Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.
I have been in the IT field for almost 30 years. During that time the IT landscape (or Data Processing as it was called in the old days), has changed dramatically. When I started we had a centralized computing model where all the data was secured in a windowless cinderblock data center and the data was accessed through dumb terminals at your desk with no external connectivity. The advantage of the old model was its security. The data center was a near impregnable fortress where the front doors were protected with security cameras, security guards, and you needed a magnetic badge to get in the front door. The disadvantage was the lack of flexibility. If you couldn’t get to your desk, you couldn’t work.
With today’s distributed computing model data can be stored in a secured location in your office, on a remote device, or accessed through a cloud application hosted by any one of a hundred different vendors. Data can be accessed through a PC, laptop, smart phone, or tablet. You can be at your desk, in your car, or on a beach in the Caribbean. The advantage of the new model is its flexibility. The ability to work where and when you want has increased our productivity. The disadvantage of the new model is the security risks inherent in this new environment. The portability of our devices means that they are easily lost or stolen. In order to provide remote access to the data, doors have to be opened up into our environment. With those open doors, there are increased security risks.
In my current role as IT Manager I have been tasked with securing our environment. During this process we have spent thousands of dollars and hundreds of hours battling against increasingly clever criminals intent upon stealing our data, or negatively impacting our ability to conduct business. In addition to the external threats, there are people internal to the organization that make shockingly bad decisions when it comes to protecting company data that has been entrusted to them. They may be responding to blatantly fraudulent e-mails promising untold millions if they just click on the link, or they may leave their portable device in bar, hotel room, or on the conveyor belt at the airport.
Balancing security with usability is a constant struggle. There must be procedures in place to deal with such eventualities, but the procedures can’t be so strict as to affect the flexibility that comes with having such a device in the first place. Even the strictest security policy can be defeated and dealing with lost or stolen data will be an expensive and embarrassing process. That’s why a cyber-security policy is absolutely essential in today’s work environment. Do your best to protect your company’s information from loss, and do your best to protect them when the loss inevitably occurs.
Hi, I’m Jeanine Loomis. I, like most Insurance Professionals, didn’t plan on growing up to become an Insurance Broker but fell into this career. But when I did enter this field, I discovered the true Insurance Geek that was hiding inside of me. When I explain to my people that I read and compare insurance policies for a living and truly enjoy my job I get a confused look and a quick change in conversation in fear that I might try to sell them a life insurance policy (because, let’s face it, most people have no idea what Management Liability Insurance is when you tell them about it).
I have been working on D&O and Professional Liability related products since 2000. In 2005 our company realized that, due to ever changing nature of the Cyber products in the market place, we needed to dedicate our time and energy to sink our teeth into this product and the exposures that businesses face. I, with a few of my co-workers, volunteered to dive into the Cyber/Privacy space to become well versed in the coverage and help our agents & their insureds navigate through the various exposures and policy wording that is out there.
S.H. Smith & Company encourages us to stay engaged in the marketplace, help our agents navigate policies that they may not have as much time to dig into and be a resource for specialty product lines. This blog is our newest venture to help our agents do just that.
For those of you that do not know me, my name is Betty Shepherd. I am proud to be a member of the professional liability insurance community for the past 20 years. When I first started my career, our files were all in paper format, we sent faxes rather than emails and telephone calls were the primary way in which we communicated with our business partners. Fast forward to the wonderful world of the internet where we can communicate instantly (for better or worse), we have access to unlimited data and we can send information at the touch of a button.
Yes, the internet has transformed the way in which we conduct business (not to mention transforming the world!) This transformation has created new risks as well. Data that a company collects, processes or transmits can be breached. It can be sent to the wrong party accidentally, it can be intercepted by a malicious person or it can be destroyed by a virus. If that data contains any private information (personally identifiable information, protected health information or confidential corporate information) the company will face financial consequences. Cyber risk insurance is protection against those financial consequences.
I have been focused on this “new” insurance product for the past 10 years in varying roles (although early forms of cyber insurance date back to the late 1990’s). There are many cyber/privacy products in the insurance marketplace (I have developed two of them). There are many seminars, webinars and articles regarding cyber risk (some of which yours truly has hosted and authored). Exposures surrounding cyber risk insurance are constantly evolving as legislation and theories of liability do and those are the reasons we created this blog.
With this blog, we are committed to keeping informed about the ever changing world of cyber risk insurance and passing that information on to you. We hope you enjoy it!