In just the first half of 2019, there were 3,800 publicly disclosed data breaches, which exposed 4.1 billion records. This is a 54 percent increase compared to 2018, and the frequency of these attacks is expected to continue rising in 2020. Sixty to 70 percent of all data breaches warrant public disclosure, which could be extremely harmful to a company’s reputation and finances, and 43 percent of data breaches are internal, so businesses must be ready to take on any cyber challenge, whether it’s coming from internal or external sources. This harsh reality is forcing SMBs to evaluate their data loss prevention tactics, IT infrastructure, network security, and insurance policies, in order to protect their own well-being, as well as that of their clients.
What is DLP?
Data loss prevention
, or DLP, is a set of tools and processes used by a network administrator to ensure that sensitive or critical data is not lost, misused, or accessed by unauthorized users. For example, it may prevent an employee from printing out certain documents or logging into the company email from a personal device and viewing protected files.
If your SMB collects and stores Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card information (PCI), then your company is most likely subject to compliance regulations, such as HIPAA and GDPR that require you to protect that data. Other reasons
a company may invest in data loss prevention include gaining the ability to track and see how individual employees interact with data, protecting intellectual property and trade or state secrets, or remediation of insider threats.
Why DLP is Important in the Insurance Industry
While industries such as healthcare and finance tend to be bigger targets for cyberattacks, there has been no shortage of recent insurance data breaches
. Industry giants Aflac, Anthem and First American have all experienced leaks in protected client information over the last few years, which cost them millions to rectify.
It is imperative that insurance agencies make data security a priority and protect themselves from potential hacks. Cloud security company, CloudSecureTech, points out that “Cyber criminals know that independent [insurance] agents frequently handle highly sensitive information, yet have very few measures in place to protect their customers from cyber-attacks.”
As an insurance agent, your clients are relying on you to protect their physical assets, but it is also your legal and ethical duty to protect their personal information as well. That is why your network security should be a top priority at all times.
How to Prevent a Breach: Cyber Insurance Best Practices
SMBs are easy targets
for cybercriminals because their defenses are not as advanced as those at larger companies, such as Bank of America, which has a $400 million annual information security budget. This is why it is essential to put cyber insurance best practices in place to keep your customers’ data safe and secure. These data loss prevention best practices include:
1. Establishing a cybersecurity policy and then properly training and retraining employees so that those policies are ingrained in the company culture.
More than 95 percent of data breaches occur behind firewalls, and they are usually the result of an employee’s mistake. Investing in your employees’ network security education could save your company from significant unexpected costs and damage to its reputation.
2. Performing better, well-rounded background checks on employees.
As stated above, most data breaches occur behind a company’s firewall and are the result of mistakes or intentional sabotage. Taking the time to dig a little deeper into a potential employee’s past could save you a lot of stress and money later on.
3. Deploying backups frequently, or continuously, if possible.
and getting systems back up and running with little to no disruption is crucial to saving you money and keeping your clients happy in the event of a disaster. Therefore it is essential to have the most up-to-date backup as possible, at all times.
4. Encrypting company records and confidential data.
Encryption is an easy way to keep your business records and personal client data safe from prying eyes. This practice maximizes the protection of your information, regardless of its location—on the cloud, a device, or in transit.
5. Performing frequent tests of your system re-imaging process and latest backups.
Testing your backups is a critical step in data loss prevention that is often overlooked. Unfortunately, having a system re-imaging or backup process in place can lead to a false sense of security. So, it is important to make sure those processes are working at all times.
6. Utilizing network access control (NAC) and managing the use of personal devices.
NAC allows businesses to dictate which devices can access their networks, and establishes prerequisites for connected devices, such as having up-to-date antivirus software. With NAC in place, you can prevent employees, contractors, clients, etc. from intentionally or unintentionally using a personal device to sabotage the company.
7. Consider investing in a cyber insurance policy.
According to the World Economic Forum’s Regional Risks for Doing Business 2019 report, a cyberattack is the number one risk for businesses in North America and Europe. SMBs protect themselves with general liability and workers compensation policies [consider linking to internal blog post: Top Insurance Policies Technology Consulting Businesses Need], but the time has come to consider adding cyber liability insurance
, as well.
Before you invest in a cyber insurance policy, there are a few things
you should know:
- Cyber insurance is a reality of future business growth. More and more companies are requiring their business partners to carry insurance for compliance and regulatory purposes. It is wise to have a policy in place before seeking new business.
- Insurance is not a replacement for security. Just because you have health insurance, doesn’t mean you stop washing your hands and taking vitamins to prevent illness. The same applies to protecting your network and data. Before you look into cyber insurance, your company should invest in a network security program to reduce your risk of an attack. After all, your insurance policy may reimburse the financial cost of a data breach, but it will not reverse the damage to your company’s reputation.
- Establish compliance before coverage goes into effect. If a breach occurs while the requirements of your policy are not being met, your coverage could be nullified and you will be left to deal with the repercussions without the help of insurance.
Build a Network Security You Can Trust
With extensive knowledge of cybersecurity and both data backup and disaster recovery, Alexant is an essential partner in the effort to protect your network. We will help you to navigate your company’s cybersecurity and data loss prevention plans to find the best solutions for your unique needs.
Managed Security Services
We offer fixed-fee managed security services that include full support and management of your company’s security elements, including desktop clients, servers, and firewalls; as well as policy development, implementation, and management.
Network Security Assessments
Our network security staff utilizes their background to perform network security assessments and determine the security of your network. There are two major types of assessments we perform to ensure a pain-free and effective evaluation process:
1. Vulnerability Assessment.
This basic security audit will examine the status of your network from the inside and/or outside and produce reports revealing at-risk areas and changes that need to be made.
2. Pen Test.
This in-depth audit goes beyond the restraints of the Vulnerability Assessment to include more comprehensive external, internal and social testing. It will locate weak links in the network system to reveal the areas where a hacker could invade.
Data breaches are an unfortunate reality of the 21st
Century, however, with careful planning and investment, you can protect your company and clients from exposure. Invest in your company’s data loss prevention strategy by learning more about our Network Security Services