errors and omissions insurance Cyber Risk: Protecting Data in the Cloud | Axis Error & Omission
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Risk: Protecting Data in the Cloud


Cyber Risk: Protecting Data in the CloudCyber Risks: Protecting Data in the Cloud

The widespread use of cloud computing by both corporations and individuals and the increase use of cloud services, such as Google Docs, Dropbox, and SkyDrive, among employees has made it increasingly harder for organizations to keep and have control of their data. A company’s intellectual property can now well be stored on Google, Microsoft, and other cloud-based systems as well as third parties without your permission can be a big cyber risk.

Of course, each of these tools is valuable and they provide major benefits to organizations. It’s estimated that Dropbox, for example, has more than 50 million users. However, it’s a problem when these services are being used without the company’s permission. This is when security gaps exist, including having unencrypted data in the cloud, spam, etc.

There are certain steps you can take to gain cloud control, including assessing your risks, establishing policies and educating your employees of what is being dubbed by risk managers as the “Bring Your Own Cloud (BYOC)” environment.

1. Establish a BYOC policy at your company. When data goes to a third party with whom you don’t have relationship, there are a great many risks, as you don’t know who can access the information. Explain the risk to your employees and what precautions to take regarding the use of private cloud/personal remote storage in your network or on your employees’ devices (iPads, smartphones). Compliance with data protection laws and other regulations (HiTech, for example) places the onus on your company to protect data. If a breach should occur, you could face serious consequences including reputation damage, forensic costs, fines and penalties, etc.

2. Pinpoint ways to mitigate or detect violations in the policy you’ve established. You may consider blocking access to some of the sharing sites through web filtering. Or, you may have an enter-exit system that can keep track of when a sharing site is being used. But if it’s accessed from an employee’s home, you won’t be able to track this unless access is through a virtual private network connection.

3. Create, implement audit features, and have a data breach plan in place to manage risk.  If a breach has occurred through an employee-provided cloud storage system, you can serve the operators of the system with “takedown notices”, notifying them that they are holding data that you own and it must be removed immediately. In the event the data gets released, be sure you have the resources available to notify all those affected, to determine the extent of the breach, etc. Part of this plan is having the right insurance coverage secured to cover the costs that will be involved if a breach occurs.

At Axis Insurance Services, LLC, our cyber security insurance specialists can work with you to reduce your upfront exposure, develop effective new processes and procedures to minimize your risks, and help protect you against financial loss.

Source: Kroll Advisory Solutions

Comments

comments

Blogged on: October 23, 2012 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions