IT and Business Insights for SMB Solution Providers

Data Breach and Identity Security Beyond the Technical

I received my new business insurance policy. I'm not sure why I look through these things except to keep an eye out for things that don't make sense. I say I don't know, because I fully admit that I've never really figured out insurance terminology.

In my opinion, if you need an example of industry-specific terminology, insurance is a great place to start. Maybe insurance sales people say the same thing about technology. I understand every single word I read - until I read them in a sentence in my insurance policy.

Anyway . . . I'm thumbing through this fat document and I find the page printed here:

Here's what's going on here. First, this notice is information only, not part of cybersecurity insurance or even the business property insurance to which it is attached. Second, my insurance provider wants me to educate myself about data breach, identity "theft," and the laws in California related to those things.

Third, this is a self-help portal for information. But, fourth, there's a phone number I can call to help me with both breach preparedness and breach response.

I've heard lots of smart people (including Mike Semel of Semel Consulting) point out that you should be looking to insurance companies for leadership. They've been hit by ransomware where it hurts: their wallet! And they've responded. One response, obviously, is to raise everyone's rates. Another is help to minimize the problems that can lead to payouts.

Note, also: You and your clients have some serious responsibilities if you want to get a payout after a data breach. If you don't know what's required, you probably don't have a checklist to make sure you're insured.

In this case, I'm dealing with Nationwide Commercial Insurance. Once I logged into the site, I found a treasure trove of free services, including:

- Pre-Incident Legal Consulting (one hour). There is a list of topics that can be discussed, including risk assessment, incident response planning, and development of related policies and procedures.

- Cybersecurity Risk Consulting (one hour). Plus discounted rates on services. These services include security audits, vulnerability assessments, and penetration testing.

I know an hour doesn't go far, but it's a start!

The site also includes an "Incident Roadmap" that can be used as a starter for building your own incident response. And there are sections for news, legal updates, risk assessment tools, and more. There's also some good training from some brand names you've seen before.

Two lessons from this excursion into my insurance policy:

1) Thumb through your policies and see what services you might have available to you for the money you're already paying. And if you're not willing to do that, call your agent and ask them to go fishing for it.

2) If you've been putting off "dealing" with the cybersecurity threats to your business as well as your clients, it's really time to dig in. At least protect your company, your data, and your butt.

Comments welcome.


About the Author

Karl W. Palachuk, is a technology consultant, author, speaker, trainer, and coach. He is the author of fifteen books. He has built several successful businesses, including two managed services companies. His books include Managed Services in a Month and The Network Documentation Workbook. Karl is a frequent trainer and speaker in the SMB Community. His popular blog can be found at He has more than twenty years experience as an I.T. professional and serves on advisory panels for several hardware and software companies.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.