By Deena Coffman
A short list of trigger events are responsible for a large percentage of data breaches. The majority of exposures can be greatly minimized by focusing first on these areas. Also, these scenarios are a good starting point for agents and carriers working in the information security and data protection sectors when discussing policyholders’ risks.
1. Lost and stolen devices. It’s a problem when a smartphone, laptop or tablet containing sensitive corporate and customer data is lost or stolen. Even more so when the device contains login credentials with access to the company’s stores of personal identifiable information (PII), protected health information (PHI) and other confidential data. Thieves used to be interested in the equipment itself, but today they’re more interested in the data the equipment houses.
2. Mis-mailings. It’s all too easy for companies to send an individual’s personal information to the wrong person by email or slow mail. It often happens when delivering invoices, account statements and appointment reminders. For a mass mailing, if the labels and contents of the envelopes are off by even just one record, the organization could be looking at a wide-scale data breach.
3. Hacking. One lesson learned from the breaches at Target, Michael’s, and P.F. Chang’s? External threats are more prevalent than ever. Some hackers focus on specific companies while others look for systems with easy access. Internal dangers lurk here, too. Employees who are disgruntled or vulnerable, who have access to sensitive data, may use it for financial gain or to retaliate against the company or a coworker.
4. Backup malfunctions. Cloud backup services open another door for lost or exposed data if the vendor suffers any type of breach. Even companies using onsite backup appliances and conventional tape backups run the risk of a breach if the network is compromised or the tape’s chain of custody comes into question.
5. Third-party vendor breaches. Organizations routinely work with outside providers. Two commonly outsourced functions—payroll and benefits management—by their very nature hold PII. If one of those vendors suffers a data breach, the ripple effects throughout their client base can be devastating to your entire employee base and pose a system-wide risk.
6. Improper data disposal. Vast amounts of data are being generated today. Properly disposing of this information once it’s no longer needed has become a security weakness all its own. Be sure to have a secure disposal program so that medical records, old account information and other data don’t find their way into the Dumpsters.
For data security consultation or if your business has experienced a breach, please visit IDT911Consulting.com or call 1-866-296-1755. IDT911 Consulting experts provide practical solutions to help businesses avert, prepare for and respond to a data loss incident.
Deena Coffman is chief executive officer for IDT911 Consulting.