Protect Your Clients and Your Business from Cyber Attacks
In April 2011, thousands of email addresses were stolen from several major retailers and financial institutions. One of the major concerns of these types of attacks is that hackers could create phony e-emails, known as “phishing attacks” aimed at defrauding consumers or taking control of their computers. Consumers could also be tricked into giving out sensitive information like their passwords and bank account information.
Fortunately, Columbus Life was not among the companies that were affected. However, this occurrence should serve as a reminder of the duty we all have in protecting our customers’ nonpublic personal information.
Here are a few reminders regarding email privacy:
Q: What is “sensitive, personal, or confidential” data?
A: Client, associate and other business data of a sensitive nature must be protected. This includes name, date of birth, Social Security Number, credit card information, medical information, and policy of contract numbers. Anything that can be used to identify a person, or identify a person as a client, is important to keep confidential.
Q: How might this data become exposed?
A: When information is keyed to a public web site or sent via email, it travels across the public Internet. If the transmission is not secured (encrypted) there is risk that data contained in it could be compromised. This risk generally does not apply to email that is sent within a company. If you send e-mail to clients, business partners or any other outside entity (including your personal email address, like @yahoo or @NetZero), that message is potentially traveling outside of a secure environment. If it contains sensitive information, that is at risk.
Q: What should I do to avoid revealing sensitive client data via email?
A: If you receive an email that contains sensitive information, and need to reply or forward the e-mail, you should do so only after deleting the sensitive data or creating a new message. You have probably seen Columbus Life replies to your e-mails where sensitive data has been removed and altered. Fore example a policy number may appear as XXXXX1234. A good practice when sending emails regarding your clients is to limit the client’s identifying information to last name and policy number, or just the policy number.
Article taken from “Inside Columbus Life” July 2012http://www.newsadinsurance.com/