IDENTITY THEFT and CYBER LIABILITY
I was just reading an article from Risk and Insurance written by Anne Freedman that said the biggest issue facing Companies in Risk Management right now is Risk of Brand and Reputation. I thought about the problem Target had with the security breach and how it was a long hard job to solve this issue and then regain the trust of its customers. Some companies will actually go bankrupt from the monetary cost and loss of customers. We started asking ourselves, "How safe are we?" It isn't good enough to just assume everyone in your company is following the same rules and workflows when it comes to our private information and our customers'.
Here are 13 questions you might want to ask yourself:
1. Do the computers have strong passwords that change regularly?
a. Passwords should contain capital and lower case letters, numbers and special characters.
2. Do you have laptops, mobile devices, smart phones or thumb drives that leave the office?
a. Make sure all are password protected
b. Make a decision to NEVER have customer information on thumb drives as they can be easily
lost or stolen
c. Never leave laptops or mobile devices on a car seat or anywhere easily seen. Lock them in the trunk or take them with you.
3. Do you have a trusted 'IN THE CLOUD" management system that also has a new set of ever changing passwords?
4. Do you have a server outside your office that is secure?
5. For an online desktop, is there another strong password to get into your customer and company information?
6. Do you bank online? How secure is the log in?
7. Do you keep passwords in or on your desk? Do you have them on sticky notes on your monitor or in a file on your desktop labeled "Passwords"
a. No passwords should ever be that easy to steal.
8. DO you have any customer information in or on your desk or files? Are you drawers or files locked?
a. These can still be broken into so it is not preferred.
9. Do you scan all items into your management system on your computer and then shred the paper that same day?
10. Do you have any of your business info in your desk drawer that would contain your credit card number, checking account numbers or routing numbers?
a. Hopefully this answer is a big NO.
11. Do you send any personal information through email?
a. Invest in a secure password protected encryption software for sending personal information. We have R-Post in our Management System that can also ask for a signature and it can be sent back securely as well.
12. Are your bills and personal info accessible only to administrators or to all in the office? Are check signers the same as ones making out the checks?
a. Recommended would be at least two people that share the accounting tasks so that there are good checks and balances.
13. Do you have good virus and malware protection?
If so... GOOD START! We took a good first step to tightening our belts for security, but there are so many things that can still go wrong. Can someone hack into our system, break into our office and get info off computers? Can we get computer viruses and malware despite our best efforts? Sadly, there is ALWAYS the possibility of something going wrong. Even in the best offices and with long time trusted employees, we have seen claims of money being slowly taken out with no one detecting anything until it has gotten to a serious end.
What do you do when you think you have done all you can? Ask CLH to quote Insurance for Identity Theft for homeowners and Cyber Liability for businesses. This gives you the peace of mind that IF, despite your best efforts, you have a security breach, that you won't be out the HUGE expense and time it takes to recover from an event that might otherwise close your doors of business.
I hope this gets you asking questions, too!
From the desk where no password sticky notes reside,
Kathy Hembree, Agency Support Manager
Here are some helpful resources:
Risk and Insurance
Steve Anderson on Data Security
Identity Theft/ Cyber Liability:
Guarding your WiFi
Shield Info from Thieves
Credit Card Breach