toppane-house.png

Your center for insurance and risk management tips, news and trends.

Cyber Security for Professional Service Agencies: 5 Ways to Protect Clients’ Personally Identifiable Information

Posted by Parker Beauchamp on Mar 25, 2015

This is the second installment in a three-part series on agency cyber security and risk management. Check out our first post on how to protect clients’ social media accounts and online reputation.

flickr-data-security-337449-edited2014 was appointed as the year of the hack. Each attack, from the Sony cyber breach to the long string of celebrity iPhone breaches, was cringe-worthy, and as we move through 2015 businesses are worried about what the future of cyber attacks will hold.

After the scare of last year’s high profile hacks, the U.S. government is developing a new agency titled the Cyber Threat Intelligence Integration Center (CTIIC) to monitor cyber security threats. Finally. 

While cyber security appears at the top of recent news headlines, this is by no means a new issue. Big corporate cyber loss dates back to 2006, when AOL accidentally released a compressed text file containing twenty million search keywords. This included queries with personally identifiable information (PII) for more than 650,000 users over a 3-month period. Since then, big names in data loss include TJ Maxx, Sony (the first time), Adobe, Ebay, Target, and AOL again in 2014. 

A company’s data breach can result not only in financial loss upwards of $150 million, but also great loss in customer loyalty and brand reputation. Most importantly, it means compromising customers’ trust and safety.

The same liabilities that exist for businesses exist for their third-party partners, such as PR, marketing or advertising agencies who also have access to their clients’ customer databases and PII. And in the unfortunate situation a breach does occur, the proper cyber insurance is needed to buffer financial losses and liabilities. Bare minimum, your agency will need coverage against fraudulent credit card charges and breaches of client and customer confidential information.

The demand for companies of all sizes to adopt cyber-related preventative services is growing; agencies can use their crisis communications know-how to help develop a defense plan to ward off cyber attacks.

Here are some risk management methods agencies can use to prepare for the dreaded data breach:

  1. You don’t know what you don’t know. Cyber hacking increases in sophistication and ruthlessness every day, and knowing tomorrow’s potential casualties is nearly impossible. Following the news and new threats will keep your agency leaders nimble and aware of conceivable losses. 
  1. Implement an agency-wide security standard through end-user security and awareness training. Promote a company culture that is security-minded. When employees are educated on cyber threats and potential risks, it helps eliminate mistakes that could lead to a breach and provides your team with the knowledge to catch suspicious behavior ahead of the game. 
  1. Though a little old school, proper hard-copy record management and disposal is still relevant. Never leave sensitive information in an easily accessible space, such as on a desk or in an unlocked file. Always shred sensitive documents before tossing into the recycling bin. 
  1. Laptop and mobile theft is a real threat. Ensure your team has set up roadblocks into all areas of entry, including:                                                                                                                                                           
    • Password protected computer entry.
    • Password protected login to agency files or servers.

    Furthermore, establish standard procedures for reporting a stolen mobile device. Establishing rules will fend off liabilities on the agency if employees are required to follow lost property protocol.

  2. Work within primarily, if not only, secure and password protected Internet networks. Open Internet networks are easier to break.

    Relying on a reactive crisis management plan from a client data breach is not enough. Taking proactive steps to ward off data loss will significantly impact the bottom line if property is stolen.

    If a breach or suspicious activity arises, an agency should see the problem through with their client with transparency and conscious problem solving in mind. A few examples include:

    • Provide notice to your client immediately after data breach is realized. Be transparent about the breach and all possible losses.
    • Ensure the client and its customers are protected from further exposure.
    • Discuss next steps for crisis management and a proactive communication plan with your client’s customer base.
    • Be prepared to handle ramifications, including legal measures, taken against the agency for losing or exposing client information. 

Cyber thieves are more intelligent than ever, and the losses can cut deeply. Agencies cannot leave their clients alone to prepare and manage for cyber loss, especially when they hold the responsibility of equal access to personally identifiable information. 

Are you confident in your agency’s protection program against cyber attacks? If not, talk to your trusted insurance partner and discuss your insurance options, and risk management strategy, against cyber loss.

Stay tuned for our next post, "Cyber Security for Professional Service Agencies: How to Safeguard Your Clients’ Intellectual Property and Trade Secrets."

Image credit: Yuri Samoilov via Flickr

 

Topics: Business Insurance