As data breaches become more of a day-to-day reality, knowing that you are at risk is only the first step. You must be proactive in your defense, and the VMLIP eRiskHub is here to support you in this. The Risk Manager Tools section provides you with many different options for shoring up your overall risk. In this article, we will highlight some of the tools we believe you will find most useful.
Data Breach Cost Calculator – Found in the ‘What If Modeling’ category, this educational tool can you give insight into what a potential breach could cost your municipality. In the grey box along the top, you answer some hypothetical questions, and the calculator will output the potential cost with line by line itemization of the costs.
To understand our calculations, mouse over the ‘?’ next to the line items to get information on our assumptions for these costs. If you decide you do not agree, you can deselect the check box for the row to set it to zero, and manually enter a cost if you prefer.
State Breach Law Summary and Guide – Found in the ‘Breach Notification’ category, this guide describes what notifications are required by the different states if your organization experiences a data breach. It is important to remember that notification requirements are based on where the victim of the breach currently resides. So, if a former employee leaves the state, and then your employee records are breached, you must comply with the former employee’s new state of residence as well as your own.
Sample Policies – A library of sample policies created by policy experts and leading law firms. These can be used as templates to create policies to fill in any gaps for your organization.
For instance, only in recent years has it become common practice for employees to have company e-mail on their smart phones. Does your organization have a policy in place for ‘Bring Your Own Device’? If not, you are welcome to use the eRiskHub’s ‘Personal Device Use (BYOD) Policy’ as a template.
A Guide to Data Breach Incident Response Planning – Found in the ‘Incident Response’ category, this tool is one of several that can help you develop a plan for a data breach response ahead of time. Having a plan in place can greatly reduce the steps needed to address an actual breach, and could be used as proof of due diligence.
Vendor Security Due Diligence Checklist – Some of the largest breaches have occurred not due to the organization that experienced the breach, but to third-party vendors with poor security. This tool, located in the ‘Vendor Due Diligence & Management’ category, can be used to give you a better understanding of the security safeguards your vendors have in place.
Expanded/Quick eRisk Self-Assessments – These two tools, located in the ‘Assessment’ category, are self-assessments you and your organization can take to get a better understanding of your current cyber risk.
Completing the self-assessments will provide you with a score card. These score cards provide you with your score as well as industry average scores to compare yourself against. Finding where your organization is underperforming can open up an internal dialogue of where you need to improve your cyber security.
If you have not registered for the VMLIP eRiskHub we recommend you do so today. Registering is free to all VMLIP pool members.
Directions for accessing the VMLIP eRiskHub® are available here.
After registering, you can access the hub immediately using your newly created credentials in the member login box located in the top right of the page.
Keep an eye out for our next article which will focus on assessing your cyber defenses and why that can help you prevent incidents from happening and provide you safe harbor from regulators and plaintiff attorneys when the inevitable cyber incident occurs.
VMLIP offers more than just coverage. We are partners in risk management. How does your insurer stack up? Having all lines of coverage with VMLIP ensures that your organization is receiving comprehensive coverage and a wide variety of value-added services tailored to Virginia’s local governmental entities. Call for a quote today: (800) 963-6800. For more information on VMLIP visit: www.vmlins.org or follow us on Facebook.
** VMLIP blog postings are offered for VMLIP members to utilize in strengthening their risk management efforts. See copyright information for clarification on sharing this information.