The scale of the Anthem health insurance data security breach was historic. There were some 80 million client records which were compromised over a two month time period where Anthem’s database credentials were compromised.
In some ways, it’s a positive thing that Anthem discovered the breach themselves and made it known. However there are many lessons for Los Angeles CPA firms to take away and learn from this massive breach.
Since almost half of the Anthem clients who had their identity information stolen reside in California, it may be a painfully close to home lesson to learn.
1. Encrypt Your Data
Anthem admitted that it had not encrypted its client data before this attack or in another smaller attack a few years ago. It said because a hacker got the administrator’s credentials that encryption would not have been a solution any way.
That may never be proven one way or another. However if data is encrypted and if only privileged people have the keys, it makes accessing that data that much more difficult.
Needless to say, the fact that someone was able to access administrative level credentials at all for such a vast amount of sensitive information is astounding.
2. Use Multi-Factor Authentication to Safeguard Client Data
Without encryption, a simple password and User ID is not satisfactory protection for so many client records. Using a multi-factor authentication system, whether it be with a time based token, an SMS message to an approved user’s smartphone, swipe cards, USB sticks, or other strategies to add another level of complexity to hacking into client data is the safest strategy.
There are a number of biometric scanners, such as fingerprint scanners which could have been used to make the administrative credentials only one piece of a gauntlet of protocols to access client data.
3. When the Cows are Gone, It’s Not Necessarily Too Late to Close the Barn Door
Anthem was correct to reset passwords, notify the FBI and hire security experts like FireEye to come in and do forensic security investigations on the scope of the hack. Just like when your home or your office has been broken into, the security measures you have taken already to protect your assets are necessary to put back in place so no further damage can be done.
In some cases, hackers only breach systems for the “sport” of it initially but might come back again for private information if they think no one is on to them. If you beef up your security even after a security breach, you are saving your firm from further exposure and protecting your clients from additional risk.
4. Security Breaches Make Headlines and Your Reputation is at Stake
It is too early to tell how many of Anthem’s clients will trust them with their data as opposed to jumping to another health care insurance carrier. However the coverage in online, broadcast, and print media can be very damaging on a local, national and/or global level when these sorts of breaches occur.
In the CPA industry, there are many more service providers than in the health insurance industry. Should your reputation be tarnished by a client data breach, your firm might not be able to recover. Make sure that your firewalls, anti-virus, wireless devices, and networks are all up to date with the latest protection and encryption to keep your firm off of the front page.
Your Los Angeles accounting firm probably doesn’t have eighty million client records stored in your systems, but you do have information including personal, financial, business performance, and other sensitive data which, if stolen, could do a great deal of damage to you clients’ lives and business success.
If you aren’t prepared to take ownership of the security posture of your firm, contract expert resources who are equipped and experienced enough to manage it for you.
What would you do if you discovered a data security breach in your systems? Tell us about it in the Comments section below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, 12 Ways for CPA Firms in LA to Utilize Technology More Efficiently.