May/June 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

FOCUS on cybersecurity SPONSORED

    

4 components of cyber risk management By Beale/3000 Insurance Group

loss of time and money. One risk we see emerging across the nation and in small businesses, especially financial services providers, is cyber liability. Data is a valuable asset, and its protection is a business priority. Whether your company stores data and information on paper or digitally, you should have a risk management program that addresses prevention, disclosure, crisis management and insurance coverage in the event of a data breach. Good cyber risk management requires the planning and execution of all four of these components.

W

Develop strategies to prevent data breach Your data breach prevention strategies may include encrypting all devices used by your employees, such as laptops, tablets and smartphones. Encrypting these devices will prevent unauthorized access if a device is lost or stolen. Unencrypted devices are often not covered by a cyber liability policy, so make sure you know whether you need to encrypt the devices or not. Your strategies may also include educating employees about phishing and pharming scams. Remind them not to click on anything that looks suspicious or seems too good to be true. Analyze your cyber risks from three different perspectives: technology, people and processes. Tis risk assessment will give you a clear picture of potential holes in your security. Revisit and revise your plan regularly, because new risks arise often, sometimes even daily.

Know your disclosure responsibilities If you experience a data breach, you may be

legally required to notify certain people. If your company is publicly traded, guidelines issued by the Securities and Exchange Commission (SEC) make it clear you must report cyber security incidents to stockholders—even when your company is only at risk of an incident. Te SEC advises timely, comprehensive and accurate disclosure about risks and events that would be important for an investor or client to know. However, you should evaluate what information and how much detail should be released.

22 CPAFOCUS May/June 2018

e strive to identify potential risks in accounting practices, which, if left unaddressed, could cause significant

Notifying a broad base when it is not required could cause unnecessary concern for those who have not been affected by the breach. Some extreme cases of a data breach may cause you to go further than just assessing and disclosing the information. You may have to destruct or alter data, depending on its sensitivity.

Your crisis management and response plan Preparedness is key when developing your cyber risk management program. When you experience a data breach, you need to be prepared to respond quickly and appropriately. Tis is where your crisis management and response plan come into play. Determine when and how the breach occurred, what information was obtained and how many individuals were affected. Ten assess the risks you face because of the data breach and how you will mitigate those risks.

While managing a crisis, let your clients know what actions you are taking, but also be sure you’re not disclosing too much information. It’s a delicate balance. Focus on improving future actions—this will restore trust in your stakeholders and clients. Your legal, risk management and IT

departments should work together to create and refine your plan. Everyone should be on board and know their responsibilities when a breach happens.

Protect your data—and your business Your cyber risk management program should include cyber liability insurance coverage that fits the needs of your business. Cyber liability insurance is specifically designed

to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover. Te level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. Your cyber liability insurance policy can be

tailored to fit your unique situation and can be written to include the costs of disclosure after a data breach. Contact 3000 Insurance Group (www.3000ig.com 405.521.1600 kayla@3000ig. com) to learn more about cyber liability insurance and how you can protect your business from a data breach.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32