Nov
7
2014

According to the 2013 Verizon Data Breach Investigations Report (DBIR), 30 percent of all data breaches investigated in 2012 occurred in organizations with fewer than 100 employees. Every time you accept a check, debit card, or credit card payment from a client, your practice is at risk for a data breach. Your clients rely on you to treat their pets, and they must also trust you to protect their personal information when they make payments. When sensitive data is exposed, your reputation is on the line, And, don't forget about all of the personally identifiable information found in employee records and files.

Are you prepared?
Most states have security breach notification laws that require you to notify the impacted parties as well as credit bureaus and state and federal agencies of security breaches of information involving personally identifiable information.

Did you know that you can secure insurance to protect you against these exposures?
You can secure a stand-alone policy with unique features, such as notification assistance to prepare notification letters that comply with regulatory requirements and crisis management and public relations to help handle a breach and to help restore your practice's reputation.

Insurance protection is one smart step in preparing and protecting your practice. For prevention, here are 10 tips provided by The Hartford:

  1. Secure sensitive customer and employee data. Store paper files and removable storage devices (such as thumb drives and CDs) containing sensitive information in a locked drawer, cabinet, safe, or other secure container when not in use. Restrict access to sensitive data to those who have a need to know. Give employees access to only the information they need to do their jobs--whether it's online or in paper form.
  2. Properly dispose of sensitive data. Shred documents containing sensitive data prior to recycling. Remove all data from computers and electronic storage devices before disposing of them.
  3. Use password protection. Password protect your business computers (including laptops and smartphones) and access to your network and accounts. Require employees to have a unique user name and a strong password that is changed at least quarterly.
  4. Control physical access to your business computers. Create user accounts for each employee to prevent unauthorized use of your business computers. Laptops can be easy targets; make sure they're locked in place when unattended. Also limit network access on computer stations in public spaces, such as the reception area.
  5. Encrypt data. Encryption helps protect the security and privacy of files as they are transmitted or while on the computer. Install encryption on all laptops, mobile devices, flash drives, and backup tapes, and encrypt emails that contain sensitive information.
  6. Protect against viruses and malicious code ("malware"). Install and use antivirus and antispyware software on all of your business computers. Don't open email attachments or other downloads unless you're sure they're from a trusted source.
  7. Keep your software and operating systems current. Install updates to security, Web browser, operating system, and antivirus software as soon as they become available. They contain "patches" that address security vulnerabilities within the software and are your first line of defense against online threats.
  8. Secure access to your network. A firewall prevents outsiders from accessing data on your network. Enable your operating system's firewall or purchase reputable firewall software. Be careful with free security software as it may actually contain "scareware" that can infect your network. Allow remote access to your network only through a secure manner, such as a properly configured Virtual Private Network (VPN). If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden so that its network name or "Service Set Identifier" (SSID) can't be picked up by the public. Also be sure a password is required for access.
  9. Verify security controls of third parties. Before working with third parties that have access to your data or computer systems or manage your security functions, be sure their data protection practices meet your minimum requirements and that you have the right to audit them. Not only do you want to ensure that your customer and business data is secure, but if a breach occurs on their watch, you could still be held liable and may be required to take the necessary steps toward recovery, including notifying customers, monitoring credit, or paying penalties or fines.
  10. Train your employees. Last but not least, make sure your employees understand your data protection practices and their importance. Document your policies and practices and distribute them to your team. Review your practices regularly and update them as required. Be sure to retrain your staff as updates are made.

Questions? Need coverage?
Contact the AAHA Business Insurance Program at 866-380-2242 or email aaha@hubinternational.com to learn more or to secure data breach coverage.

Add comment

  Country flag

biuquote
  • Comment
  • Preview
Loading

About this Blog

Red is your guide to everything AAHA. Whether you’re looking for association news, updates on our educational offerings, the latest books from AAHA Press, deals from our Preferred Providers, or fun reads from various AAHA staff and AAHA-member veterinary professionals, this is where you’ll find it.

Questions or comments?
Email us at aaha@aaha.org or call AAHA’s Member Experience Team at 800-883-6301.

AAHA-Accredited Veterinary Hospital Locator

Read the latest edition of:

Poll Question
Veterinary professionals: Are you allowed to bring your pet(s) to work with you?

The Standard of Veterinary Excellence ®
American Animal Hospital Association | Copyright ©2018 | Privacy Statement | Contact Us
The Standard of Veterinary Excellence ®
American Animal Hospital Association | Copyright © 2014
Privacy Statement | Contact Us