Data security and privacy continue to be of growing concern for businesses of all sizes. Cyber attacks and data breaches can come from many sources. It’s not just criminals and external threats, but internal causes (both intentional and unintentional) that businesses need to protect against. Privacy risks can result from lost/stolen documents; mobile devices; USB sticks; employee dishonesty; emails; spyware; viruses; hackers; third-party vendors and websites. Businesses should take a three prong approach to protect private information.
First, physical safeguards should be implemented such as procedures for securing paper information, transportation of information, data disposal, computer/server access, and vendor access policies. In customer areas, keep work areas clear of sensitive information to avoid being seen by wandering eyes. Be sure to lock all information away at night.
Second, establish technical safeguards including procedures for equipment disposal, employee termination, use of the internet and company computers, mobile device/laptop/USB security, data retention, third-party service agreements, email security and filtering.
Third, create administrative safeguards such as assigning who in the organization is responsible for the data security including reviewing, monitoring and updating policies, and ensuring all employees are trained on your procedures and property security techniques.
Most standard commercial insurance policies do not cover privacy risks such as theft of digital assets, identity theft, introduction of malware, human error leading to disclosure of sensitive info, costs associated with responding to a data breach. To cover such risks, businesses need to purchase a separate privacy and data breach liability policy. The types of coverage needed will vary depending on the business. Your insurance agent can assist you reviewing exposures and provide options for protection.