Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Risk management approach can help public entities protect vulnerable data

Reprints

Public entities must take a proactive stance in addressing their data systems' vulnerabilities to hacker attacks.

“It's Risk Management 101. You have to try to quantify and qualify your actual exposure, financial or otherwise, and obviously that means you've got to engage the (information technology) folks within the organization to think like a risk manager,” said Joe Blasi, Houston-based executive vice president at broker McGriff, Seibels & Williams Inc.

“Once you've got your arms around what the actual exposure is,” solutions can include insurance or self-insurance, he said, adding that it also is important for all departments and agencies to collaborate on the issue.

Even if public entities do not have the resources to defend the entire system, they should focus on the biggest risks, said Daniel Howell, San Francisco-based executive vice president and managing director of Alliant Insurance Services Inc.'s public entity group.

Of particular concern is health care-related information. “Public entities have more of that than the think they do,” Mr. Howell said.

Public entities also should consider the controls third-party providers have in place, said Anne Corona, San Francisco-based managing director of Aon Risk Solutions' financial services group.

“Pick someone and tell them they are now in charge of all data privacy issues,” said John F. Mullen, a partner at law firm Lewis Brisbois Bisgaard & Smith L.L.P. in Philadelphia. Otherwise, “everyone assumes someone else is doing it.”

Also, the person in charge of data privacy issues should have “some clout” and decision-making authority, he said.

Read Next

  • Workplace violence prevention starts with comprehensive employee training

    A comprehensive program to prevent workplace gun violence begins with vigilance and teaches employees to know whether to run, hide or fight back. Workplace violence prevention experts recommend that employers train employees to be aware of security breaches, aberrant behavior and other potential threats, and require that they report such incidents to a centralized repository where a cross-functional threat assessment team can review them and recommend risk mitigation measures to implement.