You wouldn’t run your business without proper general liability, property or auto insurance. So why
would you remain unprotected from cybersecurity risks that can impair your business?
Currently, there are over 3 billion internet users in the world. The estimated global internet penetration
in 2018 has reached 42%, of which over 84% is strictly in the US. In North America alone, there are
about 1.3 e-commerce companies.
– 1. Many technology users and companies lack awareness about the risks of ransomware and other
cyber attacks that can harm their business.
– 2. Over 50% of the main street, as well as e-commerce companies, lack understanding of the
existing risks and consequences of conducting business online or maintaining client information
on their computers.
– 3. The lack of awareness and understanding of these risks prevents many companies from
developing a loss prevention program and protecting their information from hackers.
– 4. A significant amount of these businesses either does not know or has not evaluated the
importance of maintaining an insurance program that will protect them against cyber risks.
– 5. Most cyber-attacks and data breach incidents occur due to human error, for example, an
employee receives an email that looks official or safe and clicks on a link which encrypts the
businesses’ data and makes it unrecoverable
– 6. Many employers have not established specific protocols or training for their employees on how
to handle suspicious emails or links.
– 7. The US has actively instituted strict regulations at the federal and state level which require
notification to all the affected individuals of a cyber breach.
– 8. A cyber breach or ransomware attack carries high legal costs, costs of hiring forensic experts to
recover data, and fines up to $50,000 per record, depending on how sensitive the lost
information is, in addition to a public relations nightmare.
– 9. Reports estimate that currently in the United States there are about 4,000 ransomware attacks
– 10. Most hackers are in foreign countries and impossible to track down, and most target small to
midsized businesses because of their lack of proper cyber protection.
Here are some interesting examples of small businesses that were hacked in unexpected ways.
CYBER ATTACK HITS CLOSE TO HOME
Most cyber breaches are caused by human error. Some people think that having strong anti-virus
and anti-malware software is enough. They also think that it can’t happen to them because their
business is too small to be targeted by a computer hacker. After all, there are so many other much
bigger companies with deep pockets to go after. But actually, everyone who uses computers for
their business, and especially those who keep Personal Identifiable Information, such as name,
address, phone number, dates of birth, and so on are vulnerable to computer hackers; and in some
cases, from the least expected sources.
This reminds me of a situation that hit very close to home recently. My parents live in Puerto Rico
and have their own small businesses. They suffered the after-effects of hurricane Maria for many
months, as their office went without electricity or water. Luckily my mother has a large generator in
her home and thus they both brought their computers, business documents, and employees to work
out of their home.
Many schools were also not operating during the recovery period. One of their employees began to
bring her teenage son with her to work. While my mother disapproved, everyone was trying to be
lenient based on the current conditions within the Island.
One day, my parents started their day by turning on their computers and realizing that none of them
were working and they could not be rebooted. They became very anxious because their business
requires them to have the Personal Identifiable Information of many customers. They called their IT
person to come and evaluate the situation. The IT person found that someone had hacked their
computers and had encrypted or deleted all the information that was stored in the hard drives. He
also discovered one more interesting item. There was a special folder that had been created, it
showed a file created under one of their employee’s name. There they found that my parent’s
emails had been rerouted to another unknown location, where someone had been receiving and
reading their email correspondence. They could not believe that a trusted employee had hacked
They quickly confronted the employee and her reaction was one of total panic. While she tried to
defend herself, she implicated her teenage son in the actions. My parents decided not to call the
authorities, but to have her sign a waiver indicating that she resigned from her position effective
immediately and that she understood that if evidence of any of the lost information was found in
her or her son’s possession, or if any of the information was disseminated in any way, the
authorities would be notified immediately of the incident.
My parents did not carry Cyber Liability insurance. The information was unrecoverable, and it not
only included client information, but also included their own financial, tax, and personal
information. Neither one could operate for several weeks. Thankfully, I had a backup of most of my
mother’s work, which I was able to restore for her. As per the other information that they lost, they
are still trying to reconstruct from paper files. Some of it will never be recovered and now they are
aware of the constant threat of a cyber attack and the unexpected sources how it can arise.
…AND YOU THOUGHT YOU WERE SAFE BECAUSE YOU HAD NO COMPUTER
You never know where a data breach will come from. I have an older client, we will call him Jim,
who has never wanted to learn new technology and still performs all the tasks of his business by
paper. The client files with personal information, his methods and company trade secrets, even his
accounting are all on paper. There are no backups, except for very few and very valuable items,
which he keeps as a paper copy at home. Jim is a religious man who believes in the goodness of
man and refuses to accept that there are new ways his business could be at risk even if he does not
Jim recently decided that he needed to clean out his old files in order to make room for new clients
and new information. By law, he must retain all client information for seven years, but out of
caution, he usually likes to retain that information for ten years. It had been quite a while since they
last performed an office clean out. His administrative assistant suggested that they contract a
company to come and shred all the documents right at their office. But Jim decided it would be
more cost effective to purchase an affordable shredder and do it themselves. Without doing much
research on the matter, Jim purchased a large capacity strip shredder and placed it in the office to
destroy all the paper files. Since the county where Jim’s office recycles, Jim also purchased a large
amount of clear recycling plastic bags where they would dispose of all the shredded paper.
For several days, the staff shredded paper and placed it in the clear plastic bags and out in their
recycling bin. The recycling company only stops by once a week, so the admin was perplexed that
when they came back to work every morning the bags they had placed in the recycling bin the
previous night were gone. At first, she did not mention anything, but as this continued to occur she
brought it up to Jim’s attention. That night after everyone went home, Jim stayed behind and kept
the lights low and watched as an unmarked van drove by, stopped right in front of his business, took
his clear recycling bags and drove away.
Jim was stunned and called the police. The police informed him that “dumpster diving” for private
information was quite common and the strip shredder he had made it quite easy for the
perpetrators to put the pages back together and steal financial information from those documents.
Jim’s next phone call was to his lawyer.