Apr 23, 2020

Establishing a Cyber Security Program for Social Services

Category: Cyber

According to recently released data, between January and September of 2019, nearly eight billion data records were exposed, illustrating a 33-percent increase from the same time in 2018. And although hackers are to blame for the bulk of these breaches, human error and a lack of a sophisticated cyber security program also aid in a data breach.

Building an effective cyber security program requires a commitment to people, technology, and processes. All need to be considered and work together to support a new program. And while this system may be complex, it’s important to make sure all bases are covered.

Social Services Cyber Security: What to Consider

Here are a few principles for organizations in the social services field to consider when looking to build out a proper cybersecurity program.

Identify All Types of Data

From patient health records to personal financial information to intellectual property, all types of sensitive data need to be considered when building out a cyber security program. It’s the responsibility of the social services organization to protect all data or they can find themselves on the hook for major losses due to breaches. Those affected by a breach can hold the organization responsible for costly financial claims.

This is why having an effective Cyber Liability program to act as an insurance barrier can help to protect not only an organization’s clients but the organization’s reputation and resources. Having a Cyber Liability program can help to provide the funds needed to patch up a mess left behind by hackers, as well as paying out those affected by a breach.

Once the types of data are identified, an organization needs to determine where it should be stored. Beyond databases, information may be held in spreadsheets or in text documents. Protecting every device, such as computers and mobile devices, within a social services organization may not be a possibility. But what can be done is identifying where sensitive information lives in a working environment and build out controls around that storage.

Train Employees and Users on Cyber Security Practices

Human error plays a major role in cyber breaches, making cyber security more than just an IT issue. There needs to be a culture of awareness and security among all employees from the top down. The protection of sensitive data comes down to the users who are handling it throughout the day. If these users don’t know their role in protecting and using sensitive data and interacting securely with a computer network within an organization, they may be putting everyone at risk.

In response to this factor, employees must be trained to recognize and report any phishing attacks or suspicious cyber behavior and should be able to keep their password safe.

Multi-Factor Authentication

Many companies have employees who are able to access its systems remotely. Access to sensitive systems and data is protected only by a single password. These passwords can be easily guessed or identified through a quick search by hackers. If multi-factor authentication is not required for remote access, such as email, a hacker who obtains a password will have an easy time accessing remote services. This will eventually lead to the stealing of sensitive data.

About Tangram Insurance Services

Located across the Golden Gate Bridge, just outside of San Francisco, Tangram Insurance Services is a full-service Managing General Underwriter and Program Manager offering specialty programs. We focus on industry-relevant coverage, competitive pricing, and practical business and risk management solutions for your clients, including social services policies. Since we are not all things to all people, we make sure to create outstanding custom-built solutions that matter to those businesses, and the brokers who serve those industries. Contact us at (888) 744-9810.