Recent computer crimes involving hacking major department stores, governments, banks, healthcare providers, credit card companies, even motion picture studios suggest no system is safe from cyber-attacks.
How can we risk manage this threat?
Updating computer systems can be tricky and often exposes data normally kept safe behind firewalls. When components are switched out, oftentimes doors are left open for outsiders to intrude.
For example, when you must lower your own firewall, be sure you've changed the factory provided password to the next firewall. Check your fundamentals. Implement strict protocols for employees to change any aspect, hardware or software, of their company computers. Centralize this function if possible.
Train employees to recognize phishing scams. Do not relay log-in information or passwords in response to an email. If an email seems poorly worded with misspellings, it probably did not originate from a major corporation.
Change passwords regularly. Request all systems users to change their passwords often. The company can protect passwords through thorough hashing and encrypting.
The company should back up all encryption software and password information.
Completing all possible due diligence helps move the criminals to an easier target, but determined hackers can find ways in. So, how does a risk manager deal with one of the fastest growing liability risks for companies?
First, understand the magnitude of the risk. For each client record exposed through your company website, your company will provide a year of identity theft protection and cyber security. At a reasonable $150 per account, you gasp at the 1,000,000 customer accounts like the large chains or credit card companies exposed to loss.
These claims are becoming more frequent, and more severe. The only risk management answer is transferring the risk, and most likely through insurance. What limit is safe? Depending upon your data base from outside your company, customer data, supplier data, bank information, and things you can't remember, like old accounts, these claims can bankrupt companies and destroy reputations if an inadequate response is offered.
Consider that $150 per account. How many will you likely lose in a cyber-attack? Talk to your insurance agent and find the best fitting plan. It's worth the conversation.