While it may be tempting to leave the complex, mysterious world of cybersecurity to “the experts,” business leaders cannot fall back on that handy escape hatch any longer. They need to be aware and involved, even to the point of elevating cyber reporting to the CEO directly. According to the federal Cybersecurity and Infrastructure Security Agency*, here are some practical steps that leaders would be wise to follow:

CEOs should ask the following questions about potential cybersecurity threats:

• How could cybersecurity threats affect the different functions of my business, including areas such as supply chain, public relations, finance, and human resources?
• What type of critical information could be lost (e.g., trade secrets, customer data, research, personally identifiable information)?
• How can my business create long-term resiliency to minimize our cybersecurity risks?
• What kind of cyber threat information sharing does my business participate in? With whom does my business exchange this information?
• What type of information sharing practices could my business adopt that would help foster community among the different cybersecurity groups where my business is a member?

What can CEOs do to mitigate cybersecurity threats?

• Elevate cybersecurity risk management discussions to the company CEO and the leadership team. Executives should construct policy from the top down to ensure everyone is empowered to perform tasks related to reducing cybersecurity risk.
• Implement industry standards and best practices rather than relying solely on compliance standards or certifications. Compliance standards and regulations (Federal Information Security Modernization Act) provide guidance on minimal requirements. Businesses should strive to go beyond the minimum, however.
• Evaluate and manage organization-specific cybersecurity risks. Ask the questions necessary to understand your security planning, operations, and security-related goals.
• Ensure cybersecurity risk metrics are meaningful and measurable. For example, reducing the days it takes to patch a vulnerability to directly limit risk to the organization.
• Develop and exercise cybersecurity plans and procedures for incident response, business continuity, and disaster recovery. It is critical that organizations test their incident response plans across the whole organization, not just in the IT environment.
• Retain a quality workforce. It is important to have people who can identify the proper tools for your organization, since new cybersecurity threats are constantly appearing.
• Maintain situational awareness of cybersecurity threats. Subscribe to notifications on emerging cybersecurity threats (e.g., National Cyber Awareness System products, MITRE Common Vulnerability Exposures, CERT Coordination Center Vulnerability Notes) and subscribe to the Homeland Information Sharing Network.

Of course, making sure your cybersecurity insurance coverage is sufficient and current remains vitally important, as well. The professionals at Evergreen Insurance can help.

* https://www.cisa.gov/tips/st18-007

Copyright 2023 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Automobile insurance is very important when you own a business, so you can protect your company and the employees who use the vehicles. Check to make sure your policy includes personal injury protection coverage. This coverage pays for expenses due to an accident, no matter who is at fault. Click on the image to download or print the sheet for more information.

With the start of 2023, it’s a good time to analyze where your business is and how you can refresh it. What are some changes you can make that will help you and your business start off right this new year? Click on the image to download or print the checklist.

Specific coverage can help protect your business, but it can only cover one type of risk in one location. If you want more comprehensive coverage, a blanket policy may be a good option for your properties, especially if you own an apartment complex or restaurant chain. Click the image to download or print the sheet for more information.

When an employee gets injured on the job, worker’s compensation policies help cover expenses. Sometimes, medical providers abuse this coverage by billing dishonestly or performing unnecessary services. Click on the image to download or print the safety sheet to learn how to identify and prevent medical provider fraud.

While a majority of U.S. business executives rank cyber risk as their top organizational concern, fewer than half have adopted even basic preventive measures, according to results of an industry survey.

Cyber risk has risen to become the top concern in the U.S. and few risk experts believe governments are equipped to handle the threat. Among 1,200 executives who participated in the survey, 59% said they worry some or a great deal about cyber, and 25% said their company has been a cyber victim, up 150% since 2015.

The top three specific concerns cited by survey respondents included security breaches, system glitches, and unauthorized access to bank accounts.

Yet only 61% of these leaders said they felt extremely or very confident in their company’s cyber practices. The survey found that 43% said their company has a written business continuity plan in the event of a cyberattack, and 48% said their company has adopted multifactor authentication to mitigate the risk.

The need for heightened attention and action regarding cyber protection has only increased with the rise of employees working remotely. An easy way to begin would be to require simple preventative measures, such as requiring multifactor authentication – as in using a one-time dedicated passcode as a secondary verification of identity – to gain access to websites or files.

They say the first step in getting yourself out of a hole is to stop digging. The wise business leader acknowledges and addresses issues before they become problems. If the state of your cyber security preparation is troubling you, don’t wait to find out how problematic it can become. Invest the time and resources to fortify your protection now.

Contact the professionals at Evergreen Insurance for guidance on cyber security.
 
Copyright 2022 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.businessinsurance.com/article/20210929/NEWS06/912344857?template=printer

November 30th is National Computer Security Day. No matter what kind of work your business does, you probably have computers to help you do your work or connect with clients. Cyberattackers are a real threat to your business, so make sure you know how to protect your computers and your company. Click on the image to download or print the safety sheet.

As a business gains traction, achieves success and expands, it can outgrow its original location and facilities, making a move to a new, larger site necessary.

Don’t forget to consult with an insurance professional as part of researching that new location, however. The results can be either advantageous or detrimental to your ongoing financial health.

Any change in how a business operates – including where it positions its facilities, equipment, and personnel – requires an analysis of coverage. Physical location can be impacted – either positively or negatively – by factors including:

• The likelihood of severe weather, like hurricanes, windstorms, tornadoes, or hail.
• Does the property sit in a floodplain? Is flooding becoming more common due to the effects of climate change?
• Whether the area shows a statistical trend regarding crime, vandalism, and theft.
• The condition of existing infrastructure, such as plumbing, electrical wiring, and HVAC, as these help to determine the chances of causing fire or water damage.

Similarly, a new service or line of products pursued as part of a business’ expansion plans also introduce new variables in terms of number of employees, equipment needed, safety procedures, and much more – all of which need to be incorporated into a package providing the best insurance coverage possible.

“New” in the world of business should mean “better.” To safeguard your investment on the road to improving your overall performance, make sure you have the right insurance protections in place, as well.

Contact the professionals at Evergreen for more information.
 
Copyright 2022 Evergreen Insurance

Evergreen Insurance provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

If you own a business and an employee gets in an accident on company time with someone who is uninsured, it can put a lot of strain on you and your company. Uninsured motorist and underinsured motorist coverage can be very helpful in these situations. Click on the image to download or print the information sheet.

The U.S. Securities and Exchange Commission has begun to crack down on companies it deems to have breached securities laws by making inadequate cybersecurity disclosures, a policy that shows no sign of slowing down.

As a result, businesses have been advised to establish clear internal communications strategies on cybersecurity issues, and to also examine their directors and officers liability insurance and cyber liability policies to determine whether they have adequate coverage if the issue arises.

Some SEC cyber disclosure actions have resulted in penalties of up to $1 million. Industry experts attribute the increased attention on cyber intrusion preparation to the reality of cyberattacks in the economy today, and an alarming lack proper preparation on the part of organizations to fight it.

The agency will likely become even more aggressive in the future, as the SEC is expected to have less tolerance for organizations that don’t take the basic steps to protect sensitive data.

Companies should develop incident response plans that include how to deal with a vulnerability’s discovery before it becomes an intrusion, then make sure the infrastructure is in place to address that vulnerability. Organizations need to get a clear picture of their own cybersecurity environment and communicate regularly about roles and responsibilities. Also, a well-constructed D&O policy should cover investigation costs in the event of a breach.

It pays to invest in solid cyber security plans, whether or not the SEC or any other entity is looking for problems. It’s just good business these days. Contact the professionals at Evergreen Insurance for guidance on cyber security.
 
Copyright 2022 Evergreen Insurance
 
Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://www.businessinsurance.com/article/20210831/NEWS06/912344206?template=printart