Risk & Business Magazine Knight Archer Insurance Magazine Fall 2017 | Page 31

CYBER RISK AND LIABILITIES
knowledge of how and why their Web
activities will be monitored, and what
types of sites are deemed unacceptable
by your policy.
• Workplace rules for behaviour should
be clear, concise and easy to follow.
Employees should feel comfortable
performing both personal and
professional tasks online without
making judgment calls as to what may
or may not be deemed appropriate.
Businesses may want to include a
splash warning upon network sign-on
that advises employees about the
company’s Internet usage policy so
that all employees are on notice.
ESTABLISH A SOCIAL MEDIA POLICY.
Social networking applications present
a number of risks that are difficult to
address using technical or procedural
solutions. A strong social media policy
is crucial for any business that seeks
to use social networking to promote
its activities and communicate with
its customers. At a minimum, a social
media policy should clearly include the
following:
for, or get notices from, social media
sites
• Guidance on selecting long, strong
passwords for social networking
accounts, since very few social media
sites enforce strong authentication
policies for users
• Additional rules of behaviour for
employees using personal social
networking accounts to make clear
what kinds of discussion topics or
posts could cause risk for the company All users of social media need to be
aware of the risks associated with social
networking tools and the types of data
that can be automatically disclosed
online when using social media. Taking
the time to educate your employees on
the potential pitfalls of social media use,
especially sites with geo-location services,
may be the most beneficial social
networking security practice of all. +
• Guidance on the acceptability of using
a company email address to register WWW.KNIGHTARCHER.COM
• Specific guidance on when to disclose
company activities using social media
and what kinds of details can be
discussed in a public forum
IDENTIFY POTENTIAL
REPUTATION RISKS
All organizations should take the time to identify potential
risks to their reputations and develop strategies to mitigate
those risks with policies or other measures as available.
Specific types of reputation risks include:
Are you keeping your
business protected
online?
• Being impersonated online by a criminal organization
(e.g., an illegitimate website spoofing your business
name and copying your site design, then attempting
to defraud potential customers via phishing scams or
other methods) You’ve worked hard to make your business
successful - and we want to help you keep
it that way.
• Having sensitive company or customer information
leaked to the public via the Web Introducing CyberOne® and Data
Compromise coverage - two new products
designed to assist you in the event of cyber
attack or data breach.
• Having sensitive or inappropriate employee actions
made public via the Web or social media sites
All businesses should set a policy for managing these types
of risks, and plan to address such incidents if and when
they occur. Such a policy should cover a regular process
for identifying potential risks to the company’s reputation
in cyber space, practical measures to prevent those risks
from materializing, and plans to respond and recover from
incidents as soon as they occur.
For more information about this important
coverage, talk to your independent
insurance broker or visit our website.
Knight Archer Insurance has numerous sample cyber
security policies available to our clients upon request.
These policies are a great starting point for your policy-
creation efforts and can be modified to fit the unique
needs of your business.
PEACEHILLSINSURANCE.COM
31