February 2017

In today’s high-tech world, individuals can carry thousands of client files on flash drives in their pockets or purses. People are conducting business on the go and sensitive information is accessible at the click of a button. Managers are using their laptops or tablets through “hot spots” at local coffee shops to access customer databases. Healthcare professionals shopping at supermarkets can get patient files on their smartphones. If you think of information security breaches primarily in terms of malicious hackers cracking the networks of big corporations from thousands of miles away, think again.

The hacking of such corporate giants as Global Payments, Epsilon, and Sony prove that size and sophistication can’t stop data thieves. However any company that stores customer information in electronic format is vulnerable to cyber privacy liability exposures than can cost megabucks – or even put a firm out of business – which means they need insurance against these risks.

Cyber Liability coverage can protect your business against breaches of privacy from unauthorized access, physical taking, or the mysterious disappearance of confidential information that leads to third-party losses resulting from identity theft. Depending on your needs, the policy can also provide a variety of coverages, such as Business Interruption, Cyber Extortion, and Systems and Data Recovery. Other options can cover the cost of contacting those affected by the data breach, computer forensics to analyze the breach, fines and penalties, potential HIPAA (client medical records) exposures, and online activities on your company site. The development and expansion of Cyber Liability coverage during the past two decades has paralleled the explosive growth of computer technology: Today’s policies are increasingly comprehensive – and inexpensive.

“Cybersecurity is definitely no longer a server room issue,” says David Finn, Executive Director at the Microsoft Cybercrime Center. “It’s a boardroom issue.” He notes that on average, it takes 243 days before an organization even knows that it was penetrated by a cybercriminal.

Today, when one in five businesses are the target of a security breach, bad things are inevitably going to happen. That’s why looking at your organization from “the bad guy’s perspective,” says Tiffany Rad, is crucial. Rad is rated one of Bloomberg’s top “white hat” hackers (computer specialists who break into protected networks to test security and advise organizations on improvements).

One of the most difficult things in Rad’s industry is protecting against insider threats. But she notes there are products entering the market that have “an algorithm to check for abnormal patterns, when it looks like someone’s going to sites perhaps that they shouldn’t be during working hours or they’re on different hours than normal.”

In terms of external threats, there’s a lot of attention on protecting businesses as they move to the cloud. Ken Biery Jr., Verizon’s Managing Principal of Governance, Risk and Compliance, explains that it’s important to provide physical and logical security. Rad agrees, noting that in addition to firewalls and antivirus software, protection against malware is critical as more and more hackers look to steal intellectual property to give themselves or your organization’s competitors a heads-up on what your organization is planning.

You’re “only as safe and secure as your weakest link,” says Finn, admitting that when you rely on the cloud, “you trust that an organization is going to invest enormously in your security.”

But, as Biery sees it, “the good thing about a lot of the cloud providers that are out there is their default security, and the security they built into their environments are often better—especially for small and medium businesses—better than what they could do themselves.”

Biery also points out that companies need to stay in control with the advent of BYOD (Bring Your Own Device). With mobile device management, “you can take and keep your sensitive information in an encrypted container on that employee’s phone. So it kind of exists as its own virtual machine in that environment,” he says, explaining that you can delete access and the encrypted container without affecting personal data such as photos.

The bottom line, agree the experts, is that companies of all sizes need to amp up protection. Even if you think your business information isn’t of interest to others, Rad assures us that there will always be hackers that find your digital footprint interesting and will do something with it—if only because they can.

By definition, there’s nothing really wrong with viruses. They’re just self-replicating, that’s all. If the cash in your wallet was self-replicating, you probably wouldn’t complain. Virus researcher Fred Cohen has even put out a $1,000 bounty for the first developer who can come up with a truly helpful virus. So far, he hasn’t paid out, but theoretically, a good computer virus is possible.

“Helpful” worms, however, may prove that even a “good” virus is a bad idea.

Helpful worms like Welchia, Den_Zuko, Cheeze, Mellenium and CodeGreen were designed in the name of helping the user. Welchia’s design was actually kind of clever, finding and eliminating the Blaster worm by seeking out the same vulnerabilities as the Blaster worm, and then, usually, applying a security patch to keep any other worms from working their way in. The Welchia worm was programmed to automatically remove itself at a set date.

Here’s the problem though: The main thing that worms do is slow down your network by feeding a constant stream of data through it. Whatever else they might do, that’s the main thing people hate about worms. A helpful worm slows down the network just as much as a harmful worm will. Additionally, helpful worms are known to reboot the computer without the user’s consent, which can be a major problem if you’re right in the middle of a project that you haven’t saved recently.

Helpful viruses are an interesting idea in theory, but they still self-replicate without the user’s consent, they still eat up RAM and other resources, they still slow the network down. As technology advances we may see a day when helpful viruses are able to actually improve a computer’s performance without any adverse effects. For the time being, however, there is that old saying about where the road paved with good intentions leads to…

Technology has advanced the speed and scale at which consumers can communicate about their brand interactions. As a result, businesses have had to determine how to respond to customers on a personal level in what is now a very public, digital space.

If a person had a poor customer experience at a restaurant a few years ago, they may have warned friends not to eat there or written down their complaints on a comment card. Today many people feel comfortable venting their frustrations to an exponentially larger, public audience: the entire Internet. Many companies are still struggling to identify which grievances necessitate a personal reply, which ones can be left alone, and which complaints require escalation and/or a security response.

We reached out to our Microsoft privacy experts again this week to ask how companies should approach online customer feedback, especially where privacy and security are concerned. In an interview with Microsoft for Work, Marisa Rogers, Global Sales and Marketing Privacy Manager, and Kristi Berry, Senior Privacy Manager weighed in on the issue.

Berry: This is a huge question. Things have changed a lot because of evolving industry trends and evolving attitudes towards technology and social media. In general, people are much more comfortable with these types of data collection and comfortable with this social, digital world. They are more aware and paying much more attention to what’s going on. For us that makes it more and more important to provide the right levels of controls for the customer to manage their privacy.

Rogers: There were recent news reports of a man who was boarding a Southwest flight and tweeted about his bad customer service experience with the gate agent real-time. He included the agent’s first name and the gate location where he boarded his plane. It caused him to be removed from the plane and to be interviewed by security officials before he was allowed to go on the flight. Certainly in the public space, people are increasingly using social media to comment both positively and negatively on customer service.

Now, in this particular case, [there was] heightened sensitivity because it had to do with a situation in an airport where someone was complaining about a bad experience. Companies will need to carefully consider how they respond to make sure the response is proportionate to the complaint. There are many examples of companies responding to feedback on social media that are both good and bad.

Rogers: In the first place, you have to be prepared to receive the complaints. You should have a plan of action on how you want to address questions or comments that are neutral-to-negative to your business. This may include having some standard answers ready to go and thinking about how to diffuse difficult situations through social media. Remember you can take it offline if it’s more appropriate to address the person’s specific issue.