Sadler Tech Insurance And Risk Management Blog is ranked 14th best Nationally by Risk Management Masters, an online resource specializing in Insurance Risk Management.
We are proud to be recognized as an important source for technology insurance and risk management information and strive to educate our prospects, clients and the public on these topics.
Source: “Top 50 Risk Management Blogs”
For the first time, major international corporations are reporting higher fraud losses more from electronic theft of data than from physical stealing of assets, cash and inventory. With 98 percent of businesses affected, China appears to have the highest level of fraud followed by Colombia with 94 percent and Brazil at 90 percent.
A recent study performed in 2010 showed that the amount lost by businesses to fraud rose from $1.4 billion to $1.7 billion over the previous year. The majority of fraud losses have been from “inside jobs” carried out by company employees.
“How much fraud there is depends more on opportunity than anything else,” Tommy Helsby, Kroll chairman for Europe, Middle East and Africa, told Reuters. “Much more work is done electronically, and that creates new opportunities for fraud. It takes time for companies to catch up with that. There’s a real range of dangers,” said Helsby. “‘It can be simple theft or the risk of reputational damage if your firm loses customer data. That itself could be an existential threat to your business.”
Many companies are discouraged from expanding in some crucial emerging markets, China, Africa, and Latin America due to their suspicions over fraud.
“That means you miss out on some of the fastest growing markets,” said Helsby. “You can’t make the risk go away, but you can manage it through having the right systems in place.”
With fraud losses at an all time high, Cyber Liability insurance is a critical part of the risk management plan of any major corportation.
Source: Insurance Journal
I came across an eye opening article from Chartis Insurance Company about real claims scenarios of payments made by their Executive Liability policy form. Most of the payements are over $1,000,000 and involve data breach caused by hackers and rogue employees.
Read Article: Security & Privacy Claims Marketing Sheet
Source: Chartis Insurance Company, Security & Privacy Claims Scenarios, September 2010
Due to the overwhelming information that has been flowing over the internet as the WWW gets stronger, we thought that it was best to revisit the question of “How Private is Your Personal Information?”. More so, as a tech, are you responsible if your CLIENTS INFORMATION? Your thoughts?
I ran across an excellent web page that reminds us how seemingly private communications may not really be private and can be spread and detected for many years and possibly forever. The article discusses the pitfalls of hard drives, laptops, smart phones, social networks, Google caches, and fax machines.
“Online is Forever,” there are millions of old, orphaned web pages out there whose creators can’t access them to change them or take them down, Google caches pages so that web searches can still see them even after they have been removed from the web server, and backups of ancient data still languish on the shelves of numerous server rooms.
Source: WXPNews, May 4, 2010
“Cyber liability coverage has evolved from just liability insurance for information technology companies to coverage that nearly every class of business should have if they don’t already.” Many businesses including banks, restaurants, retailers, and medical offices are unaware of the great security technology exposure they face.
In addition, the internet is not the source of all data breach problems. Lower tech breaches commonly arise that are caused by leaving password notes out in plain view, theft of laptops, and improper disposal of medical records.
“Recent state laws require companies that have experienced a security breach to notify all customers that could be affected by the breach that their information has been compromised, even if the information hasn’t been used. In most cases, the notification also includes an option of one year credit monitoring services and a new card or account number for customers.”
More than 40 states have data breach notification laws and insurers expect a federal cyber notification law at some time in the near future. The average per customer cost for a security breach is $15 and this does not include loss of reputation.
Source: http://www.mynewmarkets.com/articles/107853/security-breach-notification-laws-reinforce-need-for-cyber-insurance
Cybercriminals are using pfishing tactics to gain information from social network sites to tap into corporate networks to steal sensitive data that can result in breach of privacy lawsuits and the need for Cyber Liability insurance for both techs firms and regular businesses alike.
Here are the steps in the process:
1. Cybercriminals purchase Facebook user names and passwords on websites at a cost of $75 to $200 per 1000 matching pairs.
2. Cybercriminals enter accounts and get access to friends, emails, dates of birth, mother’s maiden names, home towns, and vital information from profiles and postings to start online conversations.
3. Messages are sent to friends with information of interest (based on postings) that include a link to a website that results in a malicious executable file being placed on the recipient’s PC.
4. Executable files contain keystroke loggers that capture all user keystrokes on a periodic basis that are emailed to free Gmail or Hot Mail accounts that are set up by the Cybercriminal.
5. Eventually, the user logs into the employer’s network through VPN or Citrix and the cybercriminal captures the user name and password.
6. The cybercriminal enters the corporate network and probes for weaknesses such as those caused by failure to update security patches.
7. A vulnerable server is found and breached resulting in the hacking of confidential information.
Source: http://www.usatoday.com/NEWS/usaedition/2010-03-04-1Anetsecurity04_CV_U.htm?csp=N009
In the recent Florida Supreme Court case of Penzer v. Transportation Insurance Company, the court ruled that the standard General Liability policy form covers lawsuits alleging that fax blasts are in violation of the federal Telephone Consumer Protection Act (TCPA).
In this case, a class action lawsuit was filed against Nextel (or its agent) for sending unsolicited fax blasts in violation of the TCPA. The TCPA is a federal law making it unlawful to use a fax, computer, or other device to send an unsolicited advertisement to a fax machine. Each fax sent in violation can result in the greater of actual damages or $500.
Transportation Insurance Company argued that the “advertising injury” coverage under its General Liability must be for “oral or written publication of material that violates a person’s right of privacy”. And, in the present case, no private content was communicated in the advertisement.
However, the court opined that the “right of seclusion” is a right of privacy that is provided for under the TCPA. Therefore, the “advertising injury” coverage under the General Liability form does provide coverage for sending unsolicited fax advertisements in violation of the TCPA.
In the Penzer case, the fax blast violation occurred in 2003. Since that time, the insurance industry has adopted form CG 00 67 03 05 entitled “Exclusion-Violation Of Statutes That Govern E-Mails, Fax, Phone Calls Or Other Methods Of Sending Material Or Information”. This policy endorsement should preclude coverage in the majority of these cases.
Source: John Sadler
I came across an excellent article that explains how easy it is for scammers to decode your Social Security number. I always wondered how they did this.
Carnegie Mellon University researchers only need two pieces of information to guess SSNs in a recent study published in the Proceedings of the National Academy of Sciences. The study implies that knowledge of your hometown and your birth date allows scammers to discover most of, if not all, of the nine digits of your Social Security number.
$50 can buy your SSN from dozens of websites used by private investigators, businesses conducting credit checks, and savvy scammers who know your name, birth date, and current address.
And if the scammer doesn’t have the information, Alessandor Acquisti, the study’s lead researcher, says it is easy to find. Acquistis states, “There are many websites and database where one can access the birth dates of thousands of people easily and cheaply.”
Public databases and voter registration lists include this information. Over the years the first three digits of the SSN have been an “area number”. The fourth and fifth has been a “group number” and the last four digits which are more difficult to guess are issued sequentially depending on how long the Social Security application took to process.
Today’s highest risk group for decoding are those born since 1988 because that is the year the Social Security Administration began to order SSNs for newborns and older children who did not already have a SSN. The SSA plans to start a more arbitrarily process of assigning SSNs next year.
For those who use social networking websites such as Myspace, Facebook, Twitter, etc. or have online accounts, here are four easy ways to help prevent potential problems:
Do not use your birth date or any part of your SSN as a password.
Do not post any personal information such as your birth date, hometown and location of your high school.
If you post obituaries of loved ones, exclude hometowns and other personal information, as deceased are frequent targets.
Stay away from online security questions that ask for your hometown.
Source: Sid Kirchheimer AARPBULLETINtoday
YouTube, Facebook, and Twitter have become prevalent and the risks involved for the workplace are often not taken into account.
Here are a few threats that can be overlooked:
1. Your Friends List
“Social media” can be very helpful when making contact with customers, finding jobs, corresponding with potential clients, etc. But dangers lurk when all the people in your friends list have access to your comments. Ranting and raving about your boss and forgetting that he/she is listed as “your friend” can lead to obvious problems.
2. Employers Fail To Set Internet Usage Policy
Many companies are using blogs and social networking to their advantage; however, they can also become a liability risk. It is vital that policies are in place for how and when employees can use the Internet and that personal data is secured.
3. Hackers Look For Any Open Door
Any employee using these sites while on the job exposes the organization to phishing, being hit by spam, and malware attacks. One result shows that a quarter of all businesses have been affected by “social media” use in the workplace.
4. Providers Fail to Take Appropriate Safety Measures
Lawsuits are beginning to target the social media companies for privacy issues along with user-generated content. Several classmates set up a private group on Facebook. Now Facebook has been named in a lawsuit for over allegedly defamatory content contained in the private group’s comments.
5. Ignorance Is Your Loss
An even bigger danger is to ignore the social media frenzy. In doing so Companies lose the newest, most poplar opportunity to stay in touch with their markets, their clients, and build customer relationships. Just be wise in how your company uses social media.
Source: Patricia Vonwinkle Risk and Insurance
