How to keep clients’ data safe

With cybercrime on the rise, businesses must implement training and protocols.

Cyberattacks cost U.S. companies $15 million annually and no business is immune to the risk. (Photo: Shutterstock)

Last year, the health care industry saw several major hacking attacks that affected the records of millions of Americans. Cyber thieves successfully gained unauthorized access to customer data with techniques as simple as sending a link in an email, costing the industry money and public trust.

According to the Identity Theft Resource Center, the U.S. medical and healthcare sector experienced roughly 336 data breaches as of Nov. 29, 2017, which represents 28 percent of the total 1,202 breaches. That equates to 4.93 million records exposed, or 2.9 percent of the total 172 billion records that were exposed in 2017.  Insurance companies are just as susceptible.

Managing the risk

On average, cyberattacks cost U.S. businesses $15 million each year, and they target businesses of all shapes and sizes. Interestingly, 33 percent of documented data breaches occur in businesses with less than 100 employees, according to the Verizon Data Breach Investigations Report, and approximately 60 percent of small companies go out of business within six months after the attack.

Related: Cybersecurity and health care: where the concern lies

Law enforcement cannot possibly track all digital crimes, and since many claims adjusters do not have strong security measures in place, hacks can go unnoticed and unreported. That type of breach can do major damage to a company’s reputation, which claims adjusters cannot afford.

Without hiring teams of IT security professionals to work in-house, the best way to combat the growing risk of data theft is to utilize a top-rated third-party document encryption and management system, or a document management or records retrieval company that provides top-tier security. Educating every employee on proper procedures is also very important so they can spot suspicious emails, websites and files to minimize hacker successes.

Practical solutions

A few rules of thumb can drastically improve an insurance company’s resistance to data theft, starting with proper password protocol and email security. Weak passwords have led to breaches at some of the world’s largest corporations. Passwords should be a minimum of 12 characters that use a combination of upper and lower case letters, numbers and symbols, and should not have personal meaning to the employee.

Using names, dates, addresses, common phrases or other personal info in a password makes it much easier for hackers to figure out. If it’s easy to remember, it’s probably easy to hack! Also, keeping a complicated password written down in a locked desk drawer is a much better option than using a simple password that’s easy to remember.

Another major way hackers infiltrate computer systems is through email phishing scams and file downloads. Several major corporate hacks in recent years have relied on employees’ willingness to believe emails they receive, such as notices of required password updates or new programs that need to be downloaded. They can resemble official emails, and even appear to come from colleagues or friends.

Once an employee clicks on the link and enters their old password in order to update it, the hackers have access and can ransom or steal whatever information they choose. Several hospitals have had their computer systems held hostage in this way. For new program downloads, the best practice is often to prohibit any and all downloads without the express consent of an IT manager, especially software sent through emails. A compromised file labeled “Adobe Flash,” for instance, can give hackers full access to a company’s computer systems.

Another vital security protocol is limiting employee’s access to sensitive folders and files. Only essential personnel should have regular access to certain files, with procedures in place for temporary access should a different employee occasionally need it. For instance, some companies have universal access that extends to all employees. There is no need for a receptionist’s computer to have access to the same sensitive documents as a claims adjuster, and no need for all employees to have access to the firm’s entire database. By compartmentalizing access, any successful hacks have limited effect and can be squashed much more quickly.

All of these initiatives rely on the fundamental first step of using a secure file storage system, of which there are many professional options. Especially for claims adjusters handling large volumes of documents and data, a few key topics should be considered before choosing a secure third-party data storage provider, like its ease-of-use.

Claims adjusters can realize huge timesavings from using digital data storage rather than paper, but as industries digitize their records and increasingly communicate electronically, it increases the opportunity for theft.

A good information security program requires an in-depth defense approach, which includes people, processes and technology areas. By following these steps — employee education, limited file access, strong passwords and fast, easy-to-use third-party encrypted storage — insurance companies can successfully reduce risk, repel potential data theft attacks and protect their clients’ most sensitive data and documents.


Donna Rice (drice@abidss.com) is vice president, national sales for ABI Document Support Services. She is responsible for nationwide record retrieval program sales, roll out, implementation and ongoing client satisfaction.