For business owners, the days of having a vague notion that cybersecurity requires attention–and hoping “someone” in IT has it covered, are over. Top down and all around action is necessary to protect the business and retirement plan, and that includes ensuring a solid response system. Here’s help.
Cybercrime Is Cheap
While businesses have been busily acquiring technology to ward off cyber threats, cybercriminals have been even busier, and their “work,” as it turns out, is unfortunately quite cost effective. Larry Clinton, president of the Internet Security Alliance points out:
Cybercriminals are able to access dark web cyberattack wares at low cost, with the potential to reap costly damage. On the dark web, “you can buy or outsource a distributed denial of service attack for about $500; you can buy access to corporate mailboxes for about $250; you can buy fake Instagram or [the platform formerly known as] Twitter addresses for $100; you can get a tutorial on how to conduct email attacks for $25; and you can purchase a template to show you how to do the attacks for $3…You can’t buy a Starbucks [drink] for $3….We need to do more than be aware of cybersecurity,” he said. “We need to have understanding and action with regard to cybersecurity.”
Although it’s the “big hacks” that make the news, company owners will want to know that having a small business is not a protection against cyber attacks. According to the U.S. Small Business Administration (SBA): “Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses…..Many businesses can’t afford professional IT solutions, have limited time to devote to cybersecurity, or they don’t know where to begin.” These best practices, needed for compliance with the recently enacted Securities and Exchange Commission rules, offer a useful starting point for every business:
- Incorporate cybersecurity in comprehensive risk assessments and make sure risk assessments are done often, are updated and include internal and external third parties;
- Specify cybersecurity issues with specific roles and responsibilities;
- Routinely update security/anti-virus software, passwords and access;
- Routinely communicate and work with cybersecurity and IT professionals in the company and at any third-party vendor; and
- Have a plan in place for when a cyberattack occurs and know who notifies authorities and clients.
When it comes to actions to safeguard the data and assets in retirement plans, leadership at the Internet Security Alliance also advises:
- Ensure that any assets or data stored in a cloud or managed by a third-party service provider are subject to appropriate security reviews and independent security assessments;
- Conduct periodic cybersecurity awareness training;
- Implement and manage a secure system development life cycle program;
- Have an effective business resiliency program addressing business continuity, disaster recovery and incident response; and
- Encrypt sensitive data when it is stored and in transit.
Of course the Department of Labor’s Cybersecurity Guidance specifically directs retirement plan sponsors to have a solid response plan in place. Indeed, an expert response plan can make all the difference between a cyber “incident” and a disaster, which, for sponsors, can rapidly spiral into a fiduciary breach. That’s why plan sponsors across the country rely on Colonial Surety’s affordable Cyber+Fiduciary Liability Insurance package. Along with defense costs and penalty limits up to $1,000,000, our liability insurance package includes:
- Expert-led response services following a data breach.
- Protection from lawsuits and regulatory actions related to the breach.
- Legal services.
- Computer forensic services.
- Public relations and crisis management expenses.
- Notification services.
- Call Center services.
- Credit and Identity monitoring
Protect yourself, your business and the plan, efficiently and affordably today:
Good To Do: Follow A Roadmap
As business leaders shift away from “the posture that their IT division owns responsibility for safeguarding against cyberattacks,” these six core principles, adopted by the National Association of Corporate Directors, the Internet Security Alliance and the World Economic Forum, provide a roadmap forward:
- Recognize cybersecurity as a strategic business enabler;
- Understand the economic drivers and impact of cyber risk;
- Align cyber-risk management with business needs;
- Ensure organizational design supports cybersecurity;
- Incorporate cybersecurity expertise into board governance; and
- Encourage systemic resilience and collaboration.
Colonial Surety is here to help too, with affordable and easy to obtain basic cyber liability insurance, which provides SMBs with a timely and expert-led response to data breaches and protection from lawsuits and regulatory actions related to the breach.To further help retirement plan sponsors, our basic cyber liability insurance is included, at no extra cost, with critical fiduciary liability protection. Why go it alone, when legal services, computer experts, call center services, customer notifications, and defense costs and penalty limits–up to 1,000,000–-are all available, for a few bucks a day, and just a few clicks away:
Pension Plan Professional?
Colonial already ensures your plan sponsor clients have the coverage they need. Let us help you too. From Errors and Omissions Insurance to Fiduciary Liability Insurance, Employment Practices Liability Insurance–and more, we’re HERE with the coverages pension professionals need to keep their businesses going—and growing.
Colonial Surety Company is rated “A Excellent” by A.M. Best Company, U.S. Treasury listed and in business all across the country. Serving customers since 1930, we are the trusted source for the pension industry to secure legally required ERISA bonds, fiduciary liability insurance and cyber-liability insurance. We help safeguard plan sponsors, pension professionals and financial advisors — and keep their businesses compliant — with pain-free, efficient, and friendly service every time.