Editor's note: Joshua Schmidt is vice president and chief information security officer of Vertafore
In the wake of recent widely publicized data breaches, security is a paramount concern for all businesses. According to a recent PwC survey, the number of data security incidents has increased globally across various industries by 25% in the last year. In the financial services industry, the survey revealed the average number of detected incidents increased by 169% since 2012, and the average total financial losses have increased significantly in the past year.
1. Are you properly funding your information security program? Security budgets need to be properly funded and the commitment to security initiatives need to remain constant.
2. Do your staff and contractors understand their security and data privacy obligations? A clearly written policy that is cross-referenced by legal, regulatory and contractual requirements explaining employee responsibilities for protecting clients’ sensitive information is necessary.
4. Are you in the “security arms race”? Each year, new attack methods are developed and new technologies are built to combat those attacks. Deploy and maintain technological defenses within each layer of your IT infrastructure.
5. Are insecure configurations and unpatched systems in your IT infrastructure making you vulnerable? Keep systems secured by performing frequent testing for vulnerabilities and exposures and maintain rapid patch management processes.
7. What would you do if someone hacked into your systems and accessed customer records? All agencies need a computer security incident response plan to ensure a timely understanding of significant security events and their impact.
8. If your office and the place you store data backups were both flooded and lost power for a week, how could you continue to stay in business? Disaster recovery is typically focused on timely recovery of IT systems and includes data backup processes.
10. Could a significant data breach ruin you financially? Maintaining your own cyber insurance policy is a good option for managing the risk of costly data breaches.
Many businesses are deciding the burden of maintaining secure, compliant, and highly available Information Technology (IT) infrastructure is too costly, so they turn to service providers to host the critical business systems that process and store client data. Before outsourcing to service providers, it is important to ask them the same series of questions to ensure a chain of trust when handling client data. After contracting with a service provider, periodically check in on the service provider’s control measures, such as reviewing annual audit reports like an SSAE 16, to ensure appropriate control measures are maintained over time.