Brian Kilcoyne | CISR, CIC President

Brian began working at H&K Insurance Agency in 1992. He is a Certified Insurance Counselor, and an exceptionally qualified insurance professional helping clients protect their assets, and create future financial security in all areas of insurance including property casualty, life accident and health coverages.

Brian is a sponsor of The New England Club Managers Association and specializes in helping golf clubs to manage risk and creates insurance plans to protect their clubs and members. He is a ferocious negotiator, working to ensure his clients receive the best possible coverage at a competitive price.

Brian supplements his professional efforts with extensive philanthropic involvement. He oversees H&K’s regular donations to countless charitable organizations at both local and national levels, and runs seminars for local communities on how to protect their assets with insurance contracts. When not working, Brian likes to do martial arts, skiing and watching his son go to battle on the wrestling mat.

In recent years, small businesses have suffered around 31% of cyber attacks. It’s clear that an effective data security policy is essential to avoiding these attacks, and in order for a policy to be effective there are key elements that must be included in the framework. In a world where 52% of breaches are caused by human and system failure vs. malicious intent, it’s imperative that the policy you create be shared and well-understood by all employees at your company. By incorporating the following key elements into your data security policy, your company will be in a better position to beat the odds.

1.     Safeguard Data Privacy
Your company’s privacy policy is a promise to customers to keep their information safe and secure. Employees must understand this, in addition to conforming to all applicable laws and regulations.

2.     Password Management
A password policy should be in place for all workers’ at your company who have access to sensitive information. A password should be complex, and is never to be shared.

3.     Internet Usage
When you hear “employee internet usage,” your first thought may be productivity. That’s valid, however, security should be just as much if not more of a concern. Misuse of the can put your business at risk, so you must decide how employees can and should access it.

4.     Email Usage
Accidental downloading of viruses and other malware is unfortunately commonplace. Be sure to set the standards on message content, encryption and file retention.

5.     Company Owned Mobile Devices
The minimum requirements of employees utilizing company-owned devices should include protecting their devices from theft, and password protection in accordance with your company’s password policy.

6.     Social Media
An active social media presence is an asset to a business. Just make sure that your employees dispense information within the parameters set by your company.

7.      Copyright and Licensing
Employees must follow copyright and licensing guidelines for the software that they use, and must also avoid new software without permission.

8.     Security Incident Reporting
All workers should know how to report incidents of breaches and malware, as well as any steps that can be taken to mitigate the damage.

In our next article, we will explain how to create a data breach response plan keeping in mind these key elements. For questions on cybersecurity insurance coverage, which works to protect your organization when safeguarding plans fail, please contact cybersecurity coverage expert Brian Kilcoyne, CIC. He is reachable by phone at (617) 612-6515, or by email at

I run a web design/development company and not only do I use H&K Insurance for our own cyber liability, but I frequently refer them to my clients. In today’s world it’s an important insurance coverage to have and Brian Kilcoyne and his team are experts at getting businesses the correct coverage that they need.

I’ve been an H&K insurance client for years.  I work directly with Brian Kilcoyne & Susan Bradbury.  They’re a knowledgeable and responsive team.  I’ve saved money, but more importantly have saved a lot of time by working with them.

Brian Kilcoyne is a pleasure to work with.  He is honest and incredibly knowledgeable about the insurance business.  I highly recommend meeting with him to see how he can help you or your business

In today’s workplace, it is more important than ever to be aware of the security risks that lurk at every corner of the digital space. Even more important, is having safeguards in place to protect against any threat, breach, or attack that may come your company’s way. Though no one method can be guaranteed foolproof 100% of the time, by utilizing practices for risk management, you are putting your company in a much better position to beat the odds. Here are our suggested best practices.

Encrypting Data
Encrypting data is crucial for keeping proprietary information as secure as possible. When data is stolen, encryption algorithms work to transform sensitive data into unreadable gibberish.

A firewall is a part of a computer system or network which is designed to block unauthorized access while permitting outward communication. It protects hackers from gaining access into a website, monitors applications, and can also be used to prevent employees from sending sensitive data and specific emails.

Virus and Malware Protection
Most companies already have these programs installed. For ultimate effectiveness, you must keep all programs up-to-date and maintain security patches.

For back-ups, be sure to use a combination of both cloud and off-site storage. Also, it is a great idea to test back-ups on a regular basis to reaffirm their effectiveness.

Review Access Control Policies
It may seem like common sense, but it is important to remember that administrative login credentials should only be given to key company personnel. A clear plan should be developed that designates which individuals have access to what information. Only grant access to data which is necessary to the user.

Collect Logs
Detailed logs are essential for security and troubleshooting purposes. For any application that doesn’t have internal logging, it is advised that you go in and add tools that can log those activities.

Beware of Social Engineering
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Make it a point to continuously train all employees on different types of social engineering attacks and “con games.” What may seem like an obvious scam to one person may not come across as such to another.

Outline Clear Use Policies for New Employees and Vendors
Dispense clearly defined security requirements and expectations to your workers from the beginning to prevent future problems.

Review New Compliance Requirements
Make keeping up-to-date on compliance matters a continuous practice. Doing so will not only keep you in the good graces of regulators but works to keep your company safe as well. There are many ways for a company to protect itself against a breach or attack, and the more safeguards that are put in place the better chance of avoiding a malicious event. One step that cannot be overlooked, is Cyber Security Coverage. When prevention fails, your coverage is what will truly keep your company protected. For more information, please reach out to our cyber security coverage expert Brian Kilcoyne, CIC. He is reachable by phone at (617) 612-6515, or by email at

Any step taken to protect your business against liabilities resulting from breached or failed technology is a step in the right direction. However, a business must be sure not to confuse policies and assume coverage exists where it does not.

Two policies that are commonly mistaken for the other are technology errors and omissions insurance (tech E&O) and cyber and privacy insurance. Although both policies contain a number of the same insuring agreements, there are key differences. (more…)

Confronting the possibility of a cyber threat affecting your business is a daunting, yet absolutely necessary task. It can happen to any business, large or small, at any time. Businesses that will thrive in the aftermath of an attack will have understood their risk prior, and made appropriate steps to protect themselves. Risk managers and insurance agents must work together to address exposures faced by the entity they have been enlisted to protect. (more…)

The Internet of Things is a concept that encompasses a multitude of complexities, and has become an increasingly hot topic in the workplace. If up to this point, the term has drawn a blank for you, don’t worry; you will just need to start with the basics. Here are 3 key points to help you in gaining a fundamental understanding, so that you may start the learning process and begin take part in the conversation. (more…)

Social engineering is a method that cyber criminals use to trick individuals into revealing confidential information to gain access to systems. Once obtained, that information can be used to carry out actions that could lead to the demise of your organization; a whopping 60% of small companies go out of business within six months of a cyber-attack. Fortunately, knowledge is power.  Here are the most common social engineering attacks to look out for. (more…)

get our helpful app here

H&K Has You Covered

get our helpful app
apple app store google play store