Take control of your Cyber risk | Wilson Organisation

News

May 15, 2017

Take control of your Cyber risk

Take control of your Cyber risk

With the recent cyber attack on the NHS bringing cyber security to the forefront of people’s minds, now is the perfect time to review where you stand in terms of cyber security. You should be considering not only what you can do to protect your business from suffering an attack, but also to provide the specialist support you need should the worst happen.

Cyber Insurance

Cyber insurance is more crucial than ever as attacks and data breaches increase in both frequency and sophistication. Having the right cover in place will support and protect your business if it is the subject of an attack by a malicious hacker, or experiences a data breach. It not only provides comprehensive cover, but will provide you with a trusted partner to support your business in the event of a cyber attack.

Do need cyber cover?

  • Is your business reliant on computer systems?
  • Do you have a website?
  • Do you hold sensitive customer data, such as names, addresses or banking information?
  • Do you have a payment card industry (PCI) merchant services agreement?

If you answered ‘yes’ to any of the questions above, then you need cyber cover.

Businesses are now more reliant on technology than ever before. It’s difficult to think of a sector that isn’t reliant on technology and wouldn’t be affected by a cyber attack.

You may hold personal information on clients or customers, including names, addresses and bank details. Your business systems and data may be held on office servers or in the cloud, or you may be an online business  reliant on your website to do business. Given its focus on innovation and an increasing reliance on technology, the manufacturing industry is particularly vulnerable to cyber risks too. Damage or unauthorised access to any of these could lead to loss of business, legal or regulatory costs and reputational damage.

How does cyber insurance protect your business?

Insurance is one of the only ways to ensure your business is covered should the worst happen, cyber is no different to any other aspect of your business.

Unlike other areas of your business, you may not have the specialist knowledge and expertise required should you experience a cyber attack. In addition to financial compensation, you will also receive professional support from a team of experts – from specialist technical support to legal advice, PR and even identity theft assistance for your customers that may be affected.

As cyber risks are constantly evolving,  security audits can help identify weaknesses in your computer system and response plans can be put in place so you are prepared should you suffer a data breach. You can never let down your guard in protecting your systems and training your people to recognise the threat, as part of your cyber cover you will have access to the resources you need.

Take action now!

Lloyd’s of London predicted a rise in demand for cyber insurance in 2017 as the threat of cyber breaches is expected to double. The insurance market responded and a range of insurance products have been developed to meet the increasing demand for cover, so not only is there a product available to suit your specific business needs, but it’s also far more cost effective than ever before.

To protect your business, just contact Mark Minton and our team will be happy to provide a quotation for your specific requirements.

10 steps to cyber security

The National Cyber Security Centre, set up by the Government to lead in our efforts to combat cyber threats, provide the following guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security detailed below.

Risk Management Regime

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. Clearly communicate your approach to risk management with the development of applicable policies and practices. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

Secure configuration

Having an approach to identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. You should develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching. Failure to do so is likely to result in increased risk of compromise of systems and information.

Network security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding (or causing harm to your organisation). Your organisation’s networks almost certainly span many sites and the use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult. Rather than focusing purely on physical connections, think about where your data is stored and processed, and where an attacker would have the opportunity to interfere with it.

Managing user privileges

If users are provided with unnecessary system privileges or data access rights, then the impact of misuse or compromise of that users account will be more severe than it need be. All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed. This principle is sometimes referred to as ‘least privilege’.

User education and awareness

Users have a critical role to play in their organisation’s security and so it’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

Incident management

All organisations will experience security incidents at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact. You should identify recognised sources (internal or external) of specialist incident management expertise.

Malware prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. Any exchange of information carries with it a degree of risk that malware might be exchanged, which could seriously impact your systems and services. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential in order to effectively respond to attacks. In addition, monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements.

 Removable media controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

 Home and mobile working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. Train users on the secure use of their mobile devices in the environments they are likely to be working in.

You can find further information and keep up to date by visiting their website at www.ncsc.gov.uk

Over 100 years of innovation

  • 1914

    A successful launch! The Wilson Organisation was founded in Nottingham by Harold Wilson and became the first company in the East Midlands to offer a comprehensive insurance policy to the region’s fast-growing band of automobile drivers. Innovation from day one.

  • 1920s

    During the 1920’s, Wilsons developed its commercial insurance offering under the stewardship of Harold Wilson. Hopping forwards 80 years, Wilsons has developed a number of industry specialisms including a particular expertise in the food and drink sector. We created a unique insurance offering called “FoodProtect” and, through this service, have been able to deliver intelligence and cost-effective insurance programmes to a broad spread of leading food producers. The best thing since sliced bread? Maybe not, but we’re working on it.

  • 1949

    John Prow joined Harold Wilson in the business, marking the first generation of the Prow family’s involvement in The Wilson Organisation. Wilsons’ clients included leading Nottingham firm Boots The Chemist plus a number of operators in the burgeoning railway sector. With post-war regeneration beginning apace, the firm’s fledgling construction expertise quickly developed into one of our leading offerings and this continues through to the present day, with clients including national and regional builders, developers, contractors, sub-contractors and architects.

  • 1960s

    The 1960s were the start of a new era for The Wilson Organisation. Harold Wilson and John Prow died on the same day in 1963, Harold of illness and John in a car crash. This left John’s son, John J Prow, to run the growing business at the age of 27. Under his youthful direction, Wilsons benefited from a new energy and direction. John J Prow, who had joined in 1960 in a new business role, led the move into our current premises at Wilson House in 1964 and then launched the financial services division in the following year.

  • 1990s

    The late 1990s heralded the start of the third generation of the Prow family’s involvement in the business. Managing Director Charlotte Prow joined in 1998, to be followed by the firm’s Chief Executive, Annabel Prow, in 2002. Product and service innovation continued apace with the launch of a corporate finance specialism in 1997, which continues to deliver valuable cost-savings and insights to the region’s dealmakers.

  • 2000s

    Now century on from the launch of The Wilson Organisation in 1914, the company continues to encourage innovation and reward good ideas. Within the financial services team, 2008 marked the launch of “Flex”, a powerful employee benefit programme and the development of “WRAP”, an investment tool with a unique level of investor control and transparency. Meanwhile, our insurance advisers worked quickly to bring to market a specialist insurance policy for insolvency practitioners.

  • 2010s

    2010 saw the launch of the Midlands Family Business Awards by Wilsons, the UK’s only independent not-for-profit Awards for family businesses. Now in their fifth year, the Awards have raised almost £20,000 for charities supporting families and young people. In 2014 we are celebrating Wilsons’ centenary, a significant milestone in Wilsons’ history.

Registered Office:
Wilson House, 1/3 Waverley Street, Nottingham, NG7 4HG

Registered in England Number 862690 - Members of British Insurance Brokers Association

Harold Wilson (Insurances) Ltd. and Harold Wilson Financial Services Ltd. are authorised and regulated by the FCA (Financial Conduct Authority)