October has been selected as National Cyber Security Awareness Month. Over the past year, we have seen a rise in Ransomware attacks that have crippled hospitals, municipalities and even insurance agencies. Ransomware attacks lock down your network preventing access to your data until a ransom is paid to the attackers usually via Bitcoin or gift cards. As hackers become more sophisticated in their methods, we can only expect these attacks to increase. One of the ways hackers get access into business data is with Phishing attacks. These attacks appear to be emails from a respected source however, they are trying to get users to click on a link that will download malware into their computer systems.
South Carolina, Ohio, and Michigan have now adopted the NACI model law that focuses on insurance-related entities protecting Personal Identifiable Information (PII). Currently, all 50 States have now issued Data Breach Laws requiring businesses to notify their clients if a data breach occurs. Cost of Data Breach notification varies, but the average cost in 2018 was around $242 per customer. If your agency has a few thousand customers, this can become an expensive ordeal.
Protecting your client data is the first defense. Having a written information security plan (WISP) for your business is important to the security of the data. The first step in a security plan is to identify your potential risks. So, completing a risk assessment on your agency is essential. As you create your agency WISP, it should include Technical, Physical, and Administrative Safeguards. Below are a few ideas for helping your business protect your client’s personal data.
- Mandate strong passwords, and don’t share passwords.
- Install a Firewall.
- Update your anti-virus and anti-spam software daily.
- Limit access to the Internet where appropriate.
- Use Secure Sockets Layer (SSL) or another secure connection.
- Lock up personal information stored in paper files.
- Annual training of employees
- Physically secure PII
Resources are available for agencies to assist them with the development of a WISP. IIANC has created two offerings for agencies to assist in the development of a WISP. The first option is a Do It Yourself platform that assists agencies with needed documents and videos to instruct them on creating their own WISP. The second option provides consultant resources with a more hands-no approach. Also, the Agency Council for Technology has available resources on the IIABA ACT website. Below are links to this information.
ACT – Cyber-Security Information
IIANC – Written Information Security Plan Offerings
Please don’t hesitate to reach out to me at firstname.lastname@example.org if you have any questions on how to keep your agency safe!