8 Tips on Cyber Security for Staffing Companies
Staffing Stream
8 Tips on Cyber Security for Staffing Companies
Main Article
Raise your hand if your staffing company has credit card or billing information on its servers. Raise your other hand if there is personal employee information like addresses and social security numbers on your network.
Are both hands raised? Well that, my friends, is a sign; it is a blinking light flashing “cyber exposure.”
The vast majority of staffing companies keep private and personal information on their computer systems that easily identifies clients or employees. If this sensitive data falls into the wrong hands via a network security breach, it can lead to fraud, identity theft or similar cybercrimes. These security breaches can happen either accidentally or through employee misconduct.
PREMIUM CONTENT: Global Overview of Developments in Data Protection and Privacy Laws 2016
Take, for example, an in-house staffing employee who mistakenly distributed copies of hundreds of staffing employee W2s to an email address that auto-populated into their email. It was an honest mistake, but cost the staffing company more than $75,000 in credit monitoring for those individuals, should their identities be stolen in the future.
Another industry example is when a hacker released a computer worm that launched a service attack against an IT placement firm’s entire system. The infection caused a 48-hour shutdown of its computer systems. The IT staffing firm incurred extensive costs to repair and restore their system as well as business interruption expenses that totaled more than $750,000.
So throw that whole “it won’t happen to me” saying out the window. It does not matter size, location or industry when it comes to a cyber attack. What does matter is having the proper safeguards in place to minimize risk and/or the fall-out of an attack.
Managing Cyber Liability Risk
Here are eight ways to help minimize your staffing company’s risk:
- Develop and implement an appropriate cyber security policy.
- Create a formal process to update software, firewalls and anti-virus programs.
- Safeguard mobile devices that hold sensitive personal data with encryption codes.
- Safeguard personal information within the workplace, segregating pay information and personal details on a separate part of the network and restrict access.
- Implement regular staff training on security procedures.
- Have a breach response plan in place.
- Investigate a company’s security practices before outsourcing any business functions, such as payroll, web hosting or data processing.
- Have an insurance policy in place to cover this type of liability.
Implementing the Right Policy
The last tip was specific to insurance policies, which is an important subject to expand upon. When comparing quotes from competing insurers, here are some considerations:
Limits and Deductibles: It is important to determine your liability and choose limits that align with your exposures as a company. To compare quotes “apples to apples,” be sure all quotes have the same limits and deductibles. If that is not possible, higher limits and lower deductibles are obviously favorable as long as the pricing makes sense.
Policy Aggregate: This is significant in the event of a claim. For example, with a large claim, notification costs could exceed your aggregate limit and you would have nothing left for the year. Some insurers do not have a policy aggregate limit; rather each insuring clause is its own tower of coverage. This is the favorable option.
Prior Acts Coverage vs. Retroactive Date: Full prior acts coverage is significant because regardless of how far in the past a claim took place, the claim will be covered (as long as it is made against your company during the current policy period). A retroactive date eliminates coverage for claims prior to a specified date (retroactive date), even if the claim is made during the policy period.
Social Engineering Endorsement: Social engineering attacks are different from typical cyber hacking attacks in that it targets employees not the network system. Adding a Social Engineering Endorsement to either your crime or cyber policy will ensure coverage for this type of attack.
Now, put one hand down if your company has or will soon have more preventative practices in place to minimize cyber risk. Put your other hand down if your company has or is looking into a policy to minimize the impact post-breach. Hopefully, both hands are down and your staffing company is well-protected.
Author
Latest from this author
Sorry, there are no more articles for this author.