Six ways to protect your brokerage from security breaches

Data encryption and strong passwords are some of the key tools to protecting your devices

The global scope of last month’s WannaCry virus highlights the importance of ensuring that brokerages and their computer systems are protected from both physical and virtual security breaches.

Paul Saabas, a vice-president at Shred-It Canada, says there are several ways to employ best security practices at your organization—whether it’s a large or small business. If there isn’t a current security policy in place that includes these methods, he continues, it’s a good idea to implement one—and then to ensure employees are adhering to it.

  1. Make sure all electronic devices are password protected

When creating a password, “it can’t be the name of your cat or your eldest daughter. You need to make sure [employees] use appropriate things [like] one of the upper-case letters or icons on your keyboard. The whole idea [is] that it’s not something that can be rudimentarily figured out based on [a hacker] knowing who your family members are and things like that,” explains Saabas.

Related: More than one-third of Canadian companies don’t have cyber insurance: report

Smartphones, as well as computers, need to have those strong passwords. Before brokers allow their employees to access their corporate email through their phone, brokers should ensure that those smartphones are protected through a password, he suggests.

  1. Encrypt electronic device data

Encrypting the data on computers and smartphones adds an additional layer of protection to a simple password lock. “Even if there was somebody who had access, they would need to have the encryption code to have access to the information…Encrypting all of your electronic devices to make electronic information unreadable is key,” says Saabas.

  1. Properly dispose old devices and data

If your office’s computers or smartphones are upgraded, deleting old files and putting the old computers in a locked storage room is not a suitable security practice. “In the old days, we thought having a magnet near your hard drive would totally mess it up. The reality is today hard drives are much more robust. People think just because they delete and reformat the hard drive, [that] cleans the data [but] it doesn’t,” explains Saabas.

Related: Tech and cyber threats are biggest risks for insurers globally: survey

Brokers should develop a practice of deleting the data from the system, storing the computer for a period of two months, removing the hard drive and sending it to a company that offers a secure chain of custody in destroying the hard drive, suggests Saabas. The remainder of the computer can be sent for recycling.

Picking a company that provides evidence that a hard drive has been destroyed is best—and it isn’t just the computer or smart phone hard drive that needs to be disposed of properly. “It’s your photocopier that has a smart scanner in it. Any device that has a hard drive, you need to pull it out and have it destroyed. That’s the best way to make sure your data isn’t repurposed,” says Saabas.

  1. Don’t print documents unnecessarily

Unless it’s vital, brokers should avoid printing confidential information. “It’s important to destroy physical pieces of paper. I know I’ve been to my insurance agent [and have seen] files about three inches thick,” he says. “The insurance industry is very paper-based. Do you really need to print that form, or can it stay online so it’s always digitally secure as opposed to being printed and needing to be shredded?”

From the archives: The attack on main street

  1. Analyze suspicious emails and links

If you receive a strange-looking email and you are unsure of the source, Saabas encourages brokers to delete it. “If you get an email [and] you don’t know who it’s from, you don’t want to forward those emails because, obviously, the link could be someone trying to get into your system. Keep an eye out for unusual or uncontrolled activity on your computer,” he suggests.

  1. Keep physical devices secure

Another best practice to implement is ensuring employees don’t take work computers home with them. Instead, put laptops in a locked area so they are not readily available for an unauthorized visitor to the office to walk in and take from the room.

As well, Saabas says brokers need to keep track of removable storage devices like USB keys and external hard drives. “If you’re going to use a USB, you just need to make sure it never carries confidential information and again, ideally, that it’s encrypted and secure.”

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.