Pretty scary when a company as large as Allied gets hacked and data is compromised.  Remember Insurance Companies have way more information than many other business, because it can store SSN, previous addresses, VINs, children and spouses names, valuables, other properties and possessions.  The mother load for an identity thief.

I have done a ton of searching trying to find out what happened.  I can’t find much.  I’m guessing more will come out once the FBI is done with their investigation.  As always I can’t recommend enough:

* Are all your systems patched?  Do you know that for sure?  Is it managed and monitored.
*  Is your backup rock solid and monitored?  Offsite?  Tested?
*  Is everything that leaves your office with data encrypted?
*  Are your passwords changed routinely?  Do you share passwords?
*  Do your computers automatically lock after time?
*  Are all mobile devices password protected and capable of “remote wipe”?
*  Do you have a business grade firewall?  Do you update it?  Is that monitored?
*  Do you have unprotected ports allowed in through your firewall?
*  Do you change default passwords on routers, firewalls, etc?
*  Do you have good physical security?
*  Do you have an alarm?
*  Do you have a written security plan and signed acceptable use policy?
*  Do you have a data breach insurance policy and an incident reaction plan?

I have barely scratched the surface of a typical security audit checklist.  But it’s my opinion that if you don’t have all of the above satisfied, you are taking huge risks.  Especially if you have sensitive data.

Written by Bret Erickson of Passkey Computer Services

www.passkeyinc.com @passkeycs