Presenting

Extra Features and Video Online FloristsReview.com R E A D O N L I N E 49 Wire transfers are not the only electronic payment method at risk. ieves can also use stolen ACH numbers to steal funds. Banks off er a number of services to stem losses. An ACH block will prohibit all ACH transactions for a specifi ed account. An ACH debit block prohibits only transactions initiated by payees. An ACH fi lter allows ACH debits to only those on a designated list. An ACH alert triggers a notifi cation when an ACH debit arrives, enabling a staff member to accept or reject. "I suggest putting ACH debit blocks on all accounts where debit activity is not needed," says Schaeff er. "Limit ACH debit activity to one or two accounts, and check those accounts each day. Businesses have 48 hours to notify the bank of any unauthorized transaction." (Consumers enjoy a 60-day notifi cation window). Damaging Malware So far, we've addressed fast-growing security breaches stemming from social engineering, but cybersecurity experts suggest that businesses also take the following measures. All of them can help reduce the chances of being hit with ransomware, a form of malware that requires targeted businesses to make costly payouts to either regain access to encrypted data or prevent the release of business information to competitors: 1. Beware of malware-ridden emails. Phishing emails trick recipients into clicking a link to a toxic website or opening a compromised attachment. e result is the installation of a keylogger software that collects keystrokes for critical bank account information. Solution: Train employees to handle all emails with suspicion. 2. Update hardware. Old computers and routers off er access points for hackers. "Anything older than, say, 15 years was designed without security in mind," says Jackson. While no business can eliminate the risk of cyber fraud, insurance can save the day when a breach occurs. Many common commercial general liability (CGL) policies already address some areas related to digital transactions. Security experts, though, advise seeking better protection. "Cyber coverage in existing property polices is often limited," says Robert M. Travisano, an attorney in the New Jersey and New York offi ces of Epstein Becker Green. "Moreover, policies can differ from carrier to carrier, so shop around for a dedicated cyber policy." The typical cyber policy will cover money lost to cyber thieves. In the event of customer data loss, policies may cover breach notifi cation, credit and fraud monitoring services, and the costs associated with restoring and recreating data, as well as with hiring a PR fi rm. Especially important is coverage for business interruption. "Statistics show that most businesses are not back to normal operations for at least one month after an attack," says Diane D. Reynolds, partner at New York-based law fi rm McElroy Deutsch. Even the best dedicated cyber policies may have potentially costly coverage omissions. "If you have a policy but haven't closely checked it lately, you may not have the coverage that you think you do or that you need," says Mary S. Schaeffer, president of the accounts-payable consulting fi rm AP Now in Newark, Del. What seems like good coverage at one point may not look so attractive down the road. "As cyberattacks evolve, so will insurance," says Jessica Averitt, partner in the Houston offi ce of law fi rm Baker McKenzie. "Companies need to review their policies to ensure adequate coverage in the post-COVID-19 world. For example, a few years ago, provisions related to ransomware were rare. But after some recent high-profi le attacks, such coverage is more common." The good news is that more carriers are entering the fi eld of cyber insurance, increasing the competition for customers and improving terms and premiums. With a decade or more of loss history to analyze, carriers are fi ne-tuning their premiums to make policies more attractive. "I have not seen any policies in the past year or so that I thought were overpriced," says Reynolds. An important caveat: The terms of a cyber policy will be invalid if the covered business cannot illustrate compliance with a good security plan. Insurance companies are tightening the screws in this area. "We are seeing more carriers who will not even issue policies unless a business has security controls validated by a third party," says Eric Jackson, a consulting member of the cybersecurity team at the Princeton, N.J.-based business advisory fi rm Withum. "And when an incident occurs, carriers will often send inspectors to investigate the insured's security posture before paying a claim."

• Cover