Q&A with Joseph Talmadge
Joseph Talmadge, Vice President, Technology Practice Leader, Heffernan Insurance Brokers
Q
What are some of the technology risks that small businesses overlook?
A
Many small businesses are utilizing third-party software companies, oftentimes larger companies, to help run their businesses, primarily for payment processing and administrative services. To the extent that another company hosts the technology infrastructure for a small business, there can be risk that was not considered because the small business is focused on its core competency. Oftentimes, little thought goes into the risk management standards of the partners that a small business is doing business with. An easy example is any company using a credit-card processing system or an HR and payroll admin system.
There are several large companies that run HR and payroll software and house personally identifiable information, and there are many emerging payment-processing companies. These software companies provide a valuable service. That’s great and it makes life easier, but how many small companies are actually asking for the details of the E&O policy for these software companies or the PCI compliance of their payment processor? Most small businesses don’t ask.
Also, it is quite common today to have a cloud platform being used on the back end to run whatever service the business is providing. If that third-party service goes down, has the question been asked: what’s my business interruption risk? Your traditional business interruption insurance simply will not cover this. As a small business, they may not have thought about how another company’s system going down might impact theirs.
Q
What about data security?
A
Everyone is trying to go mobile. Everyone is trying to employ some kind of software to help their business run more smoothly. Most don’t have the funds to do it themselves, so they bring on a third party to do it for them. While the trend is changing, we’re still seeing that most small businesses don’t ask about data security compliance or standards or insurance limits for data security from their partners. If that partner’s system is breached or is not in compliance with the standards of the law, that small business can absolutely be at risk, depending on the services being provided.
