Steps to Take After an Insurance Data Breach
You're worried that your data has been breached, or you know that it has happened. What do you do now? If you're managing an insurance agency and your data has been breached, here's what to do next.
Can Your Company Be Breached?
Whether a data breach occurs because an employee misplaces a piece of computer hardware or sends a document to the wrong person or because your company has been hacked, any company can suffer a data breach. It doesn't matter how small you are or how well you think you're protected. According to The Globe and Mail, "Guarantees that systems are hack-proof mean less and less these days, as damaging cyberattacks on Equifax, Yahoo and the U.S. Securities and Exchange Commission, among many others, have shown." With one in four organizations predicted to suffer from a cyberattack in the next ten years, it's quite possible that you could experience one at your agency.
What to Do If You Experience a Data Breach
What should you do if you discover a data breach? First, determine whether you can continue operations as they stand or if you need to shut down some parts of the business until you can make them more secure. You don't want to continue to leak client information.
You need to communicate with everyone about the breach. This includes your clients and employees, but it also includes having a plan for media communication, for example. Being prepared for that communication can save you a lot of time and can prevent you from making poor communication choices as well. Make sure that you communicate in writing in addition to communicating through the media. Specify what actions you are taking to remedy the situation and how clients can make sure that they are secure.
You also need to contact your legal team so that you can discuss the legal ramifications of the data breach. It's better to get steps one through three ready in advance so that you are prepared if you discover a data breach. That way, you can feel more confident navigating this difficult time. Get to know your state's laws about data breaches and know that in many states, "If you notify more than 500 customers about a breach, many states will also require you to file a notice with your state attorney general’s office," according to Fortune. It can also be helpful to notify local and federal authorities.
After you've moved through the initial communications and shutdown, do a more thorough post-mortem. Examine whether there were any processes that led to the data breach. For instance, if the breach was due to a lack of encryption, make it a policy to encrypt your data and work with companies that do the same. Look at the training you give your employees and examine the processes, security, and training at the companies who are your partners. Use a forensics team to conduct testing for your weaknesses.
Prepare for the future. Yes, having a data breach now means that you'll be more careful in the future, but it could happen again. After you've honed your training, your hardware and software, and your corporate processes, protect yourself with E&O insurance as well.
At Amercian Agents Alliance, we care about your insurance agency. That's why we offer E&O insurance and opportunities to train and share information so that you can boost your agency's cybersecurity. Are you curious about how you can protect and grow your insurance agency? Contact us today.