errors and omissions insurance Cyber Liability: Preventing Future Security Breaches | Axis Error & Omission
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber Liability: Preventing Future Security Breaches


Cyber LiabilitCyber Liability: Preventing Future Security Breachesy: Preventing Future Security Breaches

Subhead: 90% of Security Breaches in 2014 Could Have Been Prevented

Data breaches are taking their toll with the first nine months of 2014 resulting in 904 million records being exposed, according to Risk Based Security. This is a 95% increase from the same period of time in 2013. And as we all know, 2014 ended with a bang as a result of the massive breach of Sony. But according to a recent report released by the Online Trust Alliance (OTA), more than 90% of data breaches occurring in the first half of 2014 could have been prevented.

The report by OTA, “2015 Data Protection Best Practices and Risk Assessment Guidelines, included analysis of more than a thousand personally identifiable information breaches reported by the Open Security Foundation and the Privacy Rights Clearinghouse. It found that only 40% of breaches occurred due to external intrusions, while employees caused 29% of breaches, whether accidentally or maliciously. That 29% was broken down to 18% of breaches being attributed to lost or stolen devices and documents, and 11% due to fraud.

Moreover, in addition to identifying the sources of 2014 data breaches, the OTA laid out 12 data protection best practices to avert preventable security breaches in the future. They are as follows:

  1. Enforce effective password-management policies: Use multi-factor authentication, unique passwords, login abuse detection systems and other preventative measures to stem attacks against user credentials, including brute-force, sniffing, host-based access, and theft of password databases.
  2. Least-privileged user access (LUA): All accounts should run with as few privileges and access levels as possible to protect against malicious behavior and system faults, as well as minimize damages from exposed passwords or rogue employees.
  3. Harden client devices by deploying multilayered firewall protections: Use client and WAN-based hardware firewalls, up-to-date anti-virus software, removing default accounts, automatic patch management for operating systems and applications, etc.
  4. Conduct regular penetration tests and vulnerability scans: Regularly scan cloud providers and look for potential vulnerability points for risks of data loss or theft.
  5. Require e-mail authentication on all inbound and outbound mail streams to help detect malicious and deceptive e-mails, including spear phishing and spoofed e-mails.
  6. Implement a mobile device-management program: Require authentication to unlock a device, locking out a device after five failed attempts, using encrypted data communications/storage, and enabling the remote wiping of devices if a mobile device is lost or stolen.
  7. Continuously monitor in real time the security of your organization’s infrastructure: Collect and analyze all network traffic in real time, analyze centralized logs and review network statistics.
  8. Deploy web application firewalls to detect/prevent common web attacks.
  9. Permit only authorized wireless devices to connect to your network: Keep all guest network access on separate servers and devices with strong encryption, such as WPA2 with AES encryption or IPSec VPNs.
  10. Implement Always On Secure Sockets Layer (AOSSL): AOSSL helps prevent sniffing data from being transmitted between client devices, wireless access points and intermediaries.
  11. Review server certificates for vulnerabilities that could lead to hijacks: Sites are recommended to upgrade from DV certificates to Organizationally Validated or Extended Validation SSL certificates.
  12. Develop, test and continually refine a data breach response plan: Regularly review and improve the plan based on changes in the organization’s information technology, data collection and security posture. Take the time after an incident to conduct a post-mortem and make improvements to your plan. Conduct regular tabletop exercises testing your plan and personnel.

In addition, make sure you also have the proper insurance coverage in place to respond in the event of a data breach. Cyber Liability insurance or Privacy & Network Security coverage is needed to kick in to pay for expenses involving a breach. Many policies are designed to provide coverage for first-party expenses, including IT forensics, business interruption, the cost of notifying customers of a breach, and the expense of hiring a public relations firm to repair any damage done to your image as a result of a cyber attack. Moreover, a good policy can be secured to cover regulatory fines or penalties you might incur because of a data breach. Third-party coverage is also available to cover the costs associated with civil lawsuits, judgments, settlements or penalties resulting from a cyber event.

The professionals at Axis Insurance Services can help you determine what type of cyber coverage you need to adequately protect your firm. We specialize in providing a portfolio of management liability insurance, including Cyber Liability to a diverse clientele. Contact us at (877) 787-5258.

Comments

comments

Blogged on: February 9, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions