Data breaches are putting client data at risk. Here’s what advisers can do
LAS VEGAS — Traditional anti-virus and malware protection software may no longer be enough to shield clients from a data breach. As cybercriminals become more savvy, advisers need to consider new ways to keep client’s confidential medical and financial information safe from a cyberattack.
That’s according to Will Lynch, founder and CEO of Cybersecurity Risk Solutions, who argues if brokers don’t start thinking more deeply about how to protect sensitive information, they could cost both their clients and their agency money.
“As consumers we’ve often had this false sense of confidence that the companies we’ve chosen to do business with are keeping our information secure,” he said, speaking at Employee Benefit Adviser’s Workforce Benefits Mania conference. “A lot of these companies are losing customers because they’ve experienced a breach themselves.”
More than half of cyber attacks affect small businesses like independent brokerages and agencies, Lynch said. After a breach, these companies saw a cost of about $2.5 million in recovery, according to Cisco’s 2018 cybersecurity report.
“You’ve got limited IT resources and you’ve got limited financial resources,” he said. “Cyber criminals know this. You’re low-hanging fruit.”
To protect data, advisers should look beyond traditional software that provides basic antivirus or malware protection. Instead, they should set up a system that encrypts information from the moment it is typed on the keyboard. Keyloggers, or computer programs that can record data from a keystroke, are a common way hackers get a hold of confidential data. These are some of the most prevalent attacks, Lynch added, and keyloggers were responsible for data breaches at large companies including Target, Facebook and Anthem.
“When you have data that’s not encrypted from the keystroke, that’s an area of vulnerability from the keylogger,” he said.
Employees who work remotely or use simple passwords also put clients data at risk. It may be wise to implement a two-factor authentication system for all employee logins, Lynch said.
“No matter how many layers of cybersecurity is deployed, the employees are always the weakest link,” he said.
But employees aren’t the only ones that could create easy ways for hackers to access information — third party vendors are also a risk. Advisers need to be thoughtful about the kinds of vendors they use and comprehensively review all systems that will be analyzing client data, Lynch said.
“Third party vendors are probably the biggest source of data breaches today.
We have to do due diligence for the third party vendors we do business with,” he said.
Advisers should also educate themselves about the current regulatory best practices surrounding data privacy, from agencies including the National Institute of Standards and Technology and the National Association of Insurance Commissioners. Some states have moved to adopt their own laws, for example California’s Consumer Privacy Act.
Regardless, brokers should make sure they have good “cyberhygiene” when handling all client information, Lynch said. Cybercrime isn’t going anywhere, and it agencies aren’t prepared, they could face big losses.
“A lot of it is common sense, but you need to spend a little bit of time understanding what is available to you as you deploy it in your own practice,” he said.