What you should know about cyber risk, part 1

Anybody who works in an office felt a shiver of panic when Sony was hacked late in 2014. It exposed confidential data, including salary info and film scripts, as well as more than 74,000 social security numbers of people on the payroll at the company.

As bad as that is, Sony is far from alone. Other recent high-profile security breaches include: Target, CVS, Staples, Neiman Marcus, Wyndham Hotels, and the Trump Hotel Collection. We know that hackers target some of these high-profile hospitality and facilities management companies specifically for the wealth of personal information they use to run their businesses.

But, what about smaller companies that don’t have the money to invest in IT infrastructure and security measures? Are hackers even interested in that data?

Definitely. Not long ago, an employee of the Massachusetts property management firm, Maloney Properties, Inc., lost their laptop. More specifically, the laptop (containing the personal information of more than 600 residents) was stolen out of the employee’s car. There was no evidence that the thief (or thieves) attempted to exploit any of this data, but Attorney General Martha Coakley found the company to be negligent, levying more than $15,000 in fines.

And, they then had to ensure that they were working to prevent any further data breaches by implementing policies that protected their customers and employees, like portable device storage and encryption technology.

“It is incredibly important that businesses ensure that laptops and other technology have the necessary encryption to protect consumers from identity theft,” Coakley said. “We will continue to make sure that companies understand their responsibilities under the data privacy laws and are held accountable when they do not adhere to them.”

Is your company at risk? Basically: yes. Every landlord, property manager, or real estate professional has access to (and stores) sensitive, confidential, personally-identifiable information on tenants and employees. Here are 3 of the biggest security risks in real estate:

1. Electronic payments. They’re convenient, but can be gold for hackers. Because multifamily residential companies, mini-warehouse companies and even single-family rental homes generally accept credit card payments, they all have “tremendous exposure to third-party confidential information” breaches, according to Arthur J. Gallagher & Co.
2. Laptops. Again, convenient, but they can be easily stolen. And, sophisticated hackers can exploit vulnerabilities within a system the minute an employee is connected to the internet.
3. Miscommunications. Building owners and management companies often do not coordinate well when it comes to structuring their cyber risk insurance. Usually, it’s unclear who is supposed to carry what coverage, and some property owners consider the structure of their cyber risk protection to be a proprietary secret, according to the authors of Law360.com.

There are a number of ways to protect yourself from a hack, which we’ll cover next week, but it all begins with awareness. Here are 7 must-know things about data breaches in the United States:

1. Malicious code and denial-of-service account for a combined 41% of all cyber attacks, but they’re just 2 of the many ways hackers can gather data. Others include: web-based attacks (13%); phishing & social engineering (11%); stolen devices (9%); malicious insiders (8%); malware (7%); viruses, worms & Trojans (5%); botnets (5%)
2. Businesses with fewer than 250 employees account for somewhere between 20-30% of all cyber attacks.
3. The average cost per breach now exceeds $7.7 million per business, according to research from The Ponemon Institute.
4. More specifically, the average cost per record is $200. That includes disclosure costs, legal fees, potential lawsuits, investigation costs and the cost of paying for credit and identity theft monitoring for each affected individual. This may be higher for smaller breaches, because costs are amortized over fewer records.
5. Successful cyber attacks have increased 46 percent over the past four years.
6. Commercial general liability policies do not (usually) cover cyber attacks and security breaches.
7. 60 percent of small businesses close their doors within months of a successful cyber attack.

Have you ever had to deal with a security breach? Share your advice for recovery and protection in the comments below. And, be sure to check in next week for insurance and protection advice.