3 Key Points to Protect Your Business
Comments / Description:
This podcast is about determining what is your cyber liability and the 3 things you should consider if cyber insurance is right for you. In the beginning we will go over the basics (Who, What, When), but then we will take a deep dive into the cyber liability aspects of the insurance product.
As you are aware of there are various insurance products like homeowners, auto, life and other types and they were created to reduce the risk to you, your business and your family. Now cyber insurance has come into vogue and it is becoming a necessity for any business wanting to be online.
In addition to covering the basics, we will go over premiums of what you should consider along with special language that may affect the policy to decide on using. The crazy thing, since this is a Security podcast, we will go into that you need a strong secure environment within your business to ensure you get compensated for the policy….go figure!
Lastly, I will finish up with some other key areas that you need to be aware of around cyber terrorism, Intellectual Property loss, governmental claims, and so much more. Then rounding the corner I will cover the WordPress Training Pro Tip of the week around protecting mobile devices and the nuances you should consider when using them within your business.
You will learn:
- Cyber Insurance – In this training we will go over what is cyber insurance and its origin for businesses. In today’s world hackers have become the lexicon and thus it is important for businesses to understand the risks that they can offset or mitigate with cyber insurance.
- Various Party Risk – There are various risks that business face from the risks of their network or by employees. In addition, most businesses today are connected to various other companies, called 3rd Parties, and by allowing these other companies to connect you incur risk from their networks. Therefore, it is super important to understand how you can potentially reduce this risk to your company.
- Privacy Liability – In many small / medium businesses the liability incurred by failing to protect a customer or employees privacy can be extremely expensive. As a result we will go over some options that you can implement for your business by purchasing Privacy liability coverage.
- Regulatory Compliance – This training will go over regulatory compliance issues that you may want to incorporate some level of liability insurance for your business. In so many cases, you may not totally understand the regulatory risks to your business….you need to consider if this insurance is correct for you.
- Cyber Breach Expenses – Have you considered what it will cost if your business is breached, you would be surprised the addition expenses that you may not be considering. This training will go over many of the expenses you need to consider when considering Cyber Insurance to ensure you are properly covered.
- Minimum Security Practices – When looking at Cyber Insurance, the insurance companies want to make sure that the people they insure are a good risk. To help them in making the decision around risk they may/do require some level of “Minimum Security Practices” within your business. You will be trained around this topic to ensure that you understand the expectations that many insurance companies are expecting of their clients.
Links and resources mentioned in the podcast:
- OPIA Insiders Guide to Intellectual Property and Cyberlaw
- Woodruff Sawyer & Company – Cyber Insurance 101
- Cyber-Insurance – Wikipedia
- Cyber and Privacy Insurance – International Risk Management Institute
I hope you enjoyed the podcast and it provides you value securing your business and WordPress site!
Listen on iTunes, don’t forget to subscribe to the show!
Lastly, check out our sponsor: Sucuri.net
I know you will enjoy this episode.
Thank you for listening!
“WordPress Security Daily”
BONUS – Don’t forget you can use the content in the podcast/training for Continuing Professional Education (CPE) credit!
Shon: Okay. So for our training this week we’re going to talk about a topic that just really is just revving, okay? It’s like super, it keeps you on the edge of your seat. It’s crazy, right? No, it’s cyber liability. Okay. Cyber liability, you’re going “What are you talking about?” Right? Well, these are the things that as you have a business or a WordPress website, something you may be considering is what is your liability in the event that you get hacked. And, is cyber insurance right for you? Okay. So, we’re going to be talking about three things that you need to consider to determine if cyber insurance is right for your WordPress entrepreneurs and you’ll see what I’m getting out here. This is not rocket science. This is not crazy stuff but there are some key points you really need to keep in mind when looking at cyber insurance and does — or maybe you don’t really need to worry about it. All right? So, we’re going to do the standard disclaimer, right? I am not a cyber insurance expert, okay?
So this week, this is sponsored by Sucuri, Sucuri.net. Have you ever had your site hacked and felt the sinking feeling in your stomach and then think yourself, “Oh, no, now what –.” Believe me. I’ve had that happened to me and it’s like, “Oh, this is not good.” Right? Well, you’re totally confused about security and how to best protect your site, ensuring your brand and potentially your livelihood. Sucuri can help you out. They offer a wide range of products and services. They can clean, hack, do face websites providing you actual protection capabilities that you need for your site. Here is just a few of the services they offer, website malware remover and cleanup, website application firewalls, distribute a denial of service mitigation and so much more. Check them out at Sucuri.net. That’s Sucuri.net.
I understand a bit about cyber insurance. I understand cyber risks and I understand what they’re trying to accomplish with cyber insurance. However, if you’re considering cyber insurance for your company and for your business I highly recommend that you get in contact with insurance professional and have them walk you through it. The questions that I’m going to posting to you and some of the things that I’m going to be saying will be very beneficial with you at conversation that you will have with that cyber insurance professional. It’s just something to kind of keep you educated, but again, disclaimer, talk to somebody who is an insurance expert when… before you make any decisions based on cyber insurance.
All right, so let’s get into it. The first is just going to a definition of what is it. It’s an insurance product used to protect businesses and individual users from internet based risks and more generally from risks relating to information technology, infrastructure and activities. Okay. So that’s a very long sentence that has lots of big ten-dollar words. Basically, it’s just like the insurance you have that you use, your rental insurance or any other kind of insurance that you may use from auto bill, property and casualty insurance whatever that may be that you’re trying to protect yourself from. It is just to reduce the risk that you’re exposed to when it comes to internet based risks. Right? That simple. And this is true, this is in and you can go to Wikipedia and then it will help you a little bit with this but it begun in 1990’s when we begun to migrate towards a digital cash solutions and credit cards. Right?
In the early 80’s there wasn’t much for credit card type products out there and as we went to the 90’s we started getting more into that and so they figured, “Hey, I didn’t look at some sort of insurance product to help with this.” It didn’t do a whole lot until about 2005 when we started to kind of catch on. As an example, in 2005, they had said revenues they expected there to be a certain amount. They had doubled that and then by 2008 they had tripled that.
So, they realize that they needed to do something quite quickly with that with the whole insurance capability to try to mitigate the risk. And, it’s interesting they had a bullet listed in Wikipedia on this and I didn’t realize this but it makes some sense because even today we deal with this. Is the newness of the industry resulted in invasive audits? So, what it meant was is that the more… because nobody really knew how it worked, they had some serious invasive security audits that would be kind of basically in your chilly going is this right, is that right, is this right. So, it really pushed people away from even using the product just because they didn’t want to deal with that. So, now there are some different types of cyber insurance. And we’re going to talk about first party risk and third party risk.
Now, first party risk, again, I’m probably butchering this from an insurance stand point but the main thing is a loss or damage to your own data. So, if you have your data that is sitting in your data center or in a server in a bathroom closet and that data center, the data melts down. So basically the system burns down, gets water damaged whatever and it just turn them dust or a hacker breaks into it, steals all your data. Those are different damages that occurred because of situations of a group, right. Tornado comes in. We have those in Kansas. Those kind of things.
That is your data. And so, there are some protections with your first party risk to protect against if it’s just your data. Now, the thing I look at if it’s just your data, well, okay if you have backups then you should be alright, right. If not, what is insurance really going to do for you or maybe placate a little bit of your stupidity that you didn’t have backups. Huh, sorry. But, basically, is that it’s rare and one thing we need to understand is that because we are so interconnected just, if it’s just only first party risk that’s very rare because we are so interconnected. In most cases at least from a corporate stand point you have all kinds of people connecting in to you. From a standpoint of your own specific business it maybe limited if you’re just a Word Press Entrepreneur that just has it, a one situation where one product is all you offer and you might be okay but odds are high you probably have multiple businesses that you’re serving.
So therefore, you need to consider probably third party risk. And this is liability to clients government or regulatory entity. So, basically, as an example I have on my training is that your SAP is your solution that everything goes into. So, it has got all your payrolls, all of those great things was hacked let’s just say that. But in SAP is a situation where you have all kinds of information that is stored in this SAP system. So it’s not just your data it’s your partner’s data or if you’re a Word Pres Entrepreneur that has plenty of sites that you’re working with and those sites, your multiple clients, well, now you get hacked or so now your client’s data potentially is at risk as well. So, most cyber policies will offer a combination of traditional liability coverage and this new cyber coverage. So, best to help mitigate some of those third party risks and we’ll get in to this third party risks where it’s going to be interesting to see where the skill is in the future and how you need to put things like these cyber security policies in place to protect you and your customers’ data. So, we’re going to get into number one. So the 3 things, number one is this, is what is actually covered? Okay. So privacy liability coverage it comes really down to this. Like we’ve talked about numerous things it’s all about the data. Now, breaches in private information, and we are going to call it PII which is Personal Identifiable Information, can be huge! okay, I can’t stress it enough, huge! And the reason I say that is you don’t- the different countries have various laws and I’m just, as this Podcast comes out there are issues with cyber security laws in China and in the United States. Well, they’re in flux and they’re moving different ways. So, you may think that you have a good understanding of how this is going to affect you but it can change just within a couple of weeks.
So, breaches of private information is a big deal and like we talked about it is very location dependent. Is it state? Is it province? Is it country? They all have different aspects. So, in the United States if you go to one state and look up how did they handle PII breaches of information is different than if you go to another state. And the United States still hasn’t figured out what they want to do and then that’s just to complicate things if you start talking Australia, China, anywhere else in the world, France, whatever. You need to also avoid languages that state yet your are not covered if failures to protect confidential information regardless of clause. So, if it says in there where that you’re not covered, if you failed to protect confidential information regardless of the cause, watch limiting language when you’re dealing with this.
So, you need to consider what is actually covered from a privacy standpoint and some language you need to look at avoiding potentially. Now, what also is covered depending on regulatory actions, so, is regulatory actions against you covered? So, if you own a business and you have a Word Press site up there and your regulatory requirements state that you have to send certain information to them then what ends up happening is- is then let’s just say you’re hacked, well, will that cyber insurance cover you in even that it doesn’t, you don’t send it to them like you’re supposed to do. So, this can get really expensive especially dealing with the government. Why? They have deep pockets, you don’t. So, you need to understand what is covered in your policy, are regulatory actions covered. Some require, some policy may actually require a formal “suit” to be filed before coverage. So, what that basically says is that you must be- your formal documentation must be in place before they even look at coverage.
Again, knowing the fine print behind this. It’s good to have a lawyer help you with this. If you don’t have one it is good to have again a insurance professional, who does this for a living, help you understand and navigate through all of this. Civil and fines, civil fines like you have a local municipality or local government may have some fines or penalties based on things you may have not complied with. Sometimes in many cases these cyber insurance policies may cover that. Also I noticed a bullet when I was doing some research on this that be mindful of insurance companies who seeks to exclude this coverage. So, you could have a set up where the insurance company says, “You don’t need that. You’d be okay.”
You might want to consider if you are in that space for civil fines could be a potential possibility, you may want to have that level of coverage. Also keep this in mind that since that everything is changing so much you just, you may not know, you may think you understand if there’s no civil fines of penalties but, guess what, there might still be. So, something for you to consider. Another thing that consider when what is cover is your notification cause.
Now, this can get really expensive when you do with notification cost and these are the costs associated with notifying all parties of the breach. This include public relations, phones, phone banks to basically get people out advertising. Who is to know? So you just got a big massive breach and now you have to, to people know is it have to be advertising that has to go. I’ve seen some advertising on TV from going, “Hey. Are you part of this class section lawsuit?” or “Were you affected by this…?” whatever. Those kind of things may have to be part of this. So then you ask yourself what is covered, why is this so important?
Well, it’s becoming a huge priority for third parties and when it comes down to it- I’ve seen this in Corporate America is that you may require your contractors or your third parties that connect into your environment to carry some level of cyber liability insurance and maybe in a contract. You maybe small enough to go this doesn’t affect me and it’s true but when you set up a contract for somebody do you want them to have some level of insurance so in the event that something happens you’re covered? I don’t know. You have to ask yourself that. So just consider the possibilities in your business. Is it a requirement. It happened with a target breach. I use this as an example is right now or the last, her number as I had heard was is the breach itself cost in effect of 800 million dollars in the losses to Target from the actual remediating the breach to public relations, to paying out affected people, so on and so forth.
And again, that number is a number that’s float around. I don’t know how right it is. It’s just [inaudible] money that will affect it because this hitting in error company did not do good practices in securing their information and then the hackers got in through the heating and air company in the target and then leverage what they could in target. And so, it affected that heating and air company affected target dramatically. It is also wasn’t important as this may possibly, again, “possibly help reduce judgement if you breached.”
Now, what I mean by this is this, are you doing your do diligence? So, you go, “Hey. I got security, check. Okay I did a good job with that. I’ve got insurance, check. Okay, great. I’m protecting my clients and I’m protecting myself.” and then you go to court and, “You’re protected, right?” “Maybe.” Right? So again, this is just comes down to this, it helps in your favor if anything were to go to a civil situation doesn’t mean it’s going to protect you one hundred percent, no not at all, I’m not saying that. But what it will do is it can help you potentially in the event that you’re doing the right things to protect you and your client’s data. That, that has some merit is better than saying, “I’m not going to worry about it. No big deal.” So, just something to consider. Okay, so now number two, there are 3 things you need to consider is a premium. I still have yet to understand why did they call it a premium because it’s not a premium for me. It’s a premium for them. So, anyway, moving on to the aggression, sorry. Substantial reduction can be done in your premiums based on security practices that you do, right? So, let’s say for instance, your mom and pop Word Press security guy, right, you had your own business, you get your developer, you’re a designer whatever may be and you have, you’re hosting Word Press websites for people.
lright, so, one more quick word from our sponsor before we continue to the rest of the podcast. So as you know, WordPress Security Daily is all about security, and with over 10,000 WordPress sites being hacked each in every day, it is imperative that you get the security help you need. Sucuri at Sucuri.net is just a company that help you with your security needs whether you’re a one person startup or you’re a humongous large multinational, they can help you with everything you need to stay secure. They actually have a WordPress optimization guide that I just saw not too long ago, that is good stuff. I mean, and I do like the way they keep putting cool stuff out like that is constantly putting it up into the market which is really, really good. Maybe if you’re a developer or a person responsible for your WordPress website, if you thought that, well, what you’re going to do? Have you been concerned or overwhelmed with managing security? I get concerned with it, right? Sometimes I get overwhelmed as well. Have you ever been hacked or had no idea who to turn to to clean your site and who to trust to get sure it’s done right? Don’t go after Dutch Developers. No, I didn’t mean that for all of you Dutch people out there, just these bad guys, right? You guys are all real good. Do you have multiple platforms responsible for Joomla, WordPress, Drupal, all of those? Okay? Sucuri can help you do that. They’re 24/7, 365, locations are global. They got your back, right? Just like [?], they got your back. So they got website malware removal, continuous scans for malware and hack attempts, blacklist monitoring, web application firewalls, you name it. I love the PCI part. They also will help you with that. I mentioned this before, and they’ve been responsible for a while with some us and they are awesome. I mean, you’re talking these guys. They know their stuff. They will definitely take care of you. No question about it. Tony and Dray, they’re great people. They started up Sucuri and they’ve been doing it for a while. They are really, really good. They offer three options, website security stock which is your basic pro in business, and each option has different levels associated for what you need for your WordPress site. So check them out, Sucuri.net. That’s Sucuri at Sucuri.net.
Okay, now all of a sudden you go security, “Security! Don’t need it! No big deal!” Right? That will probably keep your premiums high because, guess what, they’re going to ask. If you decide to do security practices then that may help reduce your premium. Now, this documentation for the security practice will vary on what you may need based on the industry you’re in. Now, there are some basic fundamental foundation of things that you need to do. However, if you’re in the financial industry you have different regulatory requirements that manufacturing company may have. So, there are new wants to this. However, you can get a lot of this out on the web or you can contact me and I can help you but you can have some security practices. You need to put something in place.
Okay. The insurance companies going to require this. The security requirements you may have to prove that you actually have this to the insurance company and then the question I ask you is do you know what good looks like? So, in the cyber space like everything else IT people like to be fuddle things. They like to confuse or cloud things and they use big terms that really confuse me at many times. But, do you really know what these big terms mean? You need to have a professional that will help you walk you through that or the minimum find the checklist online on state not with some things you need to look at and I will tell you that we’ve talked about in previous episodes PCI, Payment Card Industry Standard, they actually have with their suffices like questionnaires. They have some good checklist to go through that will kind of give you a good guidance and do you have proper security in place. Just something to keep your mind with this though is there are some big words in there you may not really totally understand. So, again, you need to get smart.
Get educated but it wouldn’t hurt to reach out to a security professionals while they kind of help guide you in the right direction. Fluctuation. Prices may fluctuate based on news. So, like everything in the news, right, what did they call that where it… can’t think of it. Anyway, success cells. No, that’s not the right word but when there’s an issue in the world that bad news cells or when there’s bad news, guess what, prices go up. So, like the anthem breach I read an article that said that when the anthem breach occur and that was a huge breach Personal Identifiable Information that affected a lot of people in the United States and there’s over a 40 percent increase in cyber security liability insurance when the occurred to what it is today because breaches like, “Oh breach cost charge more money.” Right? So, you need to consider that and you need to understand that before you decide to buy cyber insurance. But, basically this, if you don’t need it right away and a price goes way up because some news happen you need to ask yourself is it worth it to buy right now or should I wait a little bit but then again that could be you never knew.
The other thing is price negotiation. You can negotiate price with these people and I didn’t, honest, I didn’t realize that but then a lot of the industry experts were saying that don’t hesitate to ask about pricing and I understand this piece to it though. There is little actuarial data out there and anybody who says they understand what a hacker is going to do, yeah right. Insurance basically comes down to in a path they have predictable actuarial tables that they’ve used from I know how often this is going to be a fire. I know how often there’s going to be a tornado or break in or so on and so forth, crashes whatever may be. So they’re very predictable. They have very smart people that figured this out down to just everything. However, when it comes to cyber security breaches there’s not a whole of knowledge on this and there is the knowledge as getting out there.
They’re getting smarter. However, because breaches can be… nobody knows they’re going to happen the things they have to use is are you in an industry that’s targeted? Do you have good security practice info? So using those things to kind of heads their bets if that make sense. Potential cost, when you’re dealing with the premiums your cost will quickly go beyond just any simple lawsuits. So, when you look at your premiums you need to kind of think about the fine print and you need to think about what are some of the things you’re going to need to do and that will also affect your premium. So, if you go, “I want the McDonald’s version of this the quick and easy version.” then you may not be able to get all the things you want or if you go with, “I want the Gucci Cadillac version.” you get everything you want in the kitchen sink but maybe that’s not appropriate for your organization and for your business. So something to consider that potentially could go beyond what you’re expecting and you may not even know these words are. So, Auburn U, these are probably some $10 words or like Uh what, instant response. Do you have an instant response?
So you get hack, you need to call the people like Ghost Busters to come in and fix it. Right? It’s the response. Forensic experts, people that come in that deep dive and find out how you got hacked, who did it, why they do it, so on and so forth. Do you need new equipment because the equipment you have now is old or it’s hacked, it’s not trustworthy, do you need new ones? And then, do you need to do credit monitoring for people that have been hacked? Now, you go hear me talking to this Podcast and in general credit monitoring is a placebo. However, if you’re going to offer to people that who’ve been hack maybe you decide, well, so it’s a good thing to placate the people and give them credit monitoring just to protect them a little bit. Right? So those things that’s what companies do. They throw credit monitoring at people who had been hacked hoping that they will take the credit monitoring, take the candy and go away and that’s kind of what they do but those are different options that may quickly go beyond what you’re expecting for potential cost. So number three of the three things you need to be consider is your minimum security practices.
These are going to be defined by you, right? Just like in the PCI. The PCI gave you guidance on how to do things but the minimum security practices will be defined by you in shivers but they should resemble industry best practices. So if the insurance company ask you to show what you done, show them what you’ve done you need to go in and provide that for them. So, that will be based on industry best practices. So, a couple things to consider with that is you need to have a secure network designs. So if you don’t know what this is you need to have your IT person if that’s you then you better get smart on it. Come over to secure network design. Do you have firewalls in place? Do you have anti-virus? Do you have, what we call, a proxy? Are those things important? Do you have to have those? Do you need to know what this looks like and there are resources online to help you with this but if the worst comes to worst hire and expert to help. He’s going to do it.
Data encryption, secure connections, all these things need to be considered and if you’re like me when I, I’ll be honest, when I look at Word Press I scratch my head sometimes I go, “Okay. I got to teach myself this and I’m never as good as the expert. So therefore, I try to hire people that know this better than I do same with you all.” If you’re out there and you don’t understand what you’re doing you need to look at hiring somebody. If not, get real small security real fast or come to Word Press security daily and we will help you. There is the plug that I got to do. Right? Alright. Utilize known standards also national institute of standards called mist or stand as in technology actually that mist is a standard that’s available that you can go out and look online to find out what exactly are some things that consider when looking at security for whatever you’re looking for right from websites down to an actual infrastructure.
There’s also ISO 27001. The ISO standards used typically for international companies and international standards but bottom line they all use the same one. So if you use those that will help. If you don’t know the binocular of security stuff it’s a great place to start to get your feet wet and to get an understanding of what these companies are looking for and there’s others out there as well. Okay, now I’m going to… those are the 3 things but I’m going to go into some areas that I didn’t really know how to put them in a bullet. So there’s going to be, “other key areas”. Alright. Terms and conditions, understand the terms and conditions when getting a policy. This may have significant impact on your policy. Fine print, watch it, read it, understand it. So just know what that means. I will say that my dad had gotten some cyber insurance awhile back and the fine print you got to be very careful because that fine print could dramatically affect how their policy pays out. There are little standards for policies right now so it will vary from company to company. So again, you just going to be smart on it. There’s a comment that was made or a statement that I saw in one of the policies and that was also made online that I’ve seen is that that you needed from a discovery point of view they’ll have language in there that says you have 24 hours in the point of discovery to notify the insurance company. So, and then there’s discovery and then there’s breach. So, discovery would be, okay, if use this all of a sudden you realize, “Oh, no. This is not good. I’ve been hacked.” call the insurance company. Life is good. That’s discovery.
Breach, you get to find what that means because a hacker could have breached, could have gotten into your systems weeks or months perhaps or even years prior to you actually discovering it and if it’s that you must notify them between 24 hours in the breach you need to clarify what is that mean, does that mean that for the time that they actually hacked in to your website, maybe, if that’s the case, that language could put you out of business real quick because they would say, “We’re not going to pay out.” So something to consider.
Accidental disclosure, you also need to look at your employees or personally you accidentally disclose IP, the Intellectual Property Data or something else online through social media, other locations. Is there a clause and then it says that accidental disclosure is not covered and that your employees if you have in place or they’re your biggest assets but they’re also some of your biggest liabilities? So consider that wisely when getting a cyber insurance, cyber security insurance. Now, they had the wonderful exclusions in there that you need to be aware of. One would be cyber terrorism and you have to define what is this mean. Right? So, what I think cyber terrorism is and what the insurance company thinks it is maybe vary different. And so, if something happens in today’s world I said just change it might be important for you to be able to clarify that with them.
So when there’s exclusions on intellectual property are they willing to pay? What is intellectual property? What is your sour code for your website? Is that considering intellectual property? Are they willing to pay for that? I don’t know. Government claim fines or defense cost. If they might say they’re not going to pay for government claims or fines. They’re associated. Understand that. Negligence, failure of your business to meet the security standards. Here we go again security standards. So, you decide not to meet them. All of a sudden for whatever reason you say whatever define or what not meet is now you are negligent. So now, they will not pay.
Again, lots of little things to keep in mind there. Yeah, encryption, there are some positive seem maybe avoided if encryption is not used especially if you’re storing PII or Personal Identifiable Information. So, consider that. Bottom line, cyber insurance can reduce or transfer your liability risk but you need to understand the fine print like everything in life you need to understand it. The problem is is like legal language. I have a hard time understanding the fine print in legal language about there shall do’s and all that fun stuff. Well, if you don’t understand cyber security talk then you need to get smart on it real quick or have a professional walk you through it. Okay. That choice is not enough? I don’t know. Again, last disclaimer. Again, I’m not a security, cyber… I am a cyber security professional but I am not an insurance professional when it comes to cyber security insurance. I understand that risk but I don’t understand all the fine details. Find somebody who is in the space if you have questions about it and they can help you with that.
Alright. We’re going to roll on into the pro tip of the week. Alright. So we’re talking about protecting mobile devices. 30 percent of internet usage is via mobile devices. And know that 70 percent that means everybody is accessing it. So everything in the web is being used for smartphones. So if you go to a restaurant you’ll see it. Everybody is out their head in their smartphone click and click and click. So, that is an interesting part. Now, if you have a business you probably have done some work on your mobile device and that needs to be protected because if you don’t protect it the bad guys, the evil hacker horde will come in and get it and it will take all your stuff. Then there’s a bazillions of flavors and versions of all kinds of phones, right, from android to Apple. Right?
Those are the main, again, the big ones. You got your windows, the Microsoft’s attempt at it and you’ve got various other mobile devices out there depend on what part of the country and world you live in. However, there are super many flavors and versions of each of these different types of phones. So, they can get kind of complicated and convoluted very quickly. But here’s some key points you need to consider when protecting your mobile device and this is just basic stuff but it’s important. Again, the owner stand was security. If you do the basics you really mitigate like 90 to 98 percent those are arbitrated numbers I would see it just through out there because why not, everybody else does. That you would mitigate that many that much of the threat. So first of is utilizing the screen locks, pins, finger prints, facial recognition and so forth, utilize a screen lock. It’s important because if somebody gets it like you want and Apple if people do it 10 times it wipes the system. I mean, yeah you lost your phone but I don’t want my pictures of my fuzzy kitten getting leak to the world, right, and maybe you do. I don’t know maybe that kind of person likes fuzzy kittens but [inaudible] you may not want that.
So, utilize screen locks are important. People have turn them off because of the convenience of not having to do with the pin. Again, I’m guilty of this in the fact that I hate the pins but they’re also important. They really are. So therefore, go to a thumb print works a lot better. Okay, just saying. Mobile encryption software, newer versions of phones are incorporating this into the device already that it’s already your data is encrypted while it’s there but you need to have a mechanism. It doesn’t do any good if that encryption is there and you don’t have a pin to unlock the phone, to lock the phone. Yeah, great, it’s encrypted but it’s unlock so what it doesn’t do any good but you need to consider the mobile encryption software if your device doesn’t or already have it. Remote wiping your phone, there are capabilities now in these new phones that allow you to log in and remotely wipe it. I know Apple has that capability but android and some functionality depend on what you actually have set up on that phone will do that as well but if you have sensitive data on their consider this ability I would just do it anyway.
I wouldn’t even worry about it because it’s sensitive because I got of pictures of my kids and I really don’t want Billy Bob that have pictures of my kids and my fuzzy little puppy. I’ve got pictures of my cute pup. So, and you know that you never know they could take them and do crazy stuff for that. And then the newer devices they are gaining more of this functionality if they already have it. Bluetooth, here’s a key point is makes you turn this off when you’re not using it. Now, I will say I’m guilty of this. I forget that I even have it on but it’s hard, depending on the device you have. Some devices will not allow anonymous connection to your phone. So, if I want to connect my Bluetooth device to my phone will end up happening is is it will prompt me saying, “Hey, do you want this added to your phone?” that’s does what they do. However, some phones do not do that. They’ll just automatically connect. So you need to ask yourself, do you need to really turn it off when you’re going to a place especially to a place where there’s a lot of people, airports, coffee shops, so on and so forth.
So, you need to configure your device, your phone, to connect only to your devices just to keep people from accidentally or intentionally connecting to your phone. Alright, so as we wrap up today the one of big things I want to talk you about last thing is just go, we’re going overview what we’ve talked about. So, we’ve talked about cyber insurance and the definition of it and some of the reasons why it’s important, right? We’ve talked about the different types of insurance from first party to third party and how does that mean for you and what’s covered with your policy. You know, now the big three is what is covered by your policy and four your specific situation, the details about your premiums and the minimum security practices that you really need to consider so to make your policy work. And again, I can’t trust this enough. If you don’t understand it just go get some help with it and reach out to some people that may have that level of expertise just to kind to give you some guidance and direction. It’s not a lot, right? It’s not like you need somebody on retainer to help you. It’s just get some direction and guidance on where to go and the last thing was some other key considerations when dealing with exclusions and so forth that you need to keep in mind with dealing the cyber liability insurance and then we finished up and wrap it all up with the pro typically protecting your mobile devices.
Alright, as we close this week’s show of WordPress Security Daily’s podcast, I want to express my appreciation once again for Sucuri at Sucuri.net. They’re the real deal. If you need security service that you can deftly help you out, I wouldn’t recommend them if I didn’t feel that way. I know they can meet or exceed your expectations. No question about it. Check them out at Sucuri.net. Alright, stop by WordPress Security Daily has a free content. Rank us on iTunes with good. We would love that. Have a wonderful blessed day and have an awesome rest of the week. See you.
Thanks so much for listening and being a part of WP Security Daily!