Is Your Organization Properly Classifying Data?

Despite the fact that most businesses now operate at least partially in the online world, a surprising number are not aware of the importance of properly classifying data. An astonishing 37 percent of organizations do not have a system in place for data classification according to Risk Management Magazine. And the legal and financial ramifications of a breach can be astronomical for companies that are not taking the proper precautions.

cyber liability for nonprofits

Source: watcharakun via Freedigitalphotos.net

Data classification involves categorizing the information your company collects into levels of confidentiality. For instance, health information would receive a higher priority than a database of zip codes. Since most companies process massive amounts of data during the course of business, it is not feasible to provide maximum security over all data collected. Classifying your data allows the most sensitive data to be highly secured while the less risky data is protected by the usual means for your internet access.

Information management and a key data policy should be implemented by all businesses that store data using the web. In a survey conducted by Protiviti, as many as one in four companies do not have a written data policy and one in three do not have proper encryption set up to protect their data. If a breach were to occur, companies without a key data policy or encryption software would not be able to target what information was stolen and mitigating damages would be next to impossible.

On a more positive note, Protiviti’s detailed report shows that 67 percent of businesses are more aware of the dangers of unclassified data and are making improvements. It also shows that while encryption is not as popular as it should be, record retention practices and usage regulations are in place at more than 80 percent of the companies surveyed.

Lamb Financial Group offers nonprofit risk management services including the proper insurance policies for all of your cyber security needs. Call us at 866-481-5262 or contact us for more information on how we can help you protect your organization’s valuable data with a cyber security insurance package.

Risks Associated with Bring-Your-Own-Device Policies

risks associated with bring your own device policies

Source: graur razvan ionut via Freedigitalphotos.net

These days it’s not uncommon for employees to bring in their own laptops, iPads, and other devices to use for work purposes. However, a recent article published by the Society for Human Resource Management raised some interesting points employers should consider in relation to the risks associated with “bring-your-own-device,” or BYOD, policy.

The article notes that many employers with such a policy in place often state in writing that employees’ privacy will be respected, but that’s an “assurance it can’t keep in the event employer believes a workplace search is warranted” because of the risks associated with a BYOD policy – a valid point to consider as over half of companies in the U.S. allow employees to connect their devices to a corporate network.

So what risks does your business face if you have a BYOD policy in place? Below are some of the top concerns.

  • The possibility of a virus entering your network because an employee downloaded a virus-ridden game or app to their device and then connected it to your network.
  • Confidential reports accidentally being backed up onto a public cloud storage system, which presents an unknown level of exposure, according to Michael Suby, vice president of research for Stratecast.

 

In order to be sure that you are able to protect your business while still allowing employees to use their own devices, there are several strategies you can put into place. For example, your BYOD policy should clearly communicate that you can review any information contained on an employee’s device that they use for work, as well as “the right to search generally only if there is reasonable suspicion of illegal activity… [or] in the absence of reasonable suspicion of illegal activity such as theft or drugs.”

Additionally, take steps to keep your network secure when accessed from a remote device that an employee uses for work. Passwords that are created specifically for logging onto the company network that are extremely difficult to decode is just one option for helping protect your system from being attacked because an employee’s personal device was compromised.

And of course, it also helps to have forms of insurance like cyber liability in place. Contact Lamb Financial Group today to learn more about options for businesses like yours.

Cyber Liability Internal & External Data Exposure

cyber insurance new yorkFrom private customer information to trade secrets, every business stores data that is essential for its everyday operations. But with the increasing push toward “paperless” offices, it’s essential to make sure that this data is kept secure. As a Risk & Insurance article reminds us, exposures – both internal and external – are continuously growing as a result of digital data storage.

Business owners need to first understand the exposures.  For example, many business owners do not realize that their employees may be increasing the risk of data breaches unintentionally.

“The majority of data loss risks are associated with well-meaning employees inside the organization who inadvertently put information at risk in the course of their day-to-day activities at work.” (Information Systems Security)

These types of exposures are the cause for nearly half of all data breaches according to a cooperative study conducted by the Verizon Business RISK team and the United States Secret Service (McAfee). Symantec reports that in most of these cases, the employees are often unaware of the business’ data security policies and end up storing, sending, or copying sensitive information unencrypted.

Of course, there is also the risk of external data exposure. In many cases, external data exposure can be the result of a targeted attack. According to Symantec, over 90 percent of the data records breached in 2008 “involved groups identified by law enforcement as organized crime.” Computers and servers without the latest security patches, improper computer configurations, targeted malware, and email, web-based, and FTP systems with weak passwords are a few of the ways outsiders find their way in to steal sensitive information.

When sensitive information is hacked, a legion of troubles can follow. From lawsuits to losses in current and future client-bases, companies and organizations can take major hits (Small Business Trends). And if you don’t have the proper cyber liability insurance, you’re looking at expenses that could quickly run your company or organization completely dry.

Cyber liability is something every business needs in addition to safety policies and procedures for encrypting and limiting disclosure of information. Contact Lamb Financial Group at 1-866-481-5262 to learn more about the cyber liability insurance options that are available to businesses and nonprofit organizations.

Image courtesy of Stuart Miles / Freedigitalphotos.net