ARDMORE, Pa. — The use of credit and debit cards is at an all-time high, but the risk of fraud and financial loss doesn’t end there, making it extremely important to protect your drycleaning business’ data and information.
DO-IT-YOURSELF RISK MANAGEMENT
The increasing threat of data security breaches makes it important for every dry cleaner to reinforce their security practices. But how can any dry cleaner or laundry business manage this risk?
Security experts agree that the easiest place to start is strong password protection. Yes, password protection, something a surprising number of IT-sophisticated businesses often fail to master. Many recently exposed “hacking” cases have been traced back to weak passwords that were either (1) not encrypted or “salted,” or (2) not changed regularly.
If managing passwords for all of the operation’s servers, apps, cloud services, databases, tablets and laptops seems daunting, there are affordable password management professionals and software that will do it for you—usually with a big price tag.
Other tips to help secure the drycleaning operation’s data, reduce its potential liability and, in many cases, reduce the cost of insurance, include:
- Controlling access to data.
- Limiting delivery and exchange of customer-related documents and information to secure channels.
- Leveraging firewalls, virtual private networks, and anti-virus/anti-spam software as well as securing access to networks and mobile devices.
- Conducting regular assessments of possible risks to reveal hardware, software and individual site vulnerabilities.
- Create and implement a data security plan that includes immediate notification of all affected parties.
- Share the liability by demanding similar protocols with vendors, and checking for compliance.
INSURANCE TO THE RESCUE
The data in your drycleaning business is probably not protected, since liability for loss of customer or employee data is not typically covered under many of today’s insurance policies. Some existing business insurance policies do offer general liability while directors and officers (D&O) liability may provide a measure of coverage for these areas. However, as the risk escalates, many dry cleaners are discovering significant gaps in what is and what isn’t covered after a hack attack. Unfortunately, by then it’s too late.
A business interruption insurance policy will rarely come to the rescue in the event of a system failure caused by a malicious employee, computer virus or a hack attack on the drycleaning business. Identity theft, telephone hacking and phishing scams are other very real possibilities rarely covered by traditional business interruption policies.
While few “umbrella” policies or blanket liability insurance policies cover these types of losses, a new form of insurance, cyber liability insurance, has been available for almost 10 years. Unfortunately, it is rarely purchased.
Cyber liability insurance can cover hacker attacks, viruses, and worms that steal or destroy a drycleaning business’ data. Even e-mail or social networking harassment and discrimination claims can be covered along with trademark and copyright infringement. Cyber liability insurance will often cover the loss of profits because of a system outage caused by a non-physical peril, such as a virus or attack.
A drycleaning business purchasing cyber liability insurance will have special protection against digital issues. The new cyber insurance products available today can help protect the business from cyber problems that could cause tremendous hardships.
When looking into cyber insurance, common sense dictates that all potential risks should be covered, including laptops and mobile phones. Portable devices make it much easier to both store and to lose information. For example, a missing USB stick, a stolen iPad or a laptop left in a taxi are all real possibilities and, for a hacker, a gold mine. There are viruses being built just to attack mobile devices.
A good insurance company will make sure the drycleaning business has all possible protection in place. It can make sure a firewall is in place to protect the network and help create social media policies that reduce risk. Even if data is stored in the cloud, the business may still be liable for a breach. Although controlling how a cloud provider handles the operation’s data is almost impossible, cyber insurance can protect the drycleaning operation from their mistakes.
Large corporations may have risk management budgets, while small businesses usually don’t. Unfortunately, most hack attacks target businesses with less than 250 employees, a group where few have the financial means to pay the fees and lawsuits that come with privacy breach or data loss, but also to stay afloat throughout the process.
HACKING THREATS
A few stats to keep in mind about cyber risk:
- The cost of a data breach per record, according to the Ponemon Institute, is $204;
- The average total per-incident cost of a data breach, also according to Ponemon, was $6.75 million;
- Identity theft is the second most common concern among Americans today, according to Travelers’ Consumer Risk Index;
- A recent Pew Research survey showed 21% of Internet users have had an e-mail or social networking account compromised or taken over by someone else without permission.
The bottom line for many drycleaning businesses is this: Hackers are getting more sophisticated every day, sometimes forming syndicates of like-minded criminals to share information and new techniques. Businesses, even small businesses, are increasingly in their crosshairs and need to use every protection available to fight back against the growing cyber threat.
Miss Part 1? Read it HERE.
Have a question or comment? E-mail our editor Dave Davis at [email protected].