Insurance intermediaries have a lot of sensitive information about their customers. Looking at the data in your system, I could determine who owns prestigious cars, who has expensive jewellery insured and what sort of alarm system they have. When they buy a travel insurance policy, or get a green card, I also know the customer has left the country!
While a lot of focus in the media is on the "hacker", the reality is that your greatest threats come from inside the business. This is not to suggest that staff are feeding information to criminals, but a lack of training, inappropriate office design and poor morale can all contribute to security breaches.
Poor training is a key factor in staff making mistakes. They may accidentally transpose the last two digits of a date of birth from 56 to 65, a mistake which may go undetected for years but which could blow up into a negligence claim. Other customers may find themselves under-insured when a digit is left off, or uninsured when policies are cancelled or lapsed.
Clearly education is going to tackle these issues, but so too is a careful focus on morale. Staff under stress are more prone to make mistakes. They are also more likely to want to leave your business.
Aside from the estimated £5,000-15,000 it can cost to lose a member of staff, those who are in a position of authority may hold out a carrot to their new employer - your customers!
This practice may be illegal, but that is little comfort when you see your key accounts are jumping ship.
Bad office design is one other key area to look at. Too many intermediaries use the server as an additional terminal when it should be locked away out of sight.
Not only is it inviting the criminally-minded to run off with it, but spilt coffee, power cables being pulled out and staff knocking it off of the desk are all risks that an exposed system box faces - you could potentially lose your business.
Take the view that anything which affects your profitability or revenue is a security risk. The effect may be immediate, such as having no systems for a few days while new hardware is installed, or they could be longer term, such as a competitor being able to target your key accounts.
With this focus you can start to undertake a risk management exercise to identify where you are most vulnerable - and what you are going to do about it!
Security is about more than hackers and thieves - it is about making sure your data is accurate, consistent and confidential. Your customers expect nothing less from you.
- Ross Hall is the founder of Garol, the Strategy Consultancy, and can be contacted on 020 8902 0618, or via e-mail at email@example.com.