Have you Heard the one About the Data Breach?
Print this Article | Send to Colleague
Today, having information available whenever we want it is not just a convenience, it is nearly an expectation. To make this possible, practically every transaction is turned into data, which is collected, stored, and dispensed. We tweet and post our activities; cell phones and cameras record our location.
What’s going on at your business? How much information do you collect and store? Do you employ a group of tech-savvy individuals to design and maintain a "built to last" security wall? Do you regularly test your security measures to make sure they’re doing their job?
Maybe you’re of the mindset that "paper is safer." But, hard copies of your documentation need just as much protection as electronic files. Who has access to all that paper? How is it secured?
Forty-six states have passed data breach notification laws. Do you know the requirements of the state or states in which you do business? How will you react if you are made aware of an information breach at your company? Do you have a system of tracking the information that could be exposed in a breach?
Risk management tools and topics, in addition to insurance products designed to cover data breach exposures, are still fairly new to the market, but continue to grow in popularity based on the increasingly frequent reports of data breaches.
Specialized insurance is needed to fill gaps for this exposure in commercial policies, such as:
• Property coverage – Limited to computer replacement or safe/file cabinet replacement
• Liability coverage – No property damage or personal injury
• Crime coverage – Specifically excludes disclosure or release of confidential information
A basic policy would include:
Response Expenses Coverage – This coverage provides legal and forensic information technology review, notification and services to the affected individuals (toll-free help line, credit monitoring service, and identity restoration case management services).
Defense and Liability Coverage – Covers defense and settlement costs in the event of a suit brought by an affected individual.
Explore your individual exposures and work with your insurance advisor to find solutions based on your business’s needs.
While these products can provide coverage in the event of data compromise, wouldn’t you agree that, for the sake of your employees and customers and the reputation of your company, it is better to prevent a breach in the first place than to have to react after one has occurred?
Take the bull’s eye off your business
Keep Only What You Need – Reduce the volume of information you collect and retain only what is necessary, subject to record retention laws and company policies.
Safeguard Data – Lock private information in a secure location. Restrict access to only those employees who must use the information during the course of their jobs. Conduct employee background checks. Never give temporary workers or vendors access to employees’ or customers’ personal information.
Destroy Before Disposal – Shred personal and confidential files that are no longer needed before disposing them. This includes paper files, disks, CDs/DVDs, and other portable media. Deleting files or reformatting hard drives does not guarantee data is erased. Instead, use software designed to permanently wipe the hard drive. Or, physically destroy the drive itself.
Update Procedures – Do not use social security numbers as employee ID numbers or client account numbers.
Train Employees – Establish a policy regarding privacy and data security. Put it in writing and communicate it to all employees. Then, enforce it.
Control Computer Usage – Limit employee computer use to business purposes only. Do not permit employees to use file sharing peer-to-peer websites or software applications. Block access to inappropriate websites, and prohibit use of unapproved software on company computers.
Secure Computers – Implement password protection and time-out functions for all computers. Train employees to never leave laptops or smartphones unattended. Restrict telecommuting to company-owned computers. Require the use of strong passwords that must be changed regularly.
Security Software – Keep security patches for your computers up to date. Use firewall, anti-virus, and anti-spyware software, and update virus/spyware definitions daily.
Stop Unencrypted Data Transmission – Mandate encryption of all data transmissions. Avoid using Wi-Fi networks, as they may permit interception of data.
Manage Use of Portable Media – Portable media such as DVDs, CDs, and USB flash drives are more susceptible to loss or theft. Allow only encrypted data to be downloaded to portable storage devices.
You don’t need to do it on your own. Services are available to assist you in:
•developing an effective data breach response plan in advance of an event•understanding your risks and exposures•preparing your business to protect your client relationships and business reputation•providing ideas and resources for training your employees•managing the costs and minimizing the effects of a data breach
It’s really a choice of proactive vs. reactive. Your customers and your business reputation rely on your taking steps today to reduce or avoid the exposure tomorrow.
About the Author:
Federated Insurance is a preferred CIOMA partner.
To learn more, call your CIOMA contact Mike Russell at Federated Insurance at 1-800-533-0472, or log on to www.federatedinsurance.com.
This
article is intended to provide general information and recommendations
regarding risk prevention only. There is no guarantee that following these
guidelines will result in reduced losses or eliminate any risks. This
information may be subject to regulations and restrictions in your state and
should not be considered legal advice. Coverage for actual claims will be
determined by the individual policy terms and facts of the claim. Qualified
counsel should be sought regarding questions specific to your circumstances and
applicable state laws. © 2014 Federated Mutual Insurance Company
