Q&A: Diving in on data privacy
Every day, we use search engines, answer our emails and engage with companies online—and in the process, we share data. The companies we interact with create data too, and the total footprint is staggering: 90% of all data measured in 2017 had been created in the last two years, and the volume continues to grow.1, 2
Between new regulations and high-profile breaches, we are all aware of what can happen when data gets into the wrong hands. Companies faced nearly 1.5 billion data breaches in 2017—a 40% increase against the prior year. The number of records compromised nearly quadrupled against 2016. In fact, both the volume of attacks and records exposed have risen steadily for the past decade.3
“It’s enough to make anyone paranoid,” explains Rebecca Woan, Founder and CEO of Chartwell Insurance Services. “However, we recommend channeling that concern into research and prevention.”
For most of us, interacting—and sharing often-personal information with—companies, websites, and search engines has become just part of our routine. It’s how we order groceries, do our taxes, find answers to our questions, or complete dozens of other activities that we now do online. And many organizations have to collect and store data in order to do business with us. So how do we sift through the noise and navigate data security sensibly?
As Founder and CEO of Chartwell Insurance Services, a boutique agency offering insurance and personalized risk management services for successful individuals, Rebecca Woan has become both a student and an advisor on data privacy. Here, she shares advice for both individuals and entrepreneurs.
Q: As a business owner, how do you educate yourself on data privacy?
Rebecca: As the owner of a boutique agency, I make decisions for our business. From high-profile breaches in the news, to new regulations like GDPR, data privacy is constantly making headlines, and it gives business owners a lot to think about.
I’ve worked closely with our IT team for a long time, and I read a lot and talk to industry experts to educate myself. Once I go down a path, my approach is to take a long look. I try to read and speak to as many people as possible. Each time I do, I have a new, idea, thought or question. While I don’t always have the answers I have a lot of questions—and I’ve found questions are what ultimately get you to the right people and the right answers.
Q: What is your advice for entrepreneurs and business owners?
Rebecca: Cyber is a new front. You have to treat it like a military vulnerability—you cannot assume that your borders are secure.
Entrepreneurs may think that only large companies are affected by data breaches, but studies show that this is not the case. A Symantec study showed that 43% of cyberattacks were actually targeted toward small businesses. What’s even more surprising is that 86% of these businesses don’t believe in their own ability to guard against attacks.4
It’s very important to me that we are good stewards of both our data as well as our clients’ data at Chartwell. That means following best practices and reviewing our privacy policies to make sure we continue to meet industry standards.
If you have a business today, you need a data security plan and budget. You need to dedicate the time and resources not just to understand, but to stay ahead of the curve.
- Consider both security when employees are in place, such as the security and firewalls within your office, and also mobile security when employees work from laptops, tablets or phones.
- If you work with third party partners or vendors, don’t hesitate to question them—vigilantly—about their security policies and practices, including how, and where, they use and store data.
- Educate your team on information security. Employees should understand the importance of using multi-factor authentication, and installing software and security patches as prevention against computer viruses. And employees should be taught to look out for phishing emails, which are often attempts to gain access to your system.
Q: As an insurance advisor, you counsel individuals about personal cyber security risks. What are some common ways data can be compromised for individuals?
Rebecca: For individuals, lack of password protection and oversharing of data are two of the biggest risks. The best protection starts with minimizing the spread of data.
We are learning that institutions that we thought we trusted have not scrutinized their advertisers, and that our sensitive information has been sold to people who it was never intended to reach or who are misrepresenting themselves. In this environment, it’s more important than ever to be vigilant about what information you share, how you share it, and who you share it with:
- What you share: Consider what data you give away carefully. Don’t overshare with more data than necessary, and treat all data like it is sensitive.
- How you share it: Avoid using public Wi-Fi, especially for financial transactions, and don’t save credit card information on retail sites. Get in the practice of using a password manager. Also, know that you have options when it comes to privacy and tracking settings on many sites—look into them!
- Who you share it with: Not all businesses are the same when it comes to data privacy. You have a choice when it comes to the partners you work with, and data privacy can and should part of that conversation.
Q: What questions should individuals ask of their financial service providers?
Rebecca: It’s important that individuals not be afraid to ask questions. Is the company PCI compliant? The Payment Card Industry Data Security Standard is a set of standards for organizations that process credit card information.
When working with a trusted financial advisor, ask about their information security practices. Inquire about their standards, and what they do to protect data. Look for company that treats your data like their own. When you start to compare companies, you will notice a lot of differences.
Q: What is one risk that people aren’t paying enough attention to?
Rebecca: Social engineering threats. Social engineers deceive individuals into giving funds or personal information that can then be used fraudulently. They may send notices that appear to be from a legitimate company, and can convince even savvy people to wire large sums, allegedly for construction on their homes, purchases of art, and much more.
These attacks are becoming both more sophisticated and more frequent, and the potential for loss is great.
- Check the source of any communications. While the branding may look legitimate, make sure the URL and information contained in the message match the sender, and that the request makes sense. Never agree to wire money without verifying the recipient by phone or fax and not from information listed on the email request.
- Consider personal cyber insurance. This coverage can help protect you against some of the biggest financial losses that can occur from cyber threats. Cyber coverage is often sold as an endorsement to your homeowners policy. Not all products include coverage for social engineering, so talk to your agent to find the right one for you. Berkley One’s cyber solution includes broad cyber coverages, including social engineering, online extortion, cyberbullying, identity theft, system compromise and internet clean-up, as well as cyber services that can help monitor threats and will help you manage the damage if a breach does occur.
Whether the data you’re protecting belongs to you, your family, or your business, remember that data is only as secure as its weakest link. Be responsibly skeptical, and don’t be afraid to dive in to learn more when there is something you don’t understand. The more awareness that you create, the more people will question—and we need to keep questioning.
Rebecca Woan is Founder and CEO of Chartwell Insurance Services.
Berkley One is a Berkley Company.