Risk & Business Magazine Gamble HUB International Fall 2015 | Page 7

R & Protection B Ensure Small Businesses May Be More Likely to Experience a Cyberattack BY: KARIN BASARABA, INTACT INSURANCE S ay the word, “cyberattack,” and most people think of big box department stores. Small businesses think they are immune to this sort of breach. But as more small companies adopt the same technologies as large corporations, they may be even more exposed than the large ones. “Big businesses are no longer the sole target for cyberattacks, as smaller businesses handling credit card transactions and who collect and store confidential information are often more unprepared,” says Cliff Scott, Commercial Lines Manager for Gamble HUB International. Where a large company will have systems in place to help protect them from a cyberattack (which is also known as a privacy breach), small companies can be more vulnerable as they typically don’t have resources to monitor their 7 websites and online business. Many small businesses aren’t even aware their systems have been breached because of their lack of resources and experience in this area. And it’s not just the hackers small businesses have to worry about. A breach can be as simple as an employee losing a laptop with sensitive customer information stored on it. Consider these real-world examples from IDT911, the independent third-party expert who has partnered on Intact Insurance’s cyber endorsement. An employee at a small accounting firm took home her office laptop to do some work over the weekend. She stopped at the mall on the way home and her car was broken into, her laptop stolen and over 120,000 people’s personal records were at risk of being exposed. Her firm had been helping several large hospitals RISK & BUSINESS MAGAZINETM FALL 2015 with their audits and patient information was a password away from the thieves. IDT911 was able to assess the stolen computer’s level of protection, and advise the firm on how to notify each hospital— and then each patient. A data breach also doesn’t have to involve humans. When a tornado hit a small office, the culprit responsible for a possible privacy breach was Mother Nature. Everyone had evacuated the office and, upon their return, nothing was left. Twenty years’ worth of client information in paper format had been blown away and this meant that thousands of names and personal identification information could be found for miles around. First, IDT911 had the client determine how many individual records had disappeared. Then it helped notify the clients of the breach and assisted in answering breach calls. IDT911 was able to help put fraud alerts and monitoring systems in place as well. TM RISK & BUSINESS MAGAZINETM FALL 2015 7