To Minimize Cyber Risk, Organizations Should Focus on Education

By Jeffrey Rice | October 4, 2016

Information security is not an easily digestible topic.

The “what” is simple: securing information, but the “how” is where it gets tricky. Cyber criminals are cunning and are constantly coming up with new ways to steal information. The schemes are sometimes sophisticated and sometimes not at all sophisticated, but nevertheless can be effective.

One of the largest risks associated with information security is the “people” factor. The “people” includes an organization’s company staff, but also third-party vendors as well as the user community. The proliferation of doing business online and using email as a principle means of cost-effective communication has left businesses organizations open to unscrupulous individuals and entities that can easily break into their circles of trust.

Education is one of the defense pillars for this type of risk. For example, Wayne Cooperative Insurance Company (WCIC) has worked works closely with an independent consultant to craft an educational program for its agency force. The program provides a review of basic cyber risks and things to consider in operating in an electronic world. This is the second educational seminar that the WCIC has provided to its agents on this subject matter. It has an education program in place for its staff as well.

This is because training is essential for employees and anyone who has access to an entity’s company information. Education needs to be provided on a regular basis for those responsible within the IT Department and also to others in a manner that is understandable to those who may not be tech savvy.

There are many ways that an organization can better secure their information, but one of the most fundamental steps is making sure those that have access to systems and data know how to keep it protected.

With this in mind, education is the first concept identified in the recent Guiding Principles to Advance Information Security in New York. The New York Insurance Association, Independent Insurance Agents and Brokers of New York and Professional Insurance Agents of New York embarked on this endeavor to start a broader conversation about information security and encourage enhanced education.

The insurance industry is in the business of offering financial protection, and as a result, takes the protection of policyholder information that much more seriously.

The document delves into 11 other principles key to information security, but without education, any security plan will be limited in its effectiveness.

Entities of all types and sizes are looking to put additional security measures in place by assessing vulnerabilities and addressing risks that exist. As the threats morph, entities are continuing to broaden and deepen their protection. A consistent commitment to education by an entity ensures that everyone is on the same page and understands the changing exposures that exist in the business world.

Jeffrey Rice is president and CEO of Wayne Cooperative Insurance Company, a company that has provided personal and commercial insurance to New York policyholders for nearly 140 years. He has served as chair of the New York Insurance Association and is a member of the Information Security Advisory Group for the guiding principles initiative.

Jeffrey Rice
Jeffrey Rice

Was this article valuable?

Here are more articles you may enjoy.