RiskProNet News

 

Control Distribution of Sensitive Docs to Minimize Cyber Risks

Make sure your clients are properly training staff on simple distribution control of sensitive documents.  That was the warning at a Cyber Liability Practice Group conference call, which focused on the latest trends in claims and an interesting real life case on a simple mistake on the handling of W-2’s.

W-2s are a prime target for identity thieves. One RiskProNet member related an unfortunate situation where a client had an employee who somehow sent a PDF of all the company’s W-2s to an employee rather than sending only the employee’s personal W-2. The law requires that all employees be notified that the security of their personal data has been compromised in such a situation. Surprisingly, human errors such as this are responsible for about 10 percent of data privacy breaches.

Other discussions included:

Some carriers, including Travelers, allow a free call with a data privacy attorney to determine whether action needs to be taken after a possible security breach. “Calling the legal specialist does not constitute notice under most policies. It helps to get the client’s IT people on board, too.”  (A Travelers representative made a presentation on this and other services at the recent Claims Practice Group teleconference.

Be Alert for These Concerns

Skimmers, small, almost-invisible devices that collect credit card data, are an increasing problem, particularly in retail stores.

Denial of service attacks are an issue for businesses where interrupted service can create a large exposure. Hackers will overload the website with requests, or create multiple queries for large amounts of data. At some point, servers will crash under the overload.

Notifications of software patches, particularly from Adobe & Microsoft, are another avenue for cyber criminals. Many people put off installing patches. The patch notification, however, alerts criminals to vulnerabilities.

Manufacturers are at risk from hackers who break into systems and control equipment remotely.

Timely reporting is a frequent concern, as some employees are not aware of reporting deadlines. A late report can results in denial of coverage. “Be certain that a C-suite person is aware of the reporting requirements and has the knowledge of internal security systems, particularly firewalls.”

 

RiskProNet Previous Posts
Subscribe to Member’s News