From ITC Agent Conference 2015... ITC takes the security of your data seriously. You should too. As an insurance agent, you hold critical personally identifiable information about your clients. Learn how to protect your agency and your clients' data from an actual hacker and someone who wants to protect you from hackers.

1. Loopholes and
Vulnerabilities in Data
Security
Are you ready to accept your cyber
liability?
Laird Rixford / @lrixford
President

2. My Previous Job
Network nerd

3. Trusted Advisor
What do you have to lose?

4. Sorry to Scare You…
• In case of a security breach you could be
• Subject to $1,000 to $100,000 per incident
• Qualify each piece of breached data as a separate
incident
• Required to notify individuals and media of
breach
• Required to provide monitoring or
remuneration to affected parties
• Applies to all agents. Not just health.

5. What is Your Data Worth?
• Financial data is $5/record
• Health data is worth $50/record
• Identity theft data is worth $188/record

6. Security and Confidentiality
Laws
• Health Insurance Portability and Accountability
Act (HIPAA)
• Health Information Technology for Economic
and Clinical Health (HITECH)
• Payment Card Industry Data Security Standard
(PCI DSS)
• Sarbanes–Oxley Act of 2002 (SOX)
• Gramm–Leach–Bliley Act (GLBA)
• State and Federal Laws
• Cyber Liability, Professional Liability, Errors and
Omissions Policies
• Carrier Contracts

7. What is Considered PII?
• Name
• Address
• Birthday
• Social security number
• Drivers license number
• Financial information
• Email
• Health information

8. Ease of Access = Less
Security
More difficult to access, more security

9. Points of Entry
• Physical
• Technology infrastructure
• Remote access
• Phone system
• Cloud and vendor products and services
• Employees

10. Mitigating the Threat
Mitigate, not prevent

11. Physical Access
Physical access is full access

12. Physical Access
• Limit access to critical areas
• Anywhere with a computer or access to
security infrastructure is critical
• Secure servers in a locked cabinet
• Security cameras
• Security system
• Even alarm inner doors during business hours

13. Technology
Infrastructure
An easy target

14. Technology Infrastructure
• New machines are cheap
• Update and patch
• Operating systems
• Software
• Firewalls
• Run supported software
• Encrypt mobile devices
• Use high security Wi-Fi (WPA2-PSK or Enterprise
RADIUS)
• System policies
• Disable USB storage
• Force password change
• Force screen saver lock
• Install prevention

15. Remote Access
Remote Desktop, Thermostats, VPN, Oh MY!

16. Remote Access
• Do you or your employees really need it?
• How often do you use it?
• Turn it on only when you need it
• Use two-factor authentication
• DUO
• RSA Key

17. Phone System
The oldest hack

18. Phone System
• Prevent remote access
• Change password often
• Enable remote extensions only as needed

19. Cloud & Vendor
Services
Their security is your security

20. Cloud & Vendor Services
• Request security audit results
• Use offerings meant to increase security
• Change password
• Two-factor authentication
• Remove unused users
• Leave vendors who do not comply
• Ask for Business Associate Agreement

21. Employees
The best hack

22. Employees
• Users do not like security
• Train users as to importance of security and
how to recognize social engineering
• Security begins and end with them; include
them in the conversation

23. Security Costs Money,
A Hack Costs More
You are a target. Act accordingly.

24. More Security = Less
Threat
The harder you make it, the less you are a target.

25. Suggestions
• Create a security program
• Longer passwords are better
• Change passwords often
• Use authentication that changes
• Hire an IT professional to secure your
network
• Keep all software patched and up to date
• Lower your attack profile
• Encrypt everything

26. Cyberliability Policy
• Do you need one?
• What coverage should you get?

27. Thank You
Don’t forget to fill out your surveys!
Laird Rixford / @lrixford
President