Are You Too Small to be Hacked?

"Nobody is going to hack me.  I'm too small to be noticed." - Small Business Owner

Yes, you're right, Ms. Business Owner.  You are not ultimately the target.  TARGET(the corp) is the Target.

In fact, that's what happened:  a contractor who did work for a TARGET store was hacked and the hackers waited for that contractor to access the payables system to submit their work invoice.  BOOM, TARGET is hacked.

But they came through you, Small Business Owner, because you thought:

"Nobody is going to hack me.  I'm too small to be noticed."

GDPR is a big hubbabaloo about Gov't requirements to protect data.  Read about that HERE and grab the free resources

Adding Cyber, Tech E&O to your insurance is easy.  Getting sued by your own customer because you let a hacker into them, through you, is hard.

That's because you're not Nobody.  You're just small enough to hack into...

Data Privacy and You

From our good friends at RPS: The European Union has enacted a comprehensive and far-reaching data privacy initiative, (GDPR). It contains massive penalties for noncompliance and is set to go into effect soon.

What do the initials "GDPR" stand for?

"General Data Protection Regulation" (www.eugdpr.org)

My Clients are all based in the United States. Do we care about this?

Yes.  Even if the company does not have a business in the EU, the regulation can apply if:

  • The business offers goods or services to EU subjects regardless of whether payment is required.
  • The business monitors the behavior of EU subjects. (Clicking on social media links, analyzing marketing likes/dislikes)
  • The business stores and holds the personal data of EU subjects.

Can you give me a quick idea of what this new law is about?

The GDPR unifies data protection laws for “Personal Data” across the European Union with the intention of strengthening privacy rights of consumers. It imposes hefty fines on companies that don’t comply. The GDPR has many requirements, but here are the primary ones:

  • The personal data you collect must be "minimized, accurate and portable".

  • You need to obtain informed consent from a EU consumer before collecting, storing or using their personal data.

  • Their personal data must be “provably deleted” if the consumer so chooses.

What does the new law consider "Personal Data"?

  • Name
  • Address
  • Photo
  • Email Address
  • Financial information
  • Healthcare information
  • The law also includes data that could indirectly identify an individual (racial or ethnic origin, political opinions, religious beliefs, etc.)

Who is affected?

Any US business that offers goods or services to customers in the European Union or holds any personal data on European Union subjects.

When does this new law take effect?

May 25, 2018

What does GDPR say a business must do if they are the victim of a data breach?

The GDPR requires that companies notify individuals of a breach of their personal data. Notification must include:

  • The name and contact information of the company’s data protection officer
  • The anticipated consequences of the breach
  • Any measures taken by the company to remedy or mitigate the breach

 

What are the penalties if a US business doesn’t comply with GDPR?

Monetary penalty is 20 Million Euros or 4% of a company’s annual revenue, whichever is greater.

 

What should US businesses do now?

Here is a great resource: www.dacbeachcroft.com And - if your client has not purchased a comprehensive Cyber Liability policy for their business, they should be doing so now. If they have purchased Cyber Liability, please ensure that the carrier is covering GDPR fines/penalties.

If you want a "white knight" assessment of you cyber security, contact Kevin and he'll set you up with a security audit.

Usage Based Insurance for Fleets

“Why do my auto rates keep going up, even though NONE of my employees got in any accidents last year?”

That’s because you’re paying for other companies bad drivers.  We want to change that, to make it more fair.

Here at ConSulinsurance.com were working with a carrier and a tech start-up to create a usage based insurance (UBI) program for livery, public auto, fleets, and trucking.  [we can currently write policies for any car based gig economy app]. Instead of the standard, high rate, low coverage commercial auto policy, the business owner will get weekly driver safety reports, comparisons across similar fleets, a monthly audited insurance bill based on mileage and safety, and identification of problem drivers.  

You’ve heard of BIG DATA.  We want to use Big Data as a loss CONTROL tool, making insurance an interactive part of your business, instead of a financial arrangement dictated by too many opaque rules.

A UBI insurance system is fair.  A few years back, a contractor’s employee was driving with his knees, while eating and texting.  Losing control of the van, he hit two parked cars to his right, crossed both lanes of traffic, and hit a third parked car across the street.  That third struck car, bumped the curb, and struck a pedestrian. $2,500,000 claim, BOOM. This accident nearly destroyed the contractor’s company, and he was forced to fire multiple employees, and shrink operations, to survive the financial hit.

For fun math’s sake:  If that contractor paid $25,000 per year for his commercial auto policy, only after a 100 years would the insurance company recover that loss.  This was a preventable accident, not some fluke. Insurance should cover the unpreventable, unforeseen event. Insurance should not be used to cover stupidity.  Especially, on the backs of good safe companies.

From whom did you think they actually got that money from?  Is that fair?

Putting the business owner in control of the company safety, in a proactive, behavioral and cultural manner, will not only save that business insurance costs, but also create efficiencies and lower maintenance costs.  Imagine the boost to the bottom line!

Check back here from time to time, as we’ll update you to our progress