The digital threat: How brokerage can mitigate cyber liability

With an increasing number of Canadian organizations being affected by cybercrime, the time for mortgage firms to take action is now. Maia Espejo offers these tips to help ease the risk of cyber attack

Cyber attacks resulting in theft are a growing risk for organizations. Cybercrime can be an issue for any sized organization that has care, custody or control of any confidential information, whether in electronic or paper format, as well as any company with a computer system or website.
 
In the new normal of the online world, companies need to take steps to protect themselves against the financial loss that can result from online attacks. The cost of recouping the damages of an attack and the cost of investigation can build and result in significant financial loss for an organization.
 
However, there are important steps organizations can take to reduce the risk of cyber attack on client files.
 
Here are some tips to mitigate the risk of cyber attacks for your mortgage brokerage and clients.
 
1 Any company with web-based servers should be tested frequently. Have the IT department perform automated scans of the web servers on a monthly to semi-monthly basis. Smaller companies should enlist the help of an external IT firm to assist with the testing.
 
2 Increase awareness and educate senior management and employees by subscribing to newsletters, magazines, blogs, Twitter feeds and Facebook groups with information on protecting your network from cybercrime.
 
3 Educate and train employees every few months on the risks of cyber attacks and data breaches. Remind them by sending monthly emails or have monthly discussions or seminars about the damage that can be done by opening unsolicited emails or attachments, loading software programs brought in from the outside and not protecting their passwords.
 
4 Passwords should be changed on a monthly basis by the company.
 
5 Monitor anti-virus software and ensure it is always up to date.
 
6 Company devices such as smartphones, tablets, laptops on which corporate resources, email, applications and file sharing place sensitive information at huge exposure. Procedures should be in place for when the devices are stolen or when an employee leaves the company.
 
7 Institute procedures to document the types of data collected by the company and where it is stored.
 
8 Determine what the cost would be should the organization lose data. Set aside a budget dedicated to recouping the loss.
 
9 Conduct a risk analysis, either in-house or through a third-party company, to determine how susceptible the organization is to data loss and in which areas. The organization may be at greater risk in a specific area, such as cyber theft, accidental deletion, hardware failures or other risks.
 
10 Institute loss prevention measures, such as backing up all your data at an off-site location or cloud server.
 
11 Provide employee training and assess which employees have access to sensitive data. If the employees have access to personal data, ensure they are properly trained on data protection protocol.
 
Cyber liability insurance
Even with the proper precautions in place, human error, accidents and malicious attacks are still a possibility. Therefore, it may be important to ensure your brokerage is properly covered with a comprehensive insurance product.
 
Cyber liability insurance provides both third party liability and first-party computer security coverage for emerging data security and privacy exposures facing Insurers today. Standard policies generally include a broad form policy wording offering coverage for security failure or privacy breach by paying the cost for privacy notifications, public relations and other services to assist in managing existing and preventing future breaches.
 
Additionally, policies can offer
coverage for regulatory defences and penalties, cyber extortion, first-party data corruption, first party business interruption and crisis management. Some insurance companies provide a hotline with the purchase of a cyber policy where the insured would have 24/7 access to a call centre for claims reporting as well as any guidance or questions with respect to data breaches. Other markets may provide consultation with a breach coach and breach response team to prepare for cyber attacks.
 
As cybercrime has grown to be one of the four most common crimes in Canada, it is increasingly apparent that organizations must protect their assets and the assets of their customers against attack. Instituting organizational policies related to data security is the first step towards mitigating the potential costs of cybercrime.
 
Mortgage brokerages, given isolated security breaches over the years, are particularly proactive about protecting client files against cyber attack. But that must also be translated into action.
 
 
 
This is a slightly amended version of an article written by Maia Espejo, senior professional liability manager of D&O/E&O for Burns & Wilcox Canada. It has been shortened to make it suitable for web publishing.