Helping Protect You Against Cyber Risks
With Promutuel Insurance, your business automatically receives privacy breach insurance, which provides coverage in the event the confidential data belonging to your customers, employees, or partners is compromised. This is our way of helping you overcome the new technological challenges facing your business.
Does my business need cyber insurance?
All businesses in Québec are responsible for protecting the employee, customer, and partner information they have. Unfortunately, no business is immune to computer breaches, which can be caused by malicious attacks or human error.
What does privacy breach insurance cover?
Our privacy breach insurance for businesses covers:
following an incident (for example, to alert your customers to the unauthorized access to their personal data)
Loss of business income
due to a breach
Free access to online tools and advice
from our partner specialized in business data breach recovery and prevention
WHAT YOU CAN DO TO PROTECT YOUR BUSINESS
We’ve compiled a list of best practices you can adopt to lock down IT security at your business.
Manage permissions and passwords
Strong permission and password management allows you to ensure only the right people—and no one else—can access your systems and data.
- Your employees should not share accounts. Each person should have their own.
- Permissions should be granted according to employee responsibilities. For example, a production employee shouldn’t have access to HR data.
- Whenever employees move on or change positions, make sure to revoke or adjust permissions accordingly.
Use strong passwords
Following strong password guidelines helps you avoid identity theft, which can lead to loss of control and data leaks.
- Passwords should be unique for each system or service.
- They should also be complex: as long as possible, with upper and lower case letters, numbers, and special characters.
- Passwords should not be easy to guess or contain words or dates.
- Change them regularly, especially if they protect critical data.
- Do not share passwords or write them down. If you do write them down, store them in a safe place. When in doubt, change them!
Keep software up to date
The most common attacks target software flaws, which is why developers regularly include security patches in their updates.
- Your software and operating systems should be licensed, which ensures they’re supported by their developers.
- You should promptly install security patches released by developers or other reliable sources.
Install security programs
Complete security programs (antivirus, firewall, antimalware) help limit IT vulnerabilities and prevent hackers from exploiting them.
- Antivirus software must be installed on every workstation and server. It must also be up to date and running at all times.
- Operating systems often come with a free antivirus option. We recommend installing this option at the very least.
- Your security software should perfectly match your business needs. Do your research, evaluate each solution, and opt for the most effective one.
Make a secure backup of your data
Having access to a backup of your data in case of a major problem (whether due to a malicious act or not) will get you back up and running as quickly as possible.
- Back up your (valuable) data as regularly as you can.
- Backups should be done and stored separately from the source data.
- Backups should also be properly protected to avoid information leaks.
Store data securely (DVDs, flash drives, etc.)
Information leaks are often related to data storage that isn’t secure. You need to protect the devices you use to store your information.
- Storage devices should always have effective IT security measures.
- Whenever data is being transferred, it must be fully protected.
Control physical access to your data and systems
You don’t need to worry about just virtual flaws. Physically securing the premises where your IT systems, storage devices and confidential documents are located is important, too.
- Visitors should not be able to walk around unaccompanied or without being identified and receiving permission beforehand.
- Desktop and laptop computers must be secured to prevent unauthorized use or theft.
- You should limit and carefully control physical access to your servers and critical systems.
- Paper records containing sensitive information should either be protected (for example, in locked filing cabinets) or properly destroyed (with a shredder or other method).
Educate and train your employees
Cyber threats are often related to human error or carelessness. You can greatly reduce these threats by educating and training your employees.
- Unusual requests or emails should always raise a red flag.
- Employees should never open attachments in unusual or suspicious emails unless they’re sure they can be trusted.
- Employees should never be tempted by contests that seem too good to be true.
- Employees should never use professional computers or email for personal use (shopping, dating sites, mailing lists, etc.).
- Regular guidance from IT security experts can help you maintain your best practices and ensure they are up to date.