/ /

A Whole New, Dangerous World

Stephen Ruchman

Last month, I received a call at my house (Yes, my wife and I still maintain our house phone.). When I answered the phone, the person on the other end said, “Grandpa, this is John.” (I’ve changed his name for his privacy.) “John?” I responded. “It doesn’t sound like you.” My grandson, John, is a senior in high school and he is very active. My wife and I have enjoyed driving our grandchildren to soccer games and other activities for their entire lives and I consider us very close. He told me he was in the hospital and he had broken his nose.

As any grandparent knows, a call like this is upsetting, to say the least. But, there was more: Through his almost indistinguishable and broken voice, he said he had been out with friends who were drinking and they had gotten into a car accident. The police, he said, were at the hospital now and he was going to be arraigned. “Please don’t tell mom and dad,” he said. “I need money for bail.”

Now, I was suspicious. “John, this is John?” I questioned and was affirmed. “Tell me your middle name,” I persisted. The person on the other end of the phone hung up.

Turns out, the whole incident was a scam. I don’t know where the caller got my phone number and grandchild’s name. It could be my grandchildren’s school database was hacked and the scammer obtained my number on the “In case of emergency” list. We may never know. I can say my family now has a code word. If anyone, parent, grandparent or child is approached and told they are representing a family member, we will now ask for the code word before sharing information, money or putting ourselves in a situation like a car ride that could turn out to be dangerous.

Since I’ve shared this story, I’ve learned it is not uncommon. Many people have told me they have a friend or family member who was taken for a ride (so to speak) by this con. I consider it particularly loathsome because it preys on the elderly, who often are vulnerable, as well as a sacred relationship between a grandparent and grandchild.

I share this story for a few reasons: First, of course, is to alert anyone who may not have heard about this specific scam. How deplorable do you have to be to swindle a grandparent? These people have no scruples! In addition, I urge families to adopt our code-word–as-security tactic.

There are other lessons from this cautionary tale. For example, even school districts need cyberliability protection. If it turns out the school has, indeed, been hacked and the scammer got grandparent names from the “In case of emergency” list, the district could be in for a world of trouble. All businesses need to have cyberliability coverage. And, if you think you have cyber coverage because you have a BOP, believe me, you are not covered enough.

Business owners may have heard about New York State’s recent proposals to protect consumers that will affect all insurance agencies in New York. These regulations, currently slated to take effect the beginning of 2017, are overreaching and PIA is working hard to mitigate the scope and reach of the regulations. The association continues to offer education and resources on the issue to members, including a checklist of things to stay in compliance, as well as ongoing advocacy and information to members as the rules are formed.

Also toward this end, the Professional Insurance Agents of New York, the Independent Insurance Agents and Brokers of New York, and New York Insurance Association have worked together to form a Security Advisory Group and identify Guiding Principles to Advance Information Security in New York. These are broad guidelines that can help any agency protect retained policyholder data. It’s become a scary world.

The fact that these three associations have worked together over several months is testimony to the importance of the issue. As PIANY Executive Director Kelly Norris said, “Our members have exceptional access and responsibilities with regard to our clients’ information. Our industry, therefore, is in a vanguard position with regard to cyber security. As their association(s), it is imperative that we provide information and guidance to help agents and companies guard the information with which they are entrusted. PIA is committed to this goal, and to helping every professional, independent insurance agency ensure its own information and privacy is secure.”

The Guiding Principles can be found at http://nyia.org/guidingprinciples/. They are far more detailed than the following list, and I encourage all agencies to review and adopt the principles for their own protection.

  1. Commit to the EDUCATION of agents, company personnel, third party vendors and policyholders.
  2. Understand that security is a MOVING TARGET, which necessitates the practice of continually revisiting standards and best practices.
  3. Recognize the need to protect information as a whole—breaches are NOT CYBER SPECIFIC.
  4. Look to reputable security resources for guidance in ESTABLISHING STANDARDS.
  5. Develop a written INFORMATION SECURITY PROGRAM with the requirement that those accessing data, including third party vendors, conform to your standards.
  6. DETERMINE VULNERABILITIES through regular security risk assessments and penetration tests.
  7. Create an INCIDENT RESPONSE PLAN and regularly test the plan.
  8. Limit the amount of RETAINED PERSONAL INFORMATION.
  9. Utilize STRONG PASSWORDS and other security features to access information.
  10. Ensure HARDWARE AND SOFTWARE ARE UP TO DATE and appropriate patches are in place.
  11. Obtain cyber security INSURANCE COVERAGE.
  12. Guard against REPUTATIONAL RISK—information security is a shared responsibility.

In this age of digital information, we are experiencing all kinds of scenarios, affecting our lives, our families, our homes and our businesses. It’s a different world. Be careful!