Personally Identifiable Information (PII) and Its Importance In Protecting Small Firms

In today’s digital age, protecting Personally Identifiable Information (PII) is not just a necessity for large corporations but a critical task for small firms as well. The rise in cyber threats has made PII protection paramount for businesses of all sizes. But what exactly is PII, and why is it so crucial for small firms to safeguard it?

Understanding PII

PII refers to any data that can be used to identify a specific individual. This includes names, addresses, phone numbers, social security numbers, and more. For small firms, this information is often collected from customers, employees, and even business partners. The protection of this data is essential in maintaining trust and ensuring compliance with various regulations.

The Growing Threat of Cyber Attacks

Cyber threats are becoming increasingly sophisticated, and small firms are not immune. In fact, small businesses are often seen as easy targets by cybercriminals due to their sometimes lax security measures. A single breach can lead to significant financial loss, legal repercussions, and a damaged reputation.

Why PII Protection is Crucial for Small Firms

  1. Trust and Reputation: Customers trust businesses with their personal information. A breach can shatter this trust and damage the firm’s reputation.
  2. Compliance: Various regulations require businesses to protect PII. Non-compliance can result in hefty fines and legal issues.
  3. Financial Protection: Data breaches can be costly. Protecting PII helps prevent financial losses associated with cyber attacks.

Engaging and Informative Resources

To illustrate the importance of PII protection, we’ve created a video featuring “Don I, Your Insurance Guy!” Don breaks down complex insurance topics into simple, easy-to-understand segments, making it clear why PII protection is a must for small firms.

Don’s engaging explanations and real-world examples will help you understand the critical steps needed to protect your business from cyber threats.

In summary, PII protection is not just a regulatory requirement but a business imperative. By taking proactive steps to safeguard personal data, small firms can prevent cyber attacks, maintain customer trust, and ensure long-term success. Stay informed, stay protected, and ensure that your business is a fortress against cyber threats.

For more information and detailed guidance, contact us today! Protecting PII is an ongoing effort, and staying vigilant is the key to safeguarding your small firm.

Real-life Cyber Claim Examples: The Importance of Cyber Insurance

It seems as though everyone likes to hear a good war story and it is no different when it comes to cyber claims. Besides price, it may be the most asked question I hear – What kind of claims are being filed? Can you give me an example of a claim to show that this is real and I should be buying a policy? So, let’s delve into this topic and let me tell you a couple of real-life cyber claim scenarios:

War Story 1: The Case of Accidental Data Loss

A small law firm lost all of their data, including backups, from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had three lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm.

In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backed up the emails on the server, formatted the hard drive, and reinstalled all the software. Unfortunately, the IT administrator did not remember to backup the data from the smaller firm before formatting the hard drive.

The firm suffered an interruption of operations as a result and incurred significant expense to recover the data manually. In this case, the damages and loss are as follows:

  • Data Restoration Expense: $23,000
  • Loss of Billable Hours: $8,900

War Story 2: The Case of Accidental Data Breach

A law firm handling Qui Tam cases suffered an accidental data breach resulting in legal liability and disciplinary proceedings for alleged ethical violations. The firm used a cloud storage service for all firm data. The cloud storage provider offered two tiers of service to clients, free and premium.

Data in the “free” storage service is searchable and can be downloaded by other customers. The firm neglected to pay their renewal fees for the “premium” service, so the firm’s account reverted to the “free” service and all of the firm’s data was searchable and available online for several months. During that time, numerous parties downloaded the details of a sensitive whistleblower case.

As a result, the firm faced a lawsuit from the former client in the whistleblower case as well as a disciplinary proceeding. Several other suits from other current and former clients are also pending. In this case, the damages and loss are as follows:

  • Notification Expense: $27,000
  • Defense Expense: $305,000
  • Damages: $2,150,000
  • Fines & Penalties: $120,000

Note: pending suits from other clients are not included in loss amounts listed above.

These examples illustrate the real-life implications of not having a robust cyber policy. In today’s digital age, where data breaches and cyber attacks are becoming more common, having a comprehensive cyber insurance policy is not a luxury, but a necessity. It’s time to take a proactive approach to protect your firm and clients from potential cyber threats.

Maximizing Your Cyber Insurance: Understanding the Full Range of Protection

Most of the calls I receive about cyber insurance are for Fraudulent Funds Transfer.  This seems to be what the caller is most interested in and for good reason especially if your profession is in the area of law, real estate, or title/escrow work.  However the cyber policy is much more than just fraud transfer coverage.

The policies are usually what I consider a program or a suite of coverages made up of first and third party benefits and a strong risk management team.  Several of the carriers that write cyber insurance will perform or run an analysis of your website/online presence and identify weakness that exists and exposures that may lead to a cyber attack or event.  The carrier prepares a report that will not only identify the weakness but will also offer suggestions on how to correct or eliminate the exposure.  They also will rank or compare your cyber situation and scan results to other companies of similar size and industry. Allowing you to see if you’re keeping up with others in your industry in keeping your business, your clients and your customers safe from cyber attacks.

Other benefits provided by most cyber policies include: Notification costs.  Did you know that the government requires you to notify your customers in the event you have a cyber attack and personal/confidential data is compromised?  Think of how many files you have.  It won’t be cheap to notify and complete this task.  Ransomware.  Think you’ll never become a victim of this because your office is too small, and you don’t have or keep large amounts of personal confidential information? Think again.  Everyone is a target for this type of claim.  A hacker breaks into your computer system and stops your ability to use it or shuts down the entire system unless you pay XX amount of dollars.  How long can your office run with no access to your computer system?  

Fraudulent transfer of funds, risk management team services, strong claims team, notification costs and Ransomware coverage only scratches the surface of what coverages/benefits are provided in most cyber policies.  Although you may only have interest in one or two of these you need to be aware of all the coverages available to you in your cyber policy.  Rarely in a cyber claim is only one benefit/coverage part triggered.  Usually several parts come into play.  Don’t short yourself by not knowing all of the coverages and assistance that is available to you under your policy.  Read it and call your broker, and or the risk management team of the program with your questions.

Cyber Security Challenge Level 4: Always enable multi-factor authentication

Welcome to the level up your cyber security in October program courtesy of integrity first Corporation. 

We’re on level four, the final week, which is enabling multi-factor authentication, or you might know it as two factor authentication. 

Now in computer security an authentication factor is anything you use to authenticate yourself with a system. Using a password is the most common type of authentication. With multi factor authentication, MFA, or two factor authentication 2FA, you use two or more different factors to log in. 

One example is a password and a verification code sent to your smartphone. This is something that’s really common whenever you sign into banks. This is an extra layer of security. So even if one of your factors is stolen, like your password, the hacker doesn’t have access to the other authentication factor like your phone. 

This stops them from accessing your account. As more and more organizations implement multi-factor authentication to strengthen their security practices, you might encounter different types of authentication factors. 

There are three different types you might be asked to provide. So something you know, which are passwords and security questions. Something you have, such as a verification code on your phone or a key card or something you are such as biometrics, like your fingerprint or a scan of your face. The more factors you use, the better your security. 

Having a combination of authentication factors is an even better way to keep your data protected. 

If you have any questions about any of these levels, please contact integrity first Corporation for help.

Cyber Security Challenge Level 2: Passwords – Long, Unique and Complex

Welcome to integrity first Corporation, cybersecurity in October program. In week two, we are going to discuss using strong passwords and perhaps a password manager. 

To create a strong password, there are a few tips and tricks to remember. The reason that you want a strong password is it’ll help you keep your data secure. In fact, according to studies have found that a passwords guessability by hacking software decreases exponentially with every additional character. 

Creating something that’s easy to remember, but hard to guess is key to a successful password. 

Perhaps you’ll want to incorporate a favorite song, a favorite quote, your favorite sports player into a password and it becomes more complex and difficult to guess. You’ll want to make sure that it’s at least 12 characters long, has uppercase and lowercase letters in it, has at least two numbers, and it has at least one symbol in it. 

One thing that I commonly suggest is use the lyrics to one of your favorite songs like flymetothemoon!12 or something along those lines. You want to make sure that it’s something that might be a little bit more difficult for someone to perhaps put in, guess, or even have machine learning guess. 

The other thing is, you’ll want to have a unique password for each account. 

The average American has over 90 passwords. So one thing that you’ll want to do or look into is a password manager app that can help you remember your passwords. A password manager is basically a secure vault for all of your passwords. Basically like a glorified post-it note that sticks on your computer, but a lot more secure. 

You only have to remember the one password to get into your Password Manager app, which will allow you and your computer to access the rest of your passwords for all of your logins. 

Typically, depending upon the application that you purchase, you can access these passwords on your phone, tablet, laptop or desktop. This also means you can and should create different passwords for every single online account that you have. This should keep you ahead of any hackers.

Let INF know if you have any questions and join us next week for Level Three.

Cyber Security Challenge Level 1: How To Spot A Phishing Email

Welcome to integrity first corporations cyber security in October program. Week one, we’re going to talk about recognizing and reporting phishing. 

A few quick facts: cybercriminals sent over 3.3 billion phishing emails last year. This caused over 4000 data breaches then exposed over 22 billion personal records. 

But it’s not enough to know that phishing emails are out there. You also need to be able to recognize them and report them. 

So today, we’re just going to quickly review a few of the highly used phishing email types and tactics. 

The first type is a reward or a free gift message. Free things are really enticing, but they can also be dangerous. If you get an email saying you won a free TV or click here to enter a prize drawing, you need to be on high alert. Hackers are definitely trying to bait you into clicking a malicious link. 

The second type is a login or password message. Another type of phishing email will ask you to verify your account by logging into a fake web page or updating your credentials on this fake web page. These emails will collect your username and password which gives a hacker instant access to your account. 

A third phishing email type is an urgent message. An urgent message email is designed to get you to act fast. It might tell you that your account was hacked or it’ll be deactivated; click here to restore it. Fear makes people do things without thinking, so slow down and make sure that this urgent message is from who you think it’s from. 

The final type of common message is internal messages. This type of phishing is also called spoofing. Hackers will try to impersonate or spoof people at your company, like your HR rep, somebody in your IT department, or maybe even a co-worker. An internal phishing message email might ask you to click on a link to read and sign a policy, read a new document about company wide updates, or even handover sensitive information via purchase. 

If you think you’ve encountered a phishing email, you need to follow your company’s procedures for recording it. Once the right people are notified, they can help you to determine if it’s a phishing email. Whatever you do, do not click on the links, don’t reply to the email and don’t send it to anyone else.

We’ll see you next week for Level Two.

Have You Taken The Steps To Purchase A Stand Alone Cyber Policy?

cyber insurance

Over the last couple of years, I’ve been telling clients and prospective clients alike that now is the time to buy a stand alone cyber policy.  If you haven’t taken the steps to purchase a policy, there couldn’t be a better time than right now.  

Claims are increasing: Ransomware, malware, phishing schemes and fraudulent funds transfer just to name a few of the claims issues that seem to be an everyday occurrence.  Because of the increasing claims, obtaining a standalone cyber policy is getting a little more difficult.  

Carriers are beginning to get a little more selective on who and what industry they want to insure. Policy terms and conditions are beginning to get a little stricter and some carriers are even beginning to exit the marketplace and not offer coverage at all.  

Just a few months ago, one of the larger carriers that write cyber insurance did exit the market and no longer writes the coverage.  Worse yet, one of the ugly consequences of all this, is that the pricing on cyber coverage has started to increase and let’s not forget that ugly word inflation that also is playing a part!

If you haven’t purchased a cyber insurance policy yet, do it now or at least apply for coverage so you can review the offer and make an informed decision.  Keep delaying the process or decision and you may find yourself unable to secure coverage at all and the market has made the decision for you. 

Have any questions about the topic discussed in this article? Contact us today! 412-563-2106.

Hackers Have Now Exposed Over 8 Billion Username and Password Combinations – Were Your Credentials Among Them?

Hackers Have Now Exposed Over 8 Billion Username and Password Combinations

The week of June 7th may have seen the biggest release of hacked data ever published to the dark web.  Hackers publicly released over 8 billion username and password combinations!

A 100GB list of data assumed to be stolen during various hacks was posted to a popular hacker forum.  This is now being referred to as the “RockYou2020” list.

Want To Check To See If You Were A Part Of This?

Check here to see if your data was part of this dump:

To use this tool, all you must do is enter your email or phone number.  The tool can safely access the hacked username and password combinations on the dark web.  It will let you know if your data is found.

What To Do If Your Data Was A Part Of The Released Data

If the tool tells you that your data was compromised, you should start mitigation steps immediately.  Go to every account that uses the exposed username/password and change the password.  Be sure to use different passwords for each account that are considered to be “strong”.

Want to know what makes a strong password?  A rule of thumb is to create a password that has the following 6 characteristics:

  1. More than 12 characters
  2. Contains at least 1 uppercase character
  3. Contains at least 1 lowercase character
  4. Contains at least 1 number
  5. Contains at least 1 symbol
  6. Contains no “real” words that could be guessed via a dictionary attack (where they go through a list of words from the dictionary and try to guess your password)

In addition, you’ll want to be sure to look for any unexpected activity within the account.  Make sure that all of your personal information is correct and that no money has been transferred unexpectedly.

If given the option, turn on the “Two-Factor Authentication” (or “2FA”) option associated with the account.  This will require you to enter a code from your cell phone or email to authenticate who you are.  2FA protects your accounts from hacker dumps like this.

Yes, this is a pain.  However, it’s better to have your personal and financial data protected. 

How To Protect Your Data Easily Using Password Managers

There are ways to make tasks associated with passwords easier.  According to a study by NordPass, the average person has 100+ online passwords.  Who can remember that many passwords?

INF recommends using a password manager like KeePass or 1Password.  A password manager will help you create and remember well-formed passwords for all of your accounts.  In fact, you can copy and paste from these managers, so you don’t have to type anything going forward.

These password managers can also be installed on your phone.  This makes browsing the web a breeze when you need to access your passwords.

Is There Anything That You Can Do To Protect Your Business Further?

Yes, you can protect your business with a cyber liability policy.  These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more. 

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

Does my Legal Malpractice Insurance Cover my Cyber Exposures?

Does my professional liability insurance policy Cover me for cyber risk?

The short answer is, sometimes. This is a great question. There are some policies out on the marketplace that do advertise that they cover both professional liability insurance and cyber. But if you’re really serious about covering yourself in the event of a cyber breach, you need to look into what is called a standalone policy, not any kind of combo cyber professional liability policy.

If you do look into that type of coverage, you’ll notice a few things. One, the cyber coverage is usually ancillary to the primary coverage of professional liability insurance and the limits that are available for the cyber are usually very, very small, somewhere between $15,000 and $25,000. Last year the average cost of a cyber breach for a small to mid sized firm was about $250,000. The other important note is that 50% of those that did have the breach, were out of business within six months of the breach.

Contact us at INtegrity First Corporation with any questions you may have regarding cyber liability insurance.

What is Privacy Regulatory Claims Coverage and Why is it Important?

What is privacy regulatory claims coverage in a cyber liability policy?

Wow. That’s a mouthful.

The regulatory coverage in a cyber liability policy actually pays for and protects you against the fines and sanctions that may be levied against you from state, local and federal governments for not properly ensuring the data that you’re responsible for.

Don’t get caught, make sure this coverage is in your cyber liability policy.