Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

Travelers CyberRisk for Insurance Companies

Privacy, Security, Confidentiality, and Legal Issues

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

New Data Regulation Law 201 CMR TJX Video.

Protecting Sensitive Information PA Turnpike Commission.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

HIPAA PRIVACY AND SECURITY AWARENESS.

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Privacy and Information Management ICT Guidelines.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Children’s Hospital Requirements for Remote Access.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

Information Security Office Protecting Privacy in the New Millennium © Copyright Melissa Guenther, LLC. All rights reserved. Kelley Bogart – Information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

Information Security and Privacy in HRIS

Protecting PHI & PII 12/30/2017 6:45 AM

E&O Risk Management: Meeting the Challenge of Change

Protection of CONSUMER information

E&O Risk Management: Meeting the Challenge of Change

Chapter 3: IRS and FTC Data Security Rules

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Cyber Issues Facing Medical Practice Managers

Personal Information Management Procedure

Chapter 1: Information Security Fundamentals

CompTIA Security+ Study Guide (SY0-401)

HIPAA & PHI TRAINING & AWARENESS

Move this to online module slides 11-56

Colorado “Protections For Consumer Data Privacy” Law

Presentation transcript:

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE OF CHANGE Limiting Exposures to Data Breaches

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) INTRODUCTION Insurance agents collect, use, and store personally identifiable information on a daily basis Agents face exposure to both regulatory penalties and potential first and third party liability for breaches of data. Liability from cyber-attacks is on the rise and the media is constantly reporting on companies being hacked, exposing protected personal information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) INTRODUCTION Risks include physical risks, such as: Discarding protected personal information without it being properly shredded Computers, fax machines and printers being discarded without thoroughly removing stored personal information; Physical agency break-ins where the entire agency server is stolen.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) INTRODUCTION employee mistakes Perhaps the largest security risk arises from employee mistakes that often result from the failure to properly train them on agency procedures to protect the privacy of protected personal information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) GOOD BUSINESS & THE LAW Agencies have an obligation to secure protected personal information whether it is in electronic or paper form and to dispose of it appropriately

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) Data Breach Exposures Legal Responsibilities Fair Credit Reporting Act (FCRA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Various state laws (at least 29 states) require reporting of security breaches…“Security Breach Notification Chart”: These laws effectively require agencies to implement security plans, conduct training, and do security audits

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) Data Breach Exposures Data Breach Costs Average cost estimated to be $214 per record, or about $250K for the average agency Direct Costs – Cost to handle breach…legal fees, consultants, implementing new technology and training – Cost to notify and remediate affected parties Indirect Costs – Loss of trust of customers – Damage to reputation in the community

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) Data Breach Exposures Identify Data at Risk Paper files in cabinets and on desks in premises Archived files (paper and electronic) outside premises Computer hard drives, laptops, cell phones, CDs, USB drives, agency management system providers, carriers, call centers, etc.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) Data Breach Exposures Identify Physical Threats Majority of breaches occur from stolen or lost devices Secure the building, server room, and file cabinets Screen cleaning crews Immediately prevent access to data when employees leave Practice sound password security Limit personal information on mobile devices

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) Data Breach Exposures Identify Virtual Threats Firewall Secure WiFi connections Virus and malware protection Secure data backups and archived files Connect remotely via SSL/VPN connections Use secure SSL connections (https) to collect data Secure with Transport Layer Security (TLS)

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) LIMIT YOUR RISK Only keep the data you need and for only the length of time that you need it Have written guidelines and training regarding employee use of all protected consumer information Have written mandatory procedures in place for the proper disposal of sensitive information.