An independent insurance agent can help you make the choices that are right for you.
An independent insurance agent can help you make the choices that are right for you.
BYOD: How to Protect Your Company While Giving Employees Mobile Flexibility
The “Bring Your Own Device” trend isn’t one that will be going away any time soon. More and more, companies are adopting the practice of allowing employees to use their own mobile devices – from laptops and mobile phones to tablets – for business purposes. This can reduce expenses for the company while giving employees freedom to work from the road or use their preferred interface. However, the BYOD practice also exposes companies to significant risk. Mobile devices, after all, are more likely to be stolen than a desktop securely tucked away in an office. Not to mention, a major information security vendor identified 14,000 new kinds of software designed to compromise mobile devices and data in a three-month period.
When approached the right way, including utilizing risk management best practices, some companies can benefit from BYOD both financially and when it comes to employee morale. For companies that allow employees to use their own mobile devices, there are three main risks to address: theft, loss and cyber crime. To help reduce the risk of these exposures, employers should institute seven simple best practices:
Tips for Managing BYOD Exposures
While developing, sharing and enforcing best practices for employees is an important risk management step, it is still possible that a mobile device used for business purposes can be stolen, lost or hacked. Employees should have a clear set of instructions for reporting and handling these situations. From notifying the police and the company’s technology department to understanding what information is more important to share, having a clear plan in place can help expedite the process of addressing the loss or cyber incident.
Risk management professionals like insurance agents and brokers, along with a company’s technology department, can help develop a response plan for employees. Agents and brokers can also provide solutions such as cyber insurance to help protect against financial losses, support data recovery and address other key issues associated with a breach or lost or stolen device.
Protecting Against Cyber Risks: It takes a variety of tools
It is hard to go online or pick up a paper lately and not read about another cyber breach. These constant reminders have caused many businesses, both large and small, to step back and consider how best to use the internet safely and securely.
In fact, cyber risk has become so prevalent that the President issued an executive order in February 2013 that directed the National Institute of Standards and Technology to work with various stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. On February 12, 2014 the Framework for Improving Critical Infrastructure Cybersecurity was released.
As businesses consider protecting themselves against cyber-attacks, it is important that they utilize a variety of tools and resources to build out their cyber plan in order to be as prepared as possible. Travelers is extremely committed to helping to educate about cyber risks and we offer numerous online resources and insurance coverages to help business owners navigate the growing threat of cyber risk and keep their assets and their customers’ assets safe. Some examples of our online resources include:
At the same time, as a leading expert in cyber exposures, we know that data breaches and other cyber-crimes are often inevitable. With this in mind, we offers specialized cyber coverages to address a wide range of risks associated with different sizes and types of businesses.
All of Travelers’ cyber solutions are designed to provide an option to include coverage for forensic investigations and litigation expenses associated with breaches. Many coverages also go so far as to include regulatory defense expenses, crisis management expenses, business interruption support and cyber extortion.
Businesses that are educated about cyber risk and have a plan in place to protect against them will be the best prepared to tackle this increasingly growing problem.
Bring Your Own Device: Benefits and Risks of Employees Using Personal Mobile Devices in the Workforce
Cybercrime continues to be among the world’s fastest growing criminal threats. This poses a challenging decision for companies considering adoption of the “bring your own device” (BYOD) trend, where employees use their personal mobile devices such as tablets, phones, and laptops to conduct company business.
Allowing employees to use personal devices has both benefits and drawbacks, particularly in industries such as insurance where many employees are traveling, out in the field and have sensitive information. On the one hand, allowing the use of personal devices for work can be cost effective, efficient and streamline employees’ access to information. On the other, it may create several potential challenges and risks.
However, putting a smart risk management strategy in place can help protect against the exposures associated with the BYOD trend.
BYOD Driving the Bottom Line
There are a variety of benefits to companies that allow employees to use their own devices for work purposes – each of which can help impact the bottom line. First, allowing employees to use their personal phones, laptops and tablets eliminates a potential cost to the company. The organization does not need to provide these items to employees who are traveling, regularly in meetings, or working remotely.
The ability to stay connected creates higher productivity and makes it easy to stay on top of work and important issues despite being away from the office.
Being able to use personal devices also supports better customer service. Employees will be able to respond to client needs in real time.
BYOD Escalating Risks & Challenges
The threat of cybercrime is a reality all companies face today – regardless of whether or not an organization has embraced BYOD. Cyber criminals can get through a company’s firewalls, send viruses and hack into company-wide or individual accounts. However, organizations can put certain protections in place to minimize the likelihood of breach – and monitor those protections closely. With personal devices, companies have much less control over how or where the device is used and lack the oversight that exists with in-office technology.
The lack of oversight can translate into increased likelihood of personal mobile devices being hacked. Typically, companies will require employees to use sophisticated passwords and will ensure any confidential information is also kept secure by password protection and limited access.
Employees today are also commonly storing information in their personal cloud to access it from their mobile device. According to data from network security firm Fortinet, 89 percent of young workers have personal cloud storage. Seventy percent of those individuals use that storage for work-related files, and 33 percent store customer data on their personal cloud, allowing them to gain access to it from their mobile devices1.
Hacking and viruses aside, an equally damaging threat is simple theft. Roughly one-in-three robberies in the U.S. involve mobile phones, according to the FCC2. Laptops and tablets are also frequent targets for criminals. Once a criminal has a physical device, any information contained within it – or available through it – is at risk of exposure.
When criminals secure confidential information, it puts the company at risk for not only corporate data and information being exposed, but also for clients’ personal information to be comprised or stolen, allowing criminals to potentially commit identity theft.
Managing BYOD Risk
Providing best practices for employees who choose to use their own devices can be one way to help manage exposures. Simple steps, such as enabling auto-lock on devices, adopting passwords that combine letters, numbers and symbols and ensuring employees keep the devices in a safe place at all times can go a long way in minimizing risks for hacking and theft. In addition, requiring employees to engage with the corporate IT department can help them not only understand the exposures their mobile devices present, but will also give them the resources they need to put the best possible protections in place.
In the event a laptop is stolen, a phone misplaced, or an account hacked, cyber risk insurance policies can serve as a safety net. From providing the resources needed to stop and investigate an incident to delivering necessary financial support, cyber risk coverage can help companies minimize both their financial and reputational risks.
As BYOD becomes more prevalent, organizations will have to take a stance on the use of personal devices for work-related activities. While BYOD provides both benefits and challenges, businesses should also keep in mind the power of smart, strategic risk management through best practices and relevant insurance solutions.
1) Fortinet global survey shows generation y’s hardening stance against corporate byod/bring-your-own-cloud policies as emerging technologies enter the workplace. (2013, October 21). Retrieved from http://www.fortinet.com/press_releases/2013/fortinet-global-survey-shows-employees-against-byod-policies.html
2) Terry, C. (2013, June 05). U.S. officials to meet over cellphone thefts. Retrieved from http://www.usatoday.com/story/money/business/2013/06/05/us-officials-to-meet-over-cellphone-thefts/2393617/
New Year, New Risks: Cyber Issues to Consider in 2014
The New Year represents a time for many companies to evaluate their successes, business goals, operations and risks. While businesses may not be able to anticipate every risk that they will face this year, one thing is for sure: cyber security should be a concern for businesses large and small. Undoubtedly, the cyber landscape is continuing to evolve as cyber criminals become smarter and more creative about their tactics to steal information from companies.
Technology and the sharing of information are central parts of both business operations and our everyday lives, which is why it is imperative that businesses understand the many forms cyber risks take, so that they can protect, their data, their bottom line, their customers and their reputations.
In fact, according to the Travelers’ Consumer Risk Index, 64 percent of individuals cite personal privacy loss or identity theft as a significant concern. And, according to the Verizon 2013 Data Breach Report, there were more than 47,000 reported security incidents and 621 confirmed data breaches from the past year. Over the entire nine-year range of this study, that tally now exceeds 2,500 data breaches and 1.1 billion compromised records. And, those represent only reported incidents
So, what should businesses be concerned about when it comes to cyber security in the New Year?
As more and more businesses are faced with these issues and risks, it is important to proactively protect against them. A great first step is talking to an independent agent who can help educate them on their businesses’ cyber risk exposures.
12/2/13 Is your business ready to protect against cyber attacks this holiday season?
Despite the shortest shopping season since 2002, Adobe Systems predicts this year will see the highest-ever online spending during the U.S. holiday season. While record numbers of shoppers are expected to jump online to purchase their holiday gifts, there is also strong concern over cyber security. According to the Travelers Consumer Risk Index, 64% of Americans worry regularly that their bank or other online accounts may be hacked into. Source: http://www.adobe.com/solutions/digital-marketing/digital-index.html
With this in mind, it is more important than ever that businesses protect themselves against cyber attacks this holiday season and Tim Francis, Enterprise Cyber Lead at Travelers, which offers cyber insurance solutions to protect a business’ assets against cyber threats, suggests the following:
10/28/13 Secure computer networks and data to prevent cyber-attacks.
All organizations from large to small are susceptible to cyber threats because every organization stores a variety of data – some critical to how your company is run, and other sensitive information about your employees and customers. Either can be vulnerable to cyber-attacks that could jeopardize your operation and your firm’s reputation if it’s stolen, lost or infected. It is recommended that organizations adopt firewall and antivirus technology and for IT managers to ensure that browser and email programs have default security settings that limit access point for cyber hacks.
Some other data security best practices include:
Since all organizations can be vulnerable to cyber-attacks, it is recommended they create an incident response plan. Learn more
10/22/13 Require employees to have strong passwords
A data breach can cost your business time, money and your reputation. In fact, a recent study revealed that the cost of a data breach per record is $188, which can add up quickly. For example, a breach involving 10,000 records could cost nearly $2 million—Ponemon Institute© Research Report: “U.S. Cost of a Data Breach Study, 2013”
Breach of passwords is one of the top cyber risks. Hackers can penetrate a system and access passwords. Employees with relatively common passwords leave their computers and accounts open to attack. A best practice is to require employees to use more complicated passwords and to change passwords on a regular basis. Also, consider a policy that requires employees to use passwords that include numbers and letters in different sequencing patterns.
Learn more about strong passwords here.
10/15/13 Think before you click
According to the U.S. Federal Trade Commission, phishing takes place "when internet fraudsters impersonate a business to trick you into giving out personal information."
Today, organizations depend heavily on technology, and most take advantage of social networking, BYOD, and cloud computing to run more efficiently and increase productivity. However, these activities make organizations susceptible to cyber-attacks. Don’t let your organization become phishing bait, as cybercriminals become smart about luring users into divulging sensitive corporate data.
Learn how you can avoid such attacks; here are some tips from www.onguardonline.gov:
Learn more about cyber security here.
10/8/13 Communicate with your employees
Business owners should make it a priority to communicate clearly and consistently to employees about their organization’s cyber risk management strategies. When each employee is made aware of their role in the company’s cyber security efforts, it often empowers them to take a more active role in managing cyber risks. Even small initiatives like establishing employee usage policies for social media platforms, public Wi-Fi access and how to handle proprietary information like Social Security numbers and credit card information helps make employees’ individual security responsibilities clear.
Learn more about providing cyber security training for employees here.
10/1/13 Plan ahead
Every business should plan for a cyber-threat, including a data breach - the potential loss or theft of company and customer data.
There were more than 47,000 reported security incidents and 621 confirmed data breaches from the past year according to the Verizon 2013 Data Breach Report. Over the entire nine-year range of this study, that tally now exceeds 2,500 data breaches and 1.1 billion compromised records.
A data breach can hurt your brand, customer confidence, reputation and, ultimately, your business. The importance of data to your company’s daily operations cannot be overstated. Knowing what data security regulations affect your business and assessing your company data security gaps can help you develop a plan for keeping your data secure.
Learn more about keeping your business cyber safe here.
Travelers Casualty and Surety Company of America and its property casualty affiliates.
One Tower Square Hartford, CT 06183
This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.