way to get the information back.

How about if someone walks off with your information?  It could be an employee who takes a document out of your organization on a USB drive.  It could be a hacker that steals your customer’s credit card numbers from an unprotected server.  Or maybe someone takes a laptop from an employee’s car that contains a lot of sensitive information.

Many insurance companies offer cyber liability or risk insurance, which covers your risk in the event of a data breach or loss.  Wells Fargo has a comprehensive offering called WebNet Protection® Policy that covers everything from the expenses of breach notification to data restoration.  This is valuable, but doesn’t cover the damage caused by losing important information.  The cost to your brand, reputation and ultimately your business can be much higher than the cost of replacing your information.  Just like home insurance can rebuild your house, it can’t replace your photos that were lost in the fire or flood.

You also need the type of insurance that comes from locking your front door to keep out unwanted people.  Some of these are obvious, but many people don’t follow them.

  1. Give access to confidential information only to authorized people
  2. Keep your computers, applications and network devices updated with the latest security patches
  3. Use a firewall in your business and at home
  4. Use a secure file transfer service to send confidential files
  5. Encrypt confidential data and files
  6. Use strong passwords for users and administrators

These are just a few tips to give you some data security insurance.  Just like locking your front door keeps out most people who want to steal something from your home, employing some simple techniques keeps most people from stealing your information.  Attacks on your information are getting more sophisticated, but it’s amazing how many can be thwarted by doing the basics.

 

Photo credit David Hilowitz

Comments 2

  1. You said in your post “you also need the type of insurance that comes from locking your front door to keep out unwanted people”. However you can have a home with all the security gizmos and it can still be broken into.You also mentioned encrypting confidential data and files as a step to take when securing confdential data. The problem with encryption is that security is not persistent, once decrypted the file can be sent and accessed by anyone. Enterprise Rights Management on the other hand is a form of encryption that is persistent (the encryption remains with the document whether it is in use, in motion or at rest) and this is what organizations need to start looking at.

    By doing this it means even when the house is broken into, the data cannot be touched because of the level of protection on that data.

    1. Peter you are right. I was thinking about Enterprise Rights Management when I said encrypt files and documents, but probably wasn’t clear. If you just use standard drive encryption, that won’t help when someone decrypts the files. Thanks for adding some valuable insight into the discussion.

Leave a Reply