Protecting Your Business From Cybercrime & Data Breaches
Cybercrime is with us and it’s growing, particularly with the pandemic. Insurers expect notifications to the regulatory authorities to spike during the period of home working, due to scammers or “zoom bombing” or other such data breaches. There is potential for loss of paper-based client data, but the risk is not as great as where data is stored electronically without robust systems protecting it from attack.
Identifying risk effectively
So, have professionals thought strategically about data security? - are all laptops, iPods, iPhones and Android phones set up so they can be locked-down (stopped from being used remotely) if they are lost or stolen?
We advise that every practice should undertake a full strategic review as to how both the practices’ and the clients’ data can be protected.
The issue here is adopting an open system or a healthy system with a culture tuned to risk management and an effective risk management policy. In this way errors are reduced as are negligence claims.
There is more efficiency and higher profits. Following issues: -
- A large number of firms do have high standards of practice management – but there is no point, however, if a firm has high standards of practice management and risk management procedures, if one part of the firm fails to comply with it. It does happen that one department has different ideas on the kind of clients it wants to deal with. The whole reputation is jeopardised because one department is not able to take into account the bigger picture. It’s about getting the culture right.
- Do individual departments have a risk manager – formally designating someone as risk manager to consider risks and how to avoid them. This will involve collating information on risk and from activities that affect the firm as a whole. It means drafting policies and procedures to avoid any risk. It means supporting professionals in the implementation of risks policies and monitoring. It means collecting data. It means an annual risk review.
- Take a holistic approach to risk – not only operational risks but other areas of the business.
Does the firm have a disaster recovery plan in practice? Does the firm comply with statutory obligations? Does the firm comply with regulatory obligations? Are there any strategic risks to the firm?
Is your practice the subject of the next news headline?
Risk management will take time and have an impact on fees. Systems and staff training cost money but think of the converse: the costs of claims, the time taken to deal with claims and your insurance premium or even the excess. How about your reputation? What is the cost of that? Thus, an effective risk management policy is an investment for the future success of the professional firm and in my view not to be seen as a hindrance or lost fee earning.
The lesson is not to bury the last claim – analyse and if you get to the bottom of the problem and put in place changes you will prevent it happening again. It is a good investment, not time wasted and could save your reputation.
If you need any advice or help, contact Karim.
Just in case you missed the other tips: