The US Federal Emergency Management Agency, better known as FEMA, improperly shared and exposed personal identifiable information of 2.3 million disaster survivors this past week. Those at risk were victims of hurricanes Harvey, Irma, and Maria, as well as the California wildfires of 2017. 20 data fields were improperly shared, including home addresses & bank account information. Although the 3rd party contractor that received the data was not identified in the reports, it’s worth noting this isn’t the first time FEMA has been censured for mishandling information.
A report from 2015 stated survivor’s records were stored at a disaster-response centre in California in open, unsecured cardboard boxes. Mishandling large quantities of sensitive data typically is a result of inadequate employee training. Employers need to begin utilizing intentional phishing tools to help their employees understand the difference between a normal email and a malicious email. Combining this training with a quality cyber policy would help minimize the negative effects that result from employee error.
EvolveMGA provides this service for free to every one of our policy holders. Combining this training with a cyber policy will minimize the major costs associated with phishing!