By: Thomas J Harvey , National Association of Homes & Services for Children
Source: Center Collection
This article appears courtesy of ARA Content, , e-mail: info@ARAcontent.com
Published: November 2001
Learn how you can protect your organization from acts of "wired sabatoge" by former and disgruntled employees. This whitepaper highlights some alarming trends and provides tips and advice for managers faced with these challenges. It will be especially useful for association professionals engaged in executive and governance issues, organizational management, IT, finance, human resources and administration.
Harvey, president and CEO of Assurex International, the world's largest grouping of privately held risk management and commercial insurance brokerages, recommends employers purchase comprehensive CyberInsurance to minimize damage and mitigate losses caused by electronic saboteurs.
"Law enforcement professionals estimate 60 percent of computer system break-ins are the work of employees," said Harvey. "From employees hacking into systems to view salary and medical records, to workers slacking off and logging onto pornographic Internet sites, to managers trying to stretch departmental budgets by condoning software piracy, eSabotage carries an enormous price tag. Fortunately, CyberInsurance policies help mitigate losses resulting from business interruption, lost productivity, computer viruses, fines, theft, embarrassment and other eRisks. CyberInsurance is an indispensable business tool for employers operating in the age of eSabotage," Harvey noted.
Electronic risks take a variety of forms, which can be successfully managed by purchasing the right insurance product. For employers eager to reduce eLiabilities, the eRisk Management and eInsurance specialists at Assurex have identified the most common and costly forms of workplace sabotage, and the CyberInsurance products that best address them.
Disgruntled Employees Crashing Computer Systems
How much damage can one disgruntled employee do? Lockheed Martin's e-mail system crashed for six hours after an employee sent 60,000 coworkers a personal e-mail message complete with a request for an electronic receipt. The defense contractor, which posts 40 million e-mails a month, was forced to fly in a Microsoft rescue squad to repair the damage caused by that one employee.
On a smaller, but no less disturbing scale, a Forbes Inc. computer technician deliberately caused five of the publisher's eight network servers to crash as retribution for his termination from a temporary position. All of the information on the affected servers was erased, and no data could be restored. As a result of this one act of sabotage, Forbes was forced to shut down its New York operations for two days and sustained losses in excess of $100,000.
Could your organization survive this type of deliberate computer system crash? With a comprehensive CyberInsurance program in place, the six- to seven- figure cost of electronic sabotage would be covered. To mitigate losses associated with computer system crashes, Assurex's Harvey suggests employers purchase Business Interruption Insurance.
"If your computer system goes down and prevents you from conducting business and generating revenue, you will suffer a loss of dollars, credibility, productivity, and customers. Business Interruption Insurance can help mitigate losses, regardless of whether your crash is caused by a saboteur or a technical snafu," notes Harvey.
Employers also may want to seek the protection offered by Electronic Data Processing (EDP) Coverage. EDP policies offer broader coverage for computer equipment damage than normally found in a general business property policy. EDP policies cover hardware and software replacement, as well as the cost of hiring technical experts and others to work overtime to re-capture data after an eDisaster strikes.
CyberTerrorists Sabotaging Data and Networks
Omega Engineering Corp. suffered losses of $10 million when a terminated network manager detonated a software time bomb, which he had previously planted in the network he helped create. The bomb paralyzed Omega, a manufacturer of high-tech measurement and control devices used by the U.S. Navy and NASA.
Think things can't get any worse than that? Think again. Imagine receiving notice that a vengeful employee or malicious hacker is planning to crash your server, shut down operations, and violate the privacy of your employees and customers unless ransom is paid.
Employers who have Extortion and Reward Insurance coverage in place would have the resources to respond to CyberTerrorists' extortion demands and offer monetary rewards to help capture eSaboteurs. Uninsured organizations, on the other hand, would be at the mercy of individuals who have demonstrated an utter lack of respect for the organization and its assets.
Electronic Thieves Stealing Trade Secrets and Funds
E-mail and the Internet make it easy for disgruntled employees and vengeful ex-employees to steal trade secrets and confidential company information. In fact, the Computer Security Institute (CSI) and FBI report that theft of proprietary information accounted for over $66 million in losses last year, versus $8.2 million lost to denial of service attacks.
To reduce the likelihood of proprietary information being stolen, the eInsurance professionals at Assurex recommend employers take a three-fold approach to eRisk Management: (1) Instruct employees not to share company-owned secrets and proprietary information with outsiders; (2) install software that alerts management when competitors are e-mailed or trade secrets are downloaded; and (2) purchase Unauthorized Access, Unauthorized Use Insurance, Specialized Network Security Coverage, and Crime Loss Insurance.
Unauthorized Access, Unauthorized Use Coverage is fundamental to any organization with an Internet presence. If a saboteur or hacker gained access to your Web site and stole data or funds, this policy would cover you for failure to protect against third-party access to data and financial transactions.
Specialized Network Security Insurance covers losses stemming from the improper handling of private information. Let's say you operate an on-line employee benefits program in which clients record salaries and benefits. If security were to be breached and your clients were harmed when their employees learned salary package details, you could be sued for failure to protect confidential information. Specialized network security coverage responds to that liability or any breach of network security and resulting losses.
Crime Loss Insurance should be purchased by online banks, payroll companies, and others who operate as repositories for financial assets and risk the electronic theft of funds.
Introducing Viruses and Triggering Software Audits
Get caught with illegally duplicated, or pirated, software in your office and you, the employer, will face fines as high as $150,000 per title infringed. A federal offense that is as immoral as it is illegal, corporate software piracy typically comes to light through anonymous tips from irate workers, former employees, and vendors.
Assurex recommends employers police their own computer systems for illegal software. Start by conducting a comprehensive software audit. If you discover employees have loaded pirated software onto company computers, remove it immediately. Educate employees about copyright infringement, and institute a firm anti-piracy policy.
In addition to opening employers up to charges of software piracy, illegally duplicated or downloaded software can introduce computer viruses into an organization's system. Computer Virus Transmission coverage protects against losses that occur when, for example, a saboteur intentionally opens an infected attachment or downloads virus-laden software that crashes the organization's system and erases files.
No Employer Is Immune from the Risk of eSabotage
Think your organization is immune from eSabotage? Not likely. If industry giants like Yahoo, eBay, and Amazon.com can be hacked, if government institutions like the Air Force and Navy can be cracked, if high-security installations like the Pentagon can be infiltrated 250,000 times a year, how can your company remain safe from CyberAttack?
Employee misuse and abuse of e-mail and Internet systems can trigger costly litigation and protracted eNightmares few employers are prepared to handle. Consequently, many employers can expect to spend millions recovering from eSabotage. Effective eRisk Management incorporates eInsurance to mitigate eRisks and reduce liability costs after eDisaster strikes. Employers can control eRisks by purchasing eInsurance policies to reduce first-party losses and limit third-party claims.
The best advice, according to the e-insurance experts at Assurex: Consult an insurance broker with eRisk management and CyberInsurance experience, then establish an insurance and computer security program to help reduce electronic exposures and lessen the likelihood of costly litigation.
Rate this item:
Please Sign in to rate this.
ASAE U Online
Models & Samples
|Find a Job
Post a Job
Board of Directors
Standards of Conduct
Endorsed Business Solutions
American Society of Association Executives™ (ASAE), 1575 I St. NW, Washington, DC 20005
|Social Media | Advertise | ASAE Foundation | Site Map | Contact Us | Privacy Notice|