I’m one of the potential 143 million Americans affected by the data breach at Equifax. As more information is released, we are learning that this breach has international reach to Canada, England and possibly Argentina where the log-in and password for employees to access customer data was admin and admin. That’s almost as bad as having your password simply password.
The fact that Equifax knew about the breach for nine weeks without telling the public is reprehensible, and it doesn’t make me feel better that the company’s CEO Richard Smith is trying to appear apologetic. Smith has been summoned to testify before the House Energy and Commerce Committee regarding the breach.
I can’t help but wonder if there are any members of the committee whose personal information was compromised. Statistically, it’s almost a certainty if you consider the percentage of the U.S. population that represents 143 million. Reports indicate that once you remove children and individuals with no credit history from the Equifax database, half of the U.S. population will be affected. That’s a staggering amount of people. So, chances are, if you’re reading this article, your personal information was compromised too.
What’s the impact?
While this is not the biggest data breach in history, it certainly has the potential to be the most impactful. Remember the Yahoo breach last December in which potentially 1 billion user names, passwords, dates of birth and password reset security answers fell into the hands of hackers? That announcement was right on the heels of their September 2016 announcement that 500 million users’ information had been compromised. When you compare 143 million to a number as huge as 1 billion, why is this breach so much worse? It all boils down to the type of data the hackers were able to access.
Equifax, Yahoo, Ebay and Target have more than the data breach in common, each company employs teams of IT experts whose sole function is to protect against cyber threats. And they failed. How many IT people do you have employed at your agency to protect your client’s data?
The Equifax breach might be the most severe breach yet, simply due to the highly sensitive data retrieved by hackers. Worse, this data was wrapped in a nice, neat package that pinpoints individuals and reveals personal information we use to verify that we are who we say we are. The Equifax criminals attained full names, social security numbers, birthdates, driver’s license numbers, addresses, insurance company information and credit card numbers. Does this information sound familiar? Insurance agencies have this information on their clients. This needs to be a wakeup call for anyone who stores or has access to personal data.
Is your agency prepared for a data breach?
We need to change our mindset about data and cyber threats. As insurance agents, we are in the business of transferring risk. We do it every day for our clients. Our mission is to protect the assets that people have spent a lifetime building. If you have a client who lives in a special flood hazard area, you advise them to purchase flood insurance to transfer the risk. How are you transferring the cyber risk at your agency? Hackers are looking for the data you store on your clients, and all of us are at risk. We need to be prepared – it's not a matter of if my agency is going to be hacked, but when and how am I going to respond?
Consumers buy from the people that they know, like and trust. That's the nature of the buying experience. Equifax, Yahoo, eBay and Target have more than the data breach in common. Each company employs teams of IT experts whose sole function is to protect against cyber threats – and they failed. How many IT people do you have employed at your agency to protect your client’s data?
You have spent several years, maybe your entire life, building your business on trust. You can't afford to have that trust shaken because you aren't prepared for the possibility that your agencies data could be hacked or accidentally released. In fact, delaying notification to your clients can have a huge financial impact to your agency with potential state and federal penalties in the hundreds of thousands of dollars or more. Not to mention the reputational harm that can be caused for failing to timely notify your clients of a potential cyber attack.
Consumer polls indicate that 33 percent of customers leave an organization after a data breach largely due to how the company responds to the breach. Can your agency withstand one-third of clients leaving because of mishandling a data breach? Did you know: 60 percent of small businesses close their doors within 6 months of a data breach because they did not have the proper risk transfer or a data disaster plan in place.
Take a proactive approach
OIA is here to help you understand, prepare, mitigate and transfer that risk. We are the agent’s agent and we have your back. Our annual conference, IACON17, will feature a breakout session related to cyber security. Sign up to get more informed about cyber threats, disaster planning, cyber security laws and how to protect your agency. Learn more about IACON17.
If you consider the emotions you experience when you hear that your own personal information is potentially compromised in the Equifax breach, those are the same emotions your clients will experience if their information is compromised in a breach of your agency system. Take a proactive approach to cyber risk management, and let us help you preserve your business.
Additional Cyber Resources
Agency Cyber Guide 1.0: Tools for compliance and protection in today’s world of data breach and cybercrime (Agents Council for Technology, ACT)