What are the differences between the Complete and Essential compliance programs?
- Full Security Risk Assessment
- Extended questions
- More in depth discovery points
- Involve complexities of multi-employee businesses
- Allows assessment of multiple locations
- Compliance Workbook
- Designed for businesses who need a comprehensive compliance plan
- Provides best practices and generally accepted steps to create a personalized and complete compliance plan
- Can be modified as often as needed
- Is divided into sections and subsections to allow multiple users to complete sections of the plan, based on stewardship and expertise (ie. Technical, administrative, physical safeguards)
- Is partitioned to allow for varying portions of plan to be used in the event of an audit
- Employee Training
- Comprehensive LMS
- Training logs
- Segmented quarterly for ease of use
- Provides post-video quizzes Employee Training
- Video library is provided for single-user use.
- Breach/Incident Response Plan
- Included in the Compliance Workbook
- Allows for customized breach and incident response planning
- May be modified as needed
- Incident Reporting and Tracking
- Reporting tools for suspected or identified incidents and breaches
- Proprietary Policy Review System
- Review tools to enable modifications and updates to the compliance plan
- Basic Security Risk Assessment
- Abbreviated questions
- Relevant for offices with only 1 employee, 1 location
- Best Practices Guidebook
- Designed for single employee users
- Provides general best practices for most businesses
- Offers recommendations and insight into proper data protection protocols
- Employee Training
- Video library is provided for single-user use.
How long does it take to get started?
Typically, 2-3 minutes is all it takes to get signed up. Your user name and password will be sent shortly following so that you can get started on your compliance program.
What if I have more than 1 location?
That’s great! You can easily add multiple locations to your plan. Remember that best practices would recommend that each location should be assessed independently for security risks and a formal data compliance plan in place.
What if my employee’s change?
Change happens. The key with a compliance program is that all employees be properly trained on safeguarding your data. It is important that your company invest in your employees to ensure that everyone is trained and educated on data protection.
What are the terms of the contract?
The SyberSafe Compliance Program is a 12-month agreement. The policy automatically renews annually, unless you provide written notice 30-days prior to the date of renewal.
What should I do if I think that I have had a data breach?
Breathe! Follow your data breach response plan as part of your SyberSafe Compliance Program. Your response plan will guide you through the steps of who to contact, and what actions need to take place to mitigate the damages. (Also, if you purchased the SyberSafe insurance you can contact the “Red Phone” for assistance in assessing the potential breach.)
How is SyberSafe different from a compliance consultant?
Compliance consultants provide an extremely valuable service to help protect businesses. Unfortunately, consultants can also be cost prohibitive to small businesses who need their help but cannot afford the expense. SyberSafe provides an affordable, self-administered data compliance program, complete with security assessments, compliance workbook, breach response plan, and cyber liability insurance. Designed for small and mid-size businesses to provide them with the tools to create a level of education and protection against the threats of a data breach, all at a fraction of the cost of a consultant.
Are there any industries that don’t need SyberSafe?
Nope. All businesses who collect, store, transfer, or use consumer data are required to protect it. SyberSafe provides the framework to protect your business, your brand, and your clients.
Do I have to purchase the compliance program, or can I just get the insurance?
The SyberSafe program is designed for end-to-end coverage. This means you take the preventative steps to identify risks and protect your data on the front line and keep cyber data breach insurance on the back-end. Most businesses will be required to purchase the SyberSafe Compliance Program in order to receive preferred “compliant” insurance discount pricing.
Basics of Compliance
What does “compliance” mean?
Compliance is a term which means that you meet the requirements of accepted practices, specified standards, terms of a contract, legislation, or prescribed rules and regulations. Each business in the US is required to protect consumer data, although the regulations vary by state, industry, and regulatory oversight into their business.
How long does it take to become “compliant”?
Being “compliant” should be looked at in terms of an ongoing process, rather than a destination. Since technology, laws, and security threats change and evolve, so does your compliance program. Every business is different in terms of how they collect, use, and store data, therefore each business will likely have an individualized compliance program. Initially however, it may take anywhere from a few hours to a few weeks to get your program and compliance plan in place.
How will I know if I am really compliant?
Becoming “compliant” is a journey, not a destination. Generally speaking, data protection and “compliance” will vary by industry and regulatory agency. The SyberSafe Compliance Program promotes best practices across all industries and generally serves to ensure that a business is compliant, assuming you and your business abide by the compliance program and plan you create.
Do I really need a compliance plan if I am a small business?
Short answer, yes! Small businesses are breached at a higher percentage than medium and large businesses. Not having a compliance plan makes your business an easy target for an attack. (Besides, if/when you are breached, your compliance plan may be requested by attorneys, regulators, or auditors, to assess for negligence.)
Will I need to purchase anything else to be compliant?
Depending on the results of the security risk assessment, and your personal decisions for promoting the security of your data, you may choose to purchase additional tools and resources.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a data protection and privacy law for the European Union and its residents which went into international law on May 25, 2018. The GDPR provides strict guidelines on how organizations collect and processes data of EU residents and can assign fines and penalties up to $20 million Euro or 4% of gross revenue.
How does the GDPR affect businesses outside the EU?
Non-EU organizations that monitor the behavior of or offer goods and services to EU residents are required to comply with the GDPR. This includes any business with connections to the EU or EU residents through subsidiaries, vendors, or customers. (This means that everyone is affected by the GDPR.)
What is NIST?
The National Institute of Standards and Technology is a division of the U.S. Departments of Commerce which promotes innovation and industrial competitiveness, while supporting, regulating, and establishing set standards of measurement and precision. NIST created the Cybersecurity Framework to help businesses collaborate on best practices and lessons learned, as a way to help companies Identify, Protect, Detect, Respond, and Recover from a data breach or security incident.
Basics of Insurance
How does the cyber insurance work?
Cyber liability insurance provides coverage in the event of a cyberattack or data breach. The SyberSafe Cyber Liability Insurance offers coverages in the following areas:
- Privacy Liability
- Regulatory Claims
- Security Breach Response
- Security Liability
- Multimedia Liability
- Cyber Extortion
- Business Income and Digital Asset Restoration
- PCI DSS Assessment and more!
How do I purchase insurance?
Easy! Once you purchase the SyberSafe Compliance Program, you can simply login to your account, and select the “Purchase Cyber Insurance” link for discounted pricing.
Do I have to purchase insurance?
No. Cyber liability insurance is not required, but HIGHLY recommended. Typically, a general liability or E&O insurance policy will not provide adequate coverage for a data breach. Your SyberSafe, Cyber Liability insurance policy takes priority giving you an extra layer of protection, before your E&O and General liability policies, in the event of a breach and incurred costs.
When will my policy and coverage be bound/effective?
Your insurance policy can be bound within minutes of purchasing through the SyberSafe program.
What limitations in coverage exist in the cyber insurance policy?
None. You have full coverage’s under the aggregate total of your policy. Important to note that cyber terrorism coverage is not included but can be added as a terrorism rider to your policy for an additional cost.
Why is the SyberSafe insurance so much less than other companies?
SyberSafe Cyber Liability Insurance is priced at “compliance” pricing since our clients are deemed a lower security risk being part of the SyberSafe Compliance Program. (Simply put, because you’re taking steps to protect your data, it’s akin to putting a seat belt on your business. You’re less likely to get hurt!)