One of the largest retail data breaches in U.S. history occurred at Target Corporation during the 2013 holiday shopping season, exposing the personal financial information of 40 million shoppers.
While this highly publicized data breach affected a well-known retailer, the threat to franchisees of all sizes should not be ignored. Any franchise is vulnerable to data breaches, even if it follows strict data security protocols.
Cyber sales are a critical and growing source of annual revenue for many franchises. With every “click” of the purchase button, shoppers put themselves at risk of having their personal information stolen – a risk that is typically absorbed by the businesses from which they are buying. To protect your business against cybercrime, it is essential to take a proactive approach and have the right kind of insurance coverage. Every franchise has its own unique needs and risks, but there are some general guidelines outlined below that can help manage that risk and protect a store and its online commerce:
IDENTIFY THE CRITICAL INFORMATION A BUSINESS HAS, NEEDS AND STORES
Analyze the threat to that critical information. Questions to ask include:
• Does your franchise have an online sales component? If so, are you protected against the increasing threat of cyber risks?
• Is sensitive customer information stored on site?
• Do you have adequate protection if your website or online sales tools are compromised?
EVALUATE THE VULNERABILITIES TO YOUR FRANCHISE THAT WOULD ALLOW A CYBER-ATTACK ON THAT DATA, AND ASSESS THE IMPACT OF THE ATTACK.
Develop countermeasures to prevent and mitigate damage in the event of a cyberattack by having sound response strategies in place. Such measures include:
• Evaluating the security settings on software, browser and email programs.
• Using one computer for online banking needs and using SecureID protection.
• Monitoring use of mobile devices and public Wi-Fi access for employees.
• Storing critical information through a remote server.
DEVELOP THE PLAN, IMPLEMENT IT AND COMMUNICATE IT TO LEADERSHIP AND EMPLOYEES SO THEY KNOW THEIR ROLE AND RESPONSIBILITY. TEST THE PLAN PERIODICALLY AND REVISE AS NECESSARY.
While it is important to develop and implement safeguards against cyber criminals, these plans are most effective when combined with the proper insurance coverage designed to address cyber risks. Coverage typically includes liability protection for when customers or
others who have been affected hold you responsible for information stolen during data breaches or other network intrusions.
A cyber policy also can include coverage for forensic investigation, litigation and remediation expenses associated with the breach as well as regulatory defense coverage, crisis management or public relations expenses, business interruption and cyber extortion.
Cyber risk is a very real issue that can impact your franchise and have a lingering effect on the business’ ability to operate. Taking the proper risk management steps, as well as obtaining the proper insurance coverage, will help ensure that your business’ bottom line is protected.
1. Ponemon Institute Appendix 1: Summary of Lost Laptop Framework
Anne Dee, CPCU, is the Executive Vice President, Strategic Planning and Integration for HUB International Limited, a leading global insurance brokerage. HUB helps franchises become properly insured, and its centralized insurance program for franchises takes advantage of the power of group buying to provide the best possible coverage – at the lowest possible cost of risk.