NAPEO
Long gone are the days when changes to the business climate were easily foreseeable and gave us plenty of time to plan and respond. Pandemics, wars, and competition from new market players are just a few recent trends that make managing your business more complicated than ever.
In upcoming articles in this series, we will cover some of the different types of hacks and hacktivism that are most common today in greater detail. And while each of these different types have specific preventative and reactionary steps that should be taken, there are some measures that are universal regardless of the type of attack and resulting outcome of them. For example, if it is an email that contains links or attachments that you don’t recognize then don’t click on anything. Deleting the email immediately is the safest option. If you get an email from someone and the wording doesn’t seem consistent with previous interactions, then don’t just take it at face value. Contact the sender in a different email or phone call and confirm what you are seeing is legitimate before you do anything else.
With the recent rise of cybercrimes, PEOs, like many businesses, must now recognize that data security in cyberspace and in their own systems is of the utmost importance for the safety of not only themselves but also for their clients.
PEOs are in the business of offering robust human resources services to their customers and off-loading the responsibilities involved to a team of professionals who know how to manage employee information safely. Customers need help to make sure they keep sensitive information safe and secure. To address the legal obligations companies have when handling employee information, PEOs evaluate the information they handle and the legal obligations regarding data security imposed for handling such information, making sure they introduce cybersecurity measures early and reinforce them often.
While there is not an exact definition of cyber hygiene, I summarize it as a set of formal and habitual practices that ensure the safe handling of critical data and securing networks. Cyber hygiene must be institutionalized, as any weak link can cause issues to all on a given network or distribution. It is a communal exposure that needs to be addressed in a communal manner.
Cyber insurance coverage and underwriting have changed a lot since the first cyber insurance policy was sold in 1997, especially in the last two years. Cyber insurance didn’t really take off with business owners until around 2014, when cyberattacks became more frequent and primarily involved stealing personal and private information of businesses’ employees and customers. When stolen personal information resulted in identity theft, businesses faced financial liability as they found themselves being responsible for the restoration of the identities. Businesses performed restoration either voluntarily or after lawsuits were filed. These businesses also found themselves paying for credit watches for all of the individuals whose information had been stolen.
As hackers continue to target critical infrastructure sectors, attempt to steal personal data, threaten to release such data, and collect ransom, the need for more regulation and corporate diligence could not be more necessary.
