19 Hoosier Banker August 2014 needed for the transmission of NPI. Additionally the transmission of email containing NPI should be encrypted so that it is safe from the initiation of the transmission, through the length of the transmission, to the receipt of the transmission. Finally there needs to be a protocol in place to protect digital media from being transported on portable media devices. An entire office’s collection of NPI can be stored on a portable media device (e.g. CD, USB drive, jump drive, back-up tape) and removed from the office for improper purposes. While these devices are convenient, they need to be used in a controlled environment to prevent unauthorized release. f. Disposal and decommissioning of NPI. When examining where and how we store NPI, we must consider how to dispose of it. If we protect it until the point that we put it in the garbage can on the curb, all of the prior efforts may be wasted if a criminal is waiting for you to hand-deliver NPI by discarding carelessly. Generally we think of shredding or burning paper files containing NPI; however, we have to expand our thinking and include any digital device that once contained NPI. These devices (e.g. computers, smartphones, portable drives and even copiers) need to be decommissioned and wiped clean prior to disposal. g. Disaster management plan. Protecting NPI from external threats that may use the NPI for improper purposes is not the only reason that one must protect NPI. NPI must be protected for the basic reasons of business continuity. Simply put, a disaster management plan includes a backup plan that protects NPI from loss. h. Oversight of third-party service providers. When dealing with third-party providers, it is important to understand their procedures and policies when they handle your NPI. If your NPI is stored off-site, it is important to ensure it is secure in that environment. An example of this vulnerability is the IT professional who is assisting with your network. Given the access that IT professionals have to the NPI in your network, they should be chosen with care and should understand your obligations to protect NPI. i. Notification of security breaches. When that unfortunate day comes and someone experiences a security breach, the first impulse is to minimize the event and downplay its importance. However if you are the unfortunate victim of a security breach and an unauthorized release of NPI, it is important to work with your affected customers/clients and appropriate law enforcement. Yet if you have taken the steps outlined above, you will minimize the likelihood of having to face this difficult circumstance. For more information about the ALTA Best Practices and how to comply, please visit www. alta.org/bestpractices, or contact Karen Brittain of Investors Title Insurance Company at 419-5775900, email: kbrittain@invtitle.com. j. Audit procedures and oversight. Ultimately you can put all of the appropriate procedures in place, but if they are not effective, then they have been a waste of time and money. To oversee your information security program, you need to make sure that your virus protection is actually updating, that your back-up is actually running, and that your NPI is actually being shredded. This is an ongoing process, and you should monitor the process that you took time and money to put in place to make sure that it is effective. CanYou Demonstrate ThatYou Can Keep a Secret? The stakes of keeping a secret have been raised since our days on the playground. Now we not only need to keep secrets, we also need to demonstrate that we know how to keep a secret. We used to think of our threats as being all internal to our physical borders – employees, partners, thieves that enter the office. In today’s world, we must reevaluate that line of thinking and recognize that anyone with Internet access could be a threat, because anyone with an Internet connection is a potential target to those trolling the Internet for vulnerable security systems. Any company that is unprepared – big or small – has the potential of being hacked. t Carrier selection is one of the most critical decisions in a BOLI purchase. Not all BOLI providers offer carriers with the top AAA rating. Executive Benefits Network offers its clients the most highly rated BOLI carriers in the industry; delivering the long-term benefits and financial strength our clients expect. Now that is Knowledge You Can Bank On.™ We Peel Back the Layers So Our Clients Can Fully Uncover BOLI. ©2014 EBN BOLI & Deferred Compensation Experts 800.780.4EBN ebn-design.com
RkJQdWJsaXNoZXIy MTg3NDExNQ==