Skip to main content

Business Sense

Are You Overlooking This Top Data Breach Risk?

If you’re like most business owners, your strategy to protect business data focuses on cybersecurity and hacker protection, and that’s a smart move, but you may be overlooking a major risk—your employees.

Research by CEB Inc., a technology company, suggests that employee errors account for nearly 60 percent of privacy failures.

Your best business defense: A well-trained team

A data security plan may look great on paper, but it’s only as strong as the employees who implement it. A well-trained team is the best defense against identity theft and data breaches. To help improve your security vulnerabilities, the safety experts at the Insurance Services Office (ISO) recommend the following tips.

  • Check references or do background checks before hiring employees who will have access to sensitive data.
  • Ask every new employee to sign an agreement to follow the company confidentiality and security standards for handling sensitive data.
  • Regularly remind employees of company policy—and any legal requirements—to keep customer information secure and confidential.
  • Limit access to personally identifiable information. Know which employees have access to consumers’ sensitive personally identifiable information. Pay particular attention to data like Social Security numbers and account numbers.
  • Set up a regular schedule of employee training. Periodic training emphasizes the importance placed on data security practices. Make sure training includes employees at satellite offices, temporary help and seasonal workers.
  • Teach employees about the dangers of spear phishing. Spear phishing is an e-mail or electronic communication scam targeted toward a specific individual, organization or business. It may be an attempt to steal data or to install malware on a targeted user’s computer. These emails may appear to be legitimate and come from someone inside or outside of the company, generally someone in a position of authority.
  • Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or asking for customer or employee contact information.
  • Update employees as new risks and vulnerabilities are uncovered. Tell them how to report suspicious activity and publicly reward employees who alert you to vulnerabilities.

It’s also a good idea to have a procedure in place for making sure that workers who leave the company or transfer to another part of the company no longer have access to sensitive information. Terminate their passwords and collect keys and identification cards as part of the checkout routine.

For more information about computer security tips, tutorials and quizzes for employees, go to staysafeonline.org.

Insurance coverage

To help businesses respond if a breach occurs, ERIE offers Data Beach Response Expenses coverage. It may be purchased and added to a business insurance policy. It offers crisis resolution support and can help cover your expenses when you have to notify affected individuals of a breach. ERIE’s coverage is provided in partnership with Identity Theft 911, a provider of data risk management solutions. Contact a local ERIE agent for more information.

Most business owners never consider this all too common risk. /blog/top-data-breach-risk Erie Insurance https://www.erieinsurance.com/-/media/images/erieinsurance/erieinsurancelogo.png

ERIE® insurance products and services are provided by one or more of the following insurers: Erie Insurance Exchange, Erie Insurance Company, Erie Insurance Property & Casualty Company, Flagship City Insurance Company and Erie Family Life Insurance Company (home offices: Erie, Pennsylvania) or Erie Insurance Company of New York (home office: Rochester, New York).  The companies within the Erie Insurance Group are not licensed to operate in all states. Refer to the company licensure and states of operation information.


The insurance products and rates, if applicable, described in this blog are in effect as of December 2016 and may be changed at any time. 


Insurance products are subject to terms, conditions and exclusions not described in this blog. The policy contains the specific details of the coverages, terms, conditions and exclusions. 


The insurance products and services described in this blog are not offered in all states.  ERIE life insurance and annuity products are not available in New York.  ERIE Medicare supplement products are not available in the District of Columbia, New York and Wisconsin.  ERIE long term care products are not available in the District of Columbia and New York. 


Eligibility will be determined at the time of application based upon applicable underwriting guidelines and rules in effect at that time.


Your ERIE agent can offer you practical guidance and answer questions you may have before you buy.