How to advise clients on cyber after Algonquin breach

Brokers can aid their clients by raising awareness of the common tactics of cybercriminals, as well as by advising their clients to be careful about with whom they share their personally identifiable information (PII).

Zac Cohen, general manager of Vancouver-based identity verification provider Trulioo, spoke to Canadian Underwriter Friday about what can be learned from breaches and how brokers could advise clients on identity protection.

“It’s OK to challenge attempts to gather additional information needlessly,” Cohen suggested that brokers tell their clients. “So when people are asking [the broker’s client] for information, it’s OK [for the client] to ask: ‘Why is this? How will this be used? Do you know what are your security policies?” Those are OK questions to ask and to be very careful about who you share your information with.”

In commercial lines, businesses that need to collect an individual’s information can no longer assume they will not have a breach. Multi-layered approaches to identity and authentication – such as biometrics, mobile identification and other alternative options – can limit the creation of a “centralized honey pot,” Cohen said.

“We’ve gone miles and leaps above just simple encryption. A variety of methodologies can come into effect: hashing data or creating additional logical separations between pieces of information. There’s a variety of technical specs you can get into, so that even if somebody did penetrate your network, they’re at least isolated from gathering all the information you have on various people.”

Related: How data breaches cause harm even if no financial info is stolen

When asked about the cost of implementing multi-layered authentication, Cohen said that it should never be thought of as a cost, but rather as an investment. “I don’t think it’s actually costly when you compare it to the alternative,” he said. “The highest cost imaginable is when an organization has a data breach and faces the ensuing reputational damage. This will follow your business or institution everywhere.”

By discussing these options with clients, “we can at least turn negatives like these data breaches into positives by more regularly talking about them, what to do, what it takes to limit their occurrence, what it takes to limit their damage and what we can learn from them moving forward.”

Broker advice on cyber is once again in the spotlight following a breach at Ontario’s Algonquin College in which personally identifiable information of thousands of individuals may have been exposed.

In mid-July, the college provided an update on a May 16 incident involving the “unauthorized and illegal access by hackers on one server infected with malware.” More than 4,500 students and alumni may have had information such as date of birth and home address exposed, while another nearly 107,000 individuals had “non-sensitive” information possibly exposed.