A vendor offering claims processing services for providers in the Albany, New York area recently experienced a data breach that compromised the data of 270,000 individuals.
Hackers remotely accessed an employee's computer. The employee noticed that another user was logged into her workstation and notified the employer of the breach.
Although the hackers did not steal bank numbers and full Social Security numbers, the organization is offering a year of free credit monitoring and identity restoration services.
The organization has cybersecurity insurance, and its president encouraged all employers to get it. "For a local business the size of ours, the process of obtaining and paying for these resources on our own would have been extremely difficult," the president said. The organization's cybersecurity insurer helped it find a specialized legal team to investigate the breach and notify affected individuals. Joseph Goedert "Med Associates hit by hack, data of 270,000 compromised" healthdatamanagement.com (Jun. 25, 2018).
Commentary and Checklist
Online criminals often target small employers, like family employers, that lack sufficient protections. Family employers should consider hiring third-party cybersecurity consultants to assess your cyber vulnerabilities and implement technology and practices to keep them better protected.
If hackers do successfully breach your organization's cybersecurity, it is important to notify your security consultants to minimize the damage. If you notice a large or unauthorized bank transaction, call your bank right away and report the breach.
Some important elements of a cybersecurity plan include:
- Encrypt all important data such as financial information and staff Social Security numbers. This can be as simple as activating the full-disc encryption tool that comes preset on your operating system.
- Make sure all hardware is secure and do not leave contractors or others unattended in the home. If staff frequently uses laptops, install tracking software to recover the computer in the event of a theft. In many cyberattack cases, hackers first stole computers from the organization.
- Make sure your wireless network is secure by using the latest encryption technology.
- Install anti-malware and anti-virus software on all computers.
- Educate staff on your Internet policy as well as on the signs of a cyberattack and the importance of reporting suspicious Internet activity.