Big news—Anthem, America’s second-largest health insurer, suffered a massive data breach mid-last week, exposing the sensitive information of tens of millions of their customers, including names, social security numbers, birth dates, and addresses.
The breach is considered by their PR team to be a “sophisticated cyber attack” from the outside. Most of the time, cyber attacks are not necessarily “sophisticated” in nature; most other big-ticket hacks have been caused by oversight (let’s just be honest—carelessness and an attitude that it couldn’t possibly happen).
But it is happening, and it has to Sony, Target, JP Morgan Chase. It happens all the time in less serious, small-ticket forms of hacking, like a couple years ago when the New York Yankees Twitter account got hacked, their first tweet citing that shortstop Derek Jeter would now be referring to himself as “Minnie Mantles”.
All joking aside, it’s evident that everyone is vulnerable, no matter how big or small the company is and what kind of security plans and systems they may have in place.
Health Insurance companies will be hacked because of the large amounts of sensitive data they compile and save every day on a mass scale. It is up to these organizations to feel the fear and scramble for what’s next in the world of higher security.
Before our eyes, a new way of thinking is emerging—it’s been a fun ride, but now, it’s getting serious.
Anthem’s immediate crisis-management solution is to offer their customers support and free credit-monitoring (gee, thanks), but that’s not going to be enough long-term; not enough for any company holding personal data, especially data that contains PHI.
Brands have suffered because of their data breaches, and it doesn’t disperse quickly. It’s time to get proactive, no matter what size company you are or what information you have in your website or other platform systems.
Working with a creative team or marketing agency? Here are some quick tips:
- Ask them for an SOP on crisis management, social media management, website security, and limitations.
- If you are concerned about a particular aspect of your online security, be specific with your pro. If they don’t have the answer, ask them to find it and implement it.
- If the agency or freelancer you’re working with is not prepared to or interested in helping you solve your security concerns or issues, consider what kind of long-term impact that may have.
- If you have any client databases containing personal information, financial databases, or are unsure of correct policy in the digital space, make sure you know before you go full throttle.
Managing your own data? Here’s what you can do now:
- Change your passwords often. Utilize a database or system to keep your passwords secure and so you don’t forget them. Some people use secured documents within their server or system; others use outside platforms and tools that can keep their passwords straight. When I do presentations on social media security, I recommend a minimum of a quarterly change, and not using the same password twice.
- Review your web hosting, social media platform, or other tool’s privacy limitations. Make sure you know what holes you need to fill in.
- Make sure you are utilizing the privacy settings on these tools and platforms to the best of your ability. Make yourself as secure as possible; for instance, Facebook has a two-step verification so keep you doubly secure.
In light of all of this, my biggest tip of all is never let your guard down, and don’t let the creative team around you do so, either. If the security experts are getting lax, how are you going to manage your security properly?
Find the experts who take your security and crisis management plan just as seriously as you do.
What security tools are you currently using to stay safe online? Do you think you need more help?
Update: MSNBC reports that Anthem failed to encrypt their sensitive data (2/6/15 – 5:50 AM ET)