The digital threat: How brokerage can mitigate cyber liability

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mpamag.com/news/the-digital-threat-how-brokerage-can-mitigate-cyber-liability-26340.aspx

Cyber attacks resulting in theft are a growing risk for organizations.
Cybercrime can be an issue for any sized organization that has care,
custody or control of any confidential information, whether in electronic
or paper format, as well as any company with a computer system or website.

In the new normal of the online world, companies need to take steps to
protect themselves against the financial loss that can result from online
attacks. The cost of recouping the damages of an attack and the cost of
investigation can build and result in significant financial loss for an
organization.

However, there are important steps organizations can take to reduce the
risk of cyber attack on client files.

Here are some tips to mitigate the risk of cyber attacks for your mortgage
brokerage and clients.

1 Any company with web-based servers should be tested frequently. Have the
IT department perform automated scans of the web servers on a monthly to
semi-monthly basis. Smaller companies should enlist the help of an external
IT firm to assist with the testing.

2 Increase awareness and educate senior management and employees by
subscribing to newsletters, magazines, blogs, Twitter feeds and Facebook
groups with information on protecting your network from cybercrime.

3 Educate and train employees every few months on the risks of cyber
attacks and data breaches. Remind them by sending monthly emails or have
monthly discussions or seminars about the damage that can be done by
opening unsolicited emails or attachments, loading software programs
brought in from the outside and not protecting their passwords.

4 Passwords should be changed on a monthly basis by the company.

5 Monitor anti-virus software and ensure it is always up to date.

6 Company devices such as smartphones, tablets, laptops on which corporate
resources, email, applications and file sharing place sensitive information
at huge exposure. Procedures should be in place for when the devices are
stolen or when an employee leaves the company.

7 Institute procedures to document the types of data collected by the
company and where it is stored.

8 Determine what the cost would be should the organization lose data. Set
aside a budget dedicated to recouping the loss.

9 Conduct a risk analysis, either in-house or through a third-party
company, to determine how susceptible the organization is to data loss and
in which areas. The organization may be at greater risk in a specific area,
such as cyber theft, accidental deletion, hardware failures or other risks.

10 Institute loss prevention measures, such as backing up all your data at
an off-site location or cloud server.

11 Provide employee training and assess which employees have access to
sensitive data. If the employees have access to personal data, ensure they
are properly trained on data protection protocol.

Cyber liability insurance
Even with the proper precautions in place, human error, accidents and
malicious attacks are still a possibility. Therefore, it may be important
to ensure your brokerage is properly covered with a comprehensive insurance
product.

Cyber liability insurance provides both third party liability and
first-party computer security coverage for emerging data security and
privacy exposures facing Insurers today. Standard policies generally
include a broad form policy wording offering coverage for security failure
or privacy breach by paying the cost for privacy notifications, public
relations and other services to assist in managing existing and preventing
future breaches.

Additionally, policies can offer
coverage for regulatory defences and penalties, cyber extortion,
first-party data corruption, first party business interruption and crisis
management. Some insurance companies provide a hotline with the purchase of
a cyber policy where the insured would have 24/7 access to a call centre
for claims reporting as well as any guidance or questions with respect to
data breaches. Other markets may provide consultation with a breach coach
and breach response team to prepare for cyber attacks.

As cybercrime has grown to be one of the four most common crimes in Canada,
it is increasingly apparent that organizations must protect their assets
and the assets of their customers against attack. Instituting
organizational policies related to data security is the first step towards
mitigating the potential costs of cybercrime.

Mortgage brokerages, given isolated security breaches over the years, are
particularly proactive about protecting client files against cyber attack.
But that must also be translated into action.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!