Hackers and data thieves will likely begin targeting companies down market from the big corporations, meaning brokers and advisers should be prepared to protect their clients’ data, says Tinker Kelly, president and CEO of VEBA.

“Agents have an ever-increasing responsibility to protect client data,” he told attendees of Employee Benefit Adviser’s Workplace Benefits Mania Tuesday. “Being cautious with sensitive data is important. Agents have a responsibility to keep client data tight. Also, if a breach occurs it can be detrimental to your reputation.”

Kelly says advisers and brokerages can follow some practical tips to protect client data from breach, including:

  • Keep data in a password-protected encrypted space: This includes encrypted hard drives and smart phones and tablets.
  • Use strong passwords and keep them secure
  • Change passwords often: Brokers and brokerages should set a standard for how often to change passwords, Kelly says. “Whether it be every six months or every year. Brokers should keep up with the standard and enforce it.”
  • Keep user permission tightly controlled: Because of the sensitivity of the data stored in the system, the only ones who should have access are those who use it day in and out. “User permissions should be managed wisely,” Kelly says.
  • Remember to log out: As simple as this sounds, Kelly says, “If you don’t log out at night, it can be a problem. The cleaning crew comes in … they have access to your data.”
  • Use security software
  • Be careful when using public Wi-Fi: While free public Wi-Fi is convenient, Kelly urges brokers to protect themselves, as hackers often troll public Wi-Fi for accessible information. “If you transmit client data over public Wi-Fi, it can be dangerous,” he says.
  • Create a security-minded culture: Create a clear understanding throughout the organization as to the major information security risks facing your firm,” Kelly says.

Benefit advisers should have a plan for what to do in case of a cyber-breach well before one happens, Kelly says. That plan should include an already assembled breach response team to include representatives from legal, marketing, customer service, IT, HR and corporate communications.
The response team should determine vulnerabilities, review the types of data that the company stores and what groups could be affected by a data breach. The team should also calculate existing insurance coverage and any plan limitations. “The cost of the breach response is not covered by all general insurance plans,” Kelly says.

Following a breach, the firm should identify its legal and regulatory obligations and create a breach playbook, including planning the legal process that will ensue, how to handle communications with clients, etc.

The firm should also look into comprehensive identity theft protection services and how they differ, paying specific attention to services that will help with the firm’s current breach.

Kelly says brokerages should review the breach response plan annually and assemble the crisis response team annually to reassess vulnerabilities.

Register or login for access to this item and much more

All Employee Benefit Adviser content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access