Editor's note: Joshua Schmidt isvice president and chief information security officerof Vertafore

In the wake of recent widely publicized data breaches, securityis a paramount concern for all businesses. According to a recentPwC survey, the number of data security incidents has increasedglobally across various industries by 25% in the last year. In thefinancial services industry, the survey revealed the average numberof detected incidents increased by 169% since 2012, and the averagetotal financial losses have increased significantly in the pastyear.

For independent agents and brokers, there are two sides to thedata security coin: Although the increase in risk presents anopportunity to provide insurance to businesses in every industry,that same risk of an intentional or accidental data breach canthreaten an agency's confidential client information.

How can agencies manage their time and resources appropriately,stay ahead of criminals, and prevent data disclosure accidents?Here's a 10-question checklist for covering the basics of systemsecurity.

Click on the following pages to learn all 10 tips.

1. Are you properly funding your informationsecurity program? Security budgets need to be properlyfunded and the commitment to security initiatives need to remainconstant.

2. Do your staff and contractors understand theirsecurity and data privacy obligations? A clearly writtenpolicy that is cross-referenced by legal, regulatory andcontractual requirements explaining employee responsibilities forprotecting clients' sensitive information is necessary.

3. Are you compliant with data protection laws?To ensure that agencies are compliant with government and marketstandards, they must keep up with hundreds of data securityguidelines.

4. Are you in the “security armsrace”? Each year, new attack methods are developed and newtechnologies are built to combat those attacks. Deploy and maintaintechnological defenses within each layer of your ITinfrastructure.

5. Are insecure configurations and unpatched systems inyour IT infrastructure making you vulnerable? Keep systemssecured by performing frequent testing for vulnerabilities andexposures and maintain rapid patch management processes.

6. Are bugs in your software applications developedin-house making you vulnerable? Have in-house developedsoftware tested with secure code reviews and applicationvulnerability testing tools to detect bugs before someone elsediscovers and exploits them.

7. What would you do if someone hacked intoyour systems and accessed customer records? All agenciesneed a computer security incident response plan to ensure a timelyunderstanding of significant security events and their impact.

8. If your office and the place you store data backupswere both flooded and lost power for a week, how could you continueto stay in business? Disaster recovery is typicallyfocused on timely recovery of IT systems and includes data backupprocesses.

9. Can you trust that your service providers arecompliant with data protection laws, will securely handle your dataand can quickly recover their systems following a disastrousevent? It's essential that the security practices ofservice providers be evaluated to ensure they facilitate your legalcompliance, properly secure data and ensure rapid recovery ofsystems so that your business operations are not interrupted bysecurity incidents or disasters.

10. Could a significant data breach ruin youfinancially? Maintaining your own cyber insurance policyis a good option for managing the risk of costly data breaches.

Many businesses are deciding the burden of maintaining secure,compliant, and highly available Information Technology (IT)infrastructure is too costly, so they turn to service providers tohost the critical business systems that process and store clientdata. Before outsourcing to service providers, it is important toask them the same series of questions to ensure a chain of trustwhen handling client data. After contracting with a serviceprovider, periodically check in on the service provider's controlmeasures, such as reviewing annual audit reports like an SSAE 16,to ensure appropriate control measures are maintained overtime.