Cyber threats are heard about more and more in the news with many attacks affecting larger businesses. However, more recently, there has been a rise in attacks against smaller businesses. Unfortunately, most small businesses lack the funds and tools to protect themselves against cyber-attacks, which leaves them vulnerable. However, with a few policies put in place, they can focus on keeping their data secure and protecting their customers.

We’ve come up with a simple checklist to help smaller businesses get to grips with their cyber-security. Particularly in light of the recent changes to data protection.

Plan by having effective policies, training and backup procedures in place

 

Acceptable use policy

An acceptable use policy sets out the rules surrounding your business network. This could cover a company intranet or simply the use of the internet within the business. Putting this in place highlights to any user, which could be a customer or employee, what websites are deemed accessible within the company network. It protects against unwanted website access including social media sites and reduces the risk of malicious content.

Access control policy

Implementing an access control policy ensures that users understand who has the right to change, access or remove any business information that may be sensitive or confidential. It can help to trace anyone with access to this information.

Account management policy

Anyone who has access to a business system should be aware of this policy. It simply defines which software requires passwords or encryption and how employees should manage this. It protects the business against employees who have left the company and ensures that they no longer have access to sensitive data.

Password policy

This policy ensures that systems and sensitive data are protected by strong passwords. This means passwords that someone couldn’t guess easily. It also ensures that the policy is distributed amongst the company so that there is a complex system in place, making it hard to break.

Wireless network security policy

Much like your wireless box at home, this type of policy protects your small businesses wireless network. It prevents unauthorised access from people not involved in the company and can help to stop devices infiltrating the system.

E-mail policy

An email policy is simple to put in place. It sets out how company email systems can be used and protect against spam or any other undesirable mail. It also protects against your own domain, which can result in emails being blocked or placed in spam folders to your customers.

Clean desk policy

It sounds simple enough, but a clean desk policy doesn’t just keep your desk tidy. It is put in place normally to protect against anyone accessing sensitive information from your desk. This may be removing documents, but it could also include securing computers too.

Data handling and disposal policy

This process outlines how to dispose of sensitive data properly. Once the information is no longer needed, the company must ensure that the information is disposed of properly.

Physical security policy

The physical security policy protects the business building itself. It confirms who has access to the building including visitors and employees as well as who accesses equipment within the business.

Internet security policy

An internet security policy ensures all devices and hardware within the business with anti-virus software. It outlines how this will be implemented and then maintained on a regular basis.

Training

Whilst most of your company policies will be written within a handbook, it’s important that staff members are aware of their duties to protect any data they have access too. Informing employees of these policies and ensuring that passwords and encryptions are correctly put in place can help to gain more awareness and protect your data.

Data backup

It’s also important to back up any data that you have, not just for the protection of your business but for your customers too. By putting these policies in place and backing up any data, you can still maintain control over your sensitive data.

 

Prevent the worst from happening with cyber security best practices

 

Getting these policies in place is the first step towards cyber-security, and there are some simple tasks you can do to ensure that your business follows the rules it sets out.

Secure your emails

Encrypted emails are really important for a small business who may be susceptible to malware or viruses sent from spam or robot-mail boxes. Most email providers have spam filters too which can help to stop you from accidentally opening unwanted content.

Delete old users

Both for employees and customers, it is important to delete any users who may have access to business systems. It prevents them from gaining access to new sensitive information when they are no longer there.

Delete irrelevant data

Any data, particularly sensitive data should be removed from your systems as soon as possible. Customers also have the right to ask for their information to be removed too.

Password protection

Two step/ two-factor authentication and password management can be imperative in keeping your data safe. A two-step authentication requires a code, in addition to a password, to gain access to a system. Only a few people should have access to this. Therefore, if a password is guessed, then there is another boundary. It’s also best practice to implement a password manager, to ensure employees are changing emails when necessary and someone has access to all the information.

Secure your network

Some businesses restrict access to certain sites that may not be secure. In order to ensure your policy is protected, you can remove certain sites so that they are not accessible from your network.

Social media access

It’s important to let employees know what they can and cannot share on social media. It protects the company on both a business and personal platform.

Stay up to date

Keep systems and software, particularly anti-virus software up to date to ensure they are protected. The internet is a world of fast-paced changes and so keeping up with the latest updates will help keep your data secure.

 

Cover your back in case the worst happens with specialist cyber insurance

 

Getting the right insurance can help to protect your business in the event of a cyber threat. Businesses, particularly smaller businesses, need to realise their responsibility when it comes to protecting their data and protecting their clients. In the event of a breach or fraud, a business could lose out on profits, through lost customers, loss of trust and legal fees. Business insurance can help protect against these losses and keep the business running until it can be secured again.

Get a Cyber Insurance quote for your business.
 

Cyber insurance claims are becoming more and more common with each passing year. As business grows more dependent on technology, instances of cyber insurance claims are bound to rise in turn. The causes vary from malicious attacks, to security loopholes, on to employees not paying attention. All are traps which are worryingly easy to fall into.

Here is a brief overview of some of the most common cyber insurance claims businesses make.

Human error

An employee making a mistake, though innocent, can still be costly for a business. For example, an employee on a reception desk leaving confidential information on display to customers. Or, another example could be attaching an incorrect file to an external recipient. Human error is all too common, as such these types of insurance claims are regular.

Ransomware

Take for example an employee in the finance department clicks on a malicious link in an email, inadvertently downloading ransomware software into the business network. This software in turn encrypts all financial data, rendering it inaccessible until a “ransom” is paid. The business has no ability to function until said ransom is paid, or their system otherwise unlocked.

DDos attack

A DDoS attack generally involves deliberately overloading a network, causing a business website to go down. This in turn means customers can’t access it. Hence the name – Distributed Denial of Service attack. This causes the business to lose income from lost business and forces them to scramble to locate the source of the attack. It’s inconvenient and potentially highly damaging.

Phishing

Clicking malicious links also runs the risk of other harmful software being downloaded, it can even happen simply through visiting unsafe websites. Phishing software, once downloaded, scours the system for valuable confidential information – this gives the hackers access to passwords, accounts, and much more besides. Phishing software is usually highly efficient at finding profitable confidential information.

Unauthorised access

This can occur from a variety of directions. For example a hacker could gain access to the network through a loophole in the security. It could also be a case of a low-level employee accidentally being able to access data restricted to management. Either way, when someone has access to a system that they shouldn’t, it never bodes well for the business in question.

Malware and viruses

When malware or viruses enter the computer network, they quickly get to work disrupting everything. They can cause screens to freeze, machines to become unresponsive, or even to shut down altogether. With new viruses being developed every day, even the strongest anti-virus software must be regularly updated. Just one infected machine can easily cause the entire network to go down.

Data breaches

Data breaches can occur in a number of different ways – some malicious, some accidental. For example, an email containing confidential customer financial information being sent to the wrong recipient. Whether it’s through poor network security or employee error, the cost can be equally damaging. Data breaches can result in legal action as a result of failure to comply with data protection legislation, so are to be avoided at all costs.

Impersonation

In the right circumstances it could be very easy for one person to impersonate another digitally, given the right information. For example, a high-ranking employee accidentally leaves their Intranet log-in details on the train. A random person finds them, and is then able to access the system, posing as the employee. They can then either steal confidential data, or deliberately disrupt the system.

Rogue employees

Employees can turn malicious for a number of different reasons. Whether it’s due to perceived wrongs a company has done them causing a desire for revenge, or wanting to ingratiate themselves with a competitor by providing classified information. However it occurs, it can be devastating depending on the level of access to the system the rogue employee has.

Misleading communications

It can be surprisingly easy for a business to be duped into sending money for goods or services to someone claiming to be genuine. For example, a business receives an invoice for raw materials. The numbers add up and it looks authentic, so the invoice is paid without further question. However the sender has simply engineered the invoice from data they have found or stolen.

These are just a few examples of common cyber-crimes you need to be aware of. Always stay alert to protect your business, your customers, and your reputation!

Read more about cyber insurance and how it could help protect your business.

Get a Cyber Insurance quote.
 

Cyber insurance, which covers your business against the effects of a serious cyber incident, is not an “off the shelf” policy. Our team will work with you to assess the exact cover your business needs to protect your company as well as your customers.

So what does cyber insurance actually cost?

Your cyber insurance policy will be built around your business, and the specific needs of you and your customers. Although this means that there is no single published price for a cyber policy, it also ensures that you always get the best value for money. With a bespoke policy, you are never paying for anything you do not need.

As a rough guide, our cyber insurance cover typically starts from just £182 a year, and provides protection against:

• Breach costs: This includes legal advice, undertaking forensic investigations and notifying regulators or customers of the breach. It also covers credit monitoring support for affected customers.

• Hacker damage: You’ll be reimbursed for the costs associated with restoration, repair or replacement if a hacker damages your systems, website, data or programs.

• Privacy protection: We’ll help you settle claims made against you in relation to failing to keep personal data secure. We’ll also cover the regulatory investigation costs and settle civil penalties levied by regulators, if possible.

• Cyber business interruption: If damage caused by a hacker prevents you from earning revenue, we’ll compensate you for the loss of income as well as the damage caused to your reputation.

• Media liability: Our policy includes protection if you infringe someone else’s copyright by mistake. For example, if you accidentally libel a third party in your electronic communications or you use a picture without permission from the owner.

• Cyber extortion (ransomware): If a hacker attempts to hold your business to ransom, we’ll protect you by covering any ransom you pay. We’ll also cover the costs of hiring a risk consultancy firm to manage the situation.

 

Factors which could affect the cost of your cyber insurance policy include:

• the specific types, and level, of cover you require;
• the nature of the risks that your business faces; and
• your annual turnover.

 

Value for money

Despite the cost, it’s important to remember that cyber insurance represents excellent value for money. Cyber incidents and data breaches can cost your business a lot more than simply a hit to your finances. Huge penalties under data protection laws, regulatory fines, reputational damage, and loss of business are just a few of the potential consequences of a cyber attack and are all things that cyber insurance can protect you against.

 

The cost of not being covered

Since May 2018 and the introduction of GDPR, the risks of not being covered by cyber insurance have increased dramatically. If your business is attacked by cyber criminals and you suffer a data breach, you could be liable to pay a fine of up to €20,000,000, which very few businesses will be able to afford. That fine will be on top of the costs of notifying and supporting your customers, fixing your IT systems, and the loss from reduced business.

Whilst it is an extra expense, it is easy to see why cyber insurance is excellent value for money, especially when you compare this to the costs of not being covered.

Contact us today for a no-obligation discussion about how we can help you find the right cyber insurance for your business.

Get a Cyber Insurance quote for your business.

Inadequate cover presents a great risk to businesses – help ensure your cover is more than adequate by understanding how to prevent under-insurance and what the new Insurance Act 2015 means for your business and your insurance cover.

Need to speak to an expert? Call us on 0161 968 2041

What you need to know.

 

When it comes to business equipment, plant and tools cover you’ll find varying differences in the way in which assets are valued. Some insurers will offer cover on a new for old basis so you’ll want to ensure your figures and sums insured are accurate replacement values. Other insurers will provide cover on an indemnity basis which means putting you back into the position you were in before the claim. You may also need to factor in wear and tear when calculating your sums insured.

Insurance is a complex area for business owners and valuing plant and tools can often be tricky for the purposes of insurance. Often a major problem occurs while assessing the value of the asset for the purposes of insurance due to accounting practices. The value in the accounts will often not match the requirements for insurance due to accounting methods of depreciation and valuing of assets over time. You as the business owner or manager are therefore required to have some idea of the true cost of buying an equivalent piece of equipment and to will need to set your sums insured at that level.

The wider definition in insurance policy wording tends to be ‘Plant, Machinery and All Other Contents’. All other Contents include everything not more specifically insured as ‘Contents’. It doesn’t cover items that should be classified as buildings or stock. It also may not include computers and electronic equipment that are not part of plant, but it does include everything from stationery to desks and filing cabinets that are unlikely to have been capitalised. It may also cover tenant’s fittings like alarm systems, carpet tiles, partitions and mezzanine floors plus employee personal effects not more specifically insured. In other words ‘All Other Contents’ has a wide definition and the value involved in replacing them could be a significant addition to the value of plant and machinery.

Learn More

 
The Insurance Act 2015
Understanding under-insurance
Importance of getting your sums right
Calculate Business Interruption Insurance
Calculate sum of buildings cover
Calculate stock and contents
How much are your business equipment, Plant and tools really worth?

The Insurance Act 2015 was finally introduced and written into law on the 12th of August 2016. With its introduction come a number of reforms for a variety of important areas which cover the legal framework of insurance contracts. The act aims to bring about fairer and more balanced remedies but does also lay out a number of responsibilities to both the insured and insurers.

Are you making a fair presentation of risk?

The act introduced ‘Fair Presentation of Risk’ which requires policyholders to disclose material circumstances that are known to them and also what they as decision makers within their business ought to know.

The act states that:

• Policyholders should give sufficient information so as to put a prudent insurer on notice that it needs to make further enquiries.

• Burden of disclosure stays with the insured however insurers and in turn brokers are required to take a more proactive approach to enquiries into the policyholders business.

Introduces Fairer Remedies

• Reckless or deliberate breaches could result in the insurer voiding the policy and keeping the premium.

• An insurer could take the same action that it would have taken had a fair presentation of risk been made at the time of taking out the contract, but only if the breach is deemed to be neither reckless nor deliberate.

• If the insurer would not have provided cover if the material facts were originally made available they can void the policy but the premium must be returned.

• A proportionate remedy could apply if the insurer would have offered different terms had the policyholder made a fair presentation of risk. The insurer can in these situations opt to treat the contract as having been entered on those different terms and in cases where a higher premium would have been charged, they can reduce any claims paid in proportion to the amount that has been under paid.

 

Learn More

The Insurance Act 2015
Understanding under-insurance
Importance of getting your sums right
Calculate Business Interruption Insurance
Calculate sum of buildings cover
Calculate stock and contents
How much are your business equipment, Plant and tools really worth?

As a business you’ll want to ensure your cover reflects the true replacement value of any stock, equipment or buildings. We’ve put together three examples to showcase the effects of under insurance.
 

Case One: Business Interruption case at a hotel

 
A case of under-insurance was discovered when a hotel suffered a total loss following a fire. Following the disaster the insurer commissioned a valuation of the hotel where the sum insured was set at £1million. The true cost to rebuild the property was found to be £2 million with an estimated timescale for the rebuild of two years. The hotels policy had a maximum indemnity period of 12 months for business interruption insurance, meaning the business would only be covered for the first 12 months of loss of gross profits.

For the buildings and contents the business was found to be under-insured by 50%. Under The Marine Insurance Act 1906 the insurers would have only been liable for 50% of that part of the claim, in turn they would have paid out £500,000 towards the claim. Following the introduction of The Insurance Act 2015 a new set of fairer remedies were introduced. So in the circumstances above the insurers would firstly have to consider the premium they would have charged had they had the correct sums insured. Once calculated under the “Proportionate Remedies” insurers can reduce the payment by the difference in premium. In this case there was found to be a 30% increase in premium, consequently the claims payment was reduced by 30% meaning the client received £700,000.

In the case above The Insurance Act 2015 has meant the client has received a fairer settlement as a result of their miscalculation.

 

Case Two: Buildings and contents cover at a service station

A business owner operating an independent service station suffered the devastation of having to close their business due to a theft involving ram raid. The thieves ploughed their van into the property in order to loot the shop and make off with the cash machine inside. The property damage was extensive, resulting in the business closing completely for a period of 9 months. While there were no issues with the business interruption portion of the claim, with the business having a 24 month indemnity period and accurate gross profit sums insured, the business was found to be under-insured for its contents due to recently having a new EPOS system installed amongst other improvements such as new refrigerator units and shelving. An under-insurance figure of roughly 30% was discovered on the contents claim.

After investigation by insurers it became clear that the client renewed their policy just one week after investing in their business and increasing their stock and contents sums insured. During the renewal process the broker clearly asked whether there were any changes to the business or amendments in sums insured, the client responded that there were no changes to be made and everything was to remain the same. The renewal conversation was recorded and used as evidence to show the policyholder had deliberately and recklessly under insured themselves. Resulting in the insurers cancelling the policy, keeping the premium and not paying the claim; leaving the client significantly out of pocket and without insurance.

 

Case Three: Residential Property Damage from Cannabis Factory

 
When a property owner in the South East of England let her house out to tenants, she certainly wasn’t expecting what was about to happen. Her tenants had turned the property into a cannabis farm with extensive damage caused to the property including the re-routing of mains wires and damage caused to numerous interior and exterior walls. Following the issue with the nightmare tenant the policyholder entered a claim with their insurer.

It was then established that during the renewal process the policyholder was asked whether they had been convicted of any crimes within the last 5 years. The policyholder had in fact been convicted of a crime just 3 months prior to renewing the policy, and was in turn found to have deliberately withheld the information from the insurer who would not have offered the cover if this fact were presented at time of renewal. In this case the claim was not successful with no monies being paid out and the insurer returning the premium to the policyholder. With no ability to claim for the damage the landlord was left severely out of pocket.

 

The right cover and the right sums

 
Get the right cover and ensure you’ve calculated your sums correctly making sure your business is protected sufficiently beyond just compulsory basics. Ask yourself if you are not insuring some aspects of your business because you want to save money, thinking ‘it won’t happen to me’. When the unthinkable happens like a burglary, natural disaster, machinery breakdown or even a tax investigation, it could cost many thousands of pounds for the sake of saving a few hundred.

Learn More

The Insurance Act 2015
Understanding under-insurance
Importance of getting your sums right
Calculate Business Interruption Insurance
Calculate sum of buildings cover
Calculate stock and contents
How much are your business equipment, Plant and tools really worth?

The contents sum insured (excluding stock)should reflect the total value of machinery, plant, equipment, furniture, shelving, racking and all other contents at the insured’s premises. Stock items are the goods or products sold by a business in order to generate revenue. The stock sum insured should represent the value of all stock and materials in trade belonging to the insured, or for which they are responsible. The stock sum insured should reflect the cost to the insured to replace the items and not the retail price. When setting the sum insured, consideration should be given to the maximum value at risk during seasonal or other peak trading periods

If you’re a stock holding business, you’ll find that stock is the Life-Blood of your business, as without it there can be no sales and without your sales there is no income, so ensuring your stock and in turn your income is a critical step you won’t want to neglect. Depending on the type of business you’re in, you could well have a wide array of products held as stock with these at constant risk from unforeseen disasters such as theft, flooding or fire.

Stay up to date

Are you regularly reassessing your businesses needs during the lifetime of the policy and at time of renewal? Think has your stock or stock levels changed? For example you may have introduced a new line of products. Are you buying in more stock, or less?

Consider how your business might have grown since the policy started, if you’re now doing considerable more business this can have a knock on effect within your business in terms of your stock and contents.

Perhaps your business has changed in terms of the different services you offer, perhaps you started off in a shop and now require insurance to cover deliveries as well. Or perhaps you’ve moved from a home office to a dedicated retail unit. In both cases those types of changes would not be covered under the current policy and would require an update to the policy or a new policy in entirety. You should be vigilant and regularly be aware of any changes to your business and what affects these could have on your current insurance coverage.

Learn More

The Insurance Act 2015
Understanding under-insurance
Importance of getting your sums right
Calculate Business Interruption Insurance
Calculate sum of buildings cover
Calculate stock and contents
How much are your business equipment, Plant and tools really worth?