Insurance Claim Demand Letter Template - PowerPoint

Document Sample
Insurance Claim Demand Letter Template - PowerPoint Powered By Docstoc
					FFY2010
EAP Annual Training
Section 2.0 Risk Management
Includes Risk Assessment, Risk Mitigation (Dup Check), Data Practices, Debtor
Exemption Claim Notice and Security




August 12 & 13, 2009
St. Cloud Minnesota
Holiday Inn


                                                                                1
         Risk Management

2. Risk Management
   Involves Identifying priority activities within the
    organization for risk assessment by considering
    area that materially impact the financial position and
    results of operations (e.g., assets, liabilities,
    revenues, expenses or expenditures account
    balances that are material in dollar amount)




                                                          2
            Risk Management

Risk Management Introduction
 Major part of ICF
 Local, regional and natural disaster and technical
  failure planning are only a part of risk management
 Focus is on managing the risk of improper use of
  public funds
 This year the concept was introduced into the Local
  Plans
   • Looking for a single, not a homerun this year
   • Build on this each year
                                                        3
               Risk Management

What is Risk Management?
 Lessening adverse impact if a risk event occurs is the heart of good
    risk management
   Assuring events do not result in disaster
   It is geared towards potential events that may occur when things are
    different from planned, sometimes called omissions and errors

Above & Beyond Program Design:
 Core EAP design addresses risk with controls policies, technical support
  (eHEAT), segregation of duties & monitoring services and financial
  activities. EAP has controls to reduce the possibility of the actions of an
  individual creating incident, error or fraud.
 Service Providers create detailed plans for their activities to assure,
  among other things, segregation of duty & back up plans if loss of staff.
                                                                                4
          Risk Management

Risk Management
Risk management involves:
 Determining
 Assessing
 Planning
 Monitoring
 Mitigating

                            5
                  Risk Management

EAP Role In Risk Management
   General Expectations
     • Acknowledge your responsibility to design, implement & maintain the control structure
     • Contribute direction to identify, prioritize and review risks and controls
     • Remove obstacles for compliance; remedy control deficiencies
     • Conduct self-assessment & testing to monitor the controls within your processes
     • Routinely (Quarterly):
         • confirm key controls are implemented and effective
         • maintain documentation to support this assessment
   Immediate Action Items
     • Educate your personnel about this effort
     • Reinforce internal focus on controls within your area
     • Surface any risks, concerns or issues promptly to allow adequate attention for
       correction
     • Fix control gaps as soon as possible                                               6
                  Risk Management

Risk Considerations
   Evaluate the nature & types of errors & omissions that could occur, i.e., ―what can go
    wrong‖
   Consider significant risks (errors and omissions) common in the industry or have been
    experienced in prior years (ex.: Mich, Penn)
   Information Technology risks (i.e. - access, backups, security, data integrity, non-
    segregation of duties)
   Areas where segregation of duties would reduce risk
   Volume, size, complexity and homogeneity of the individual transactions processed
    through a given account or group of accounts (revenue, receivables)
   Susceptibility to error or omission as well as manipulation or loss
   Robustness versus subjectiveness of the processes for determining significant
    estimates
   Extent of change in the business and its expected effect
   Other risks extending beyond potential material errors or omissions in the financial
    statements                                                                             7
                 Risk Management

Risk Considerations
   Consider a railroad crossing and developing appropriate controls
              A rural road with little traffic & slow train, a sign
                   A busier road & train is faster, add lights & crossing sign at tracks
                       Very busy, train is flying and school buses cross,
                        crossing gates




                                                                                            8
            Risk Management

Risk Management Mechanics
 The risk assessment tool reduces risk when used to
  identify, assess, plan for & maintain routine
  monitoring of risk areas




                                                       9
                              Risk Management
    Risk Management Mechanics
                                                        Probability of
        Uncertainty Item      Result of Occurrence                         Severity of Impact         Response             Indicators
                                                         Occurrence

W   Geared towards events     Narrative of the       Designate             Designate a level    Describes what to do    Describes how
h   that may occur when       outcomes if the        likelihood of event   of impact if the     when you find out       the event
a   things are different      event occurs           and, if helpful, a    event occurred.      On rural road the       becomes known
    from planned                                     description of why    If applicable, a     injuries might be
t
    sometimes called                                 the probability       description of why   measured by EMT
    omissions and errors.                            was selected          the probability      response time.
                                                                           was selected.        Maybe different
                              Calculate damage       People in this                             Preparedness for
                              School bus is very     county go             Slow train, low      different users.
    Drive around gates        sad & bad publicity    around                impact injury        (Bus & tanker rules)
H 1. Brainstorm with staff Describe what             Can use rating of     Can use rating of    Key response off        ID ways event
o 2. Reduce list           happens. Be as            High, Medium and      High, Medium         Result, Probability &   is discovered &
w 3. Assess using this     complete as               Low with narrative    and Low with         Impact. Depending       develop ways to
       matrix. This is        possible. This helps   prose.                narrative prose.     on combinations,        monitor for if
       iterative, so change   to determine                                                      responses include:      weaknesses are
       or eliminate as you    severity, response                                                1. Prevent              discovered.
       learn                  and indicator                                                     2. Check Routinely      Enact these
    4. Review periodically                                                                      3. Response Plan        measures


                                                                                                                                10
  Item Example
                   Uncertainty Item
Matrix Cell
                   Direct Payments to household. Direct payments remove a check
                   point from normal EAP controls by removing vendor registration and
                   vendor cross checks. Could include an application processor
                   fabricating households. If combined with falsifying households for
                   application, multiple direct payments could be generated
Consider-          EAP excepts limited risks, but this assures due diligence is done for the omissions.
ations             Program Controls EAP pays energy vendor. DOF, DOC & eHEAT registration. Vendors
Programmatic       and households gets notification.
Controls places
limits, but risk
                   Policy: Households may receive direct payments when payment to vendors is difficult.
still exists.      1.Self cut wood receive amount remaining after benefit is distributed
                   2.Households with electric and heat included in the rent.
Risk manage-       3.Households with heat included in rent, and only exceeds their electric costs
ment looks the
Items beyond       4.Households whose vendors refused to sign the vendor agreement.
                   5.Households unable to secure a vendor.
                                                                                                     11
the limits
  Item Example
              Result of Occurrence
Matrix Cell
              • Household receives one or more cash benefit
              • Benefit is used for non intended purposes or misused by
                household
              • Very bad publicity for program affects services to others in need,
                when 5 Eye Witness News reports people cashing it at local bar
              • Multiple direct payments by one person would result in services
                not available for other households in need

Consider-     Thinking of results is also constrained by the program rules
ations




                                                                                12
  Item Example
              Probability of Occurrence
Matrix Cell   Low to Medium
              For a single household Medium
              For conspiracy with an Application processor Low

Consider-     Conspiracy reduces the probability, but this must be considered with the ease, the payback
ations        and the penalty:
              - A higher payback makes it more worth the risk
              - Conspiracy makes it complicated to keep secret
              In this example
              For the household:
              - The penalty is low
              - The payback is medium considering penalty
              For the Application processor
              - Penalties are high (Job)
              - Payback is higher
                                                                                                   13
  Item Example
              Severity of Impact
Matrix Cell
              • Low to Medium
              • For a single household Low
              • For conspiracy with an Application processor high

Consider-     Low because of limits on benefit amounts unless multiple
ations




                                                                         14
  Item Example
              Response
Matrix Cell
              •   Require accounts whenever possible
              •   Recover funds when it occurs
              •   File Incident Report
              •   Investigate incident and escalate appropriately (Error and Fraud)
              •   Terminate staff if involved

Consider-     Plan for the response and educate people
ations




                                                                                 15
  Item Example
              Indicators
Matrix Cell
              • Report from concerned citizen
              • Pattern of direct payments to a similar addresses, name etc. (Data
                analysis)
              • An inordinate amount of direct payments for an SP without socio
                economic reason (eHEAT data)
              • Inordinate number of direct payments form a particular Application
                Processor (Files and eHEAT)

Consider-     The first bullet is a common way to hear about this but developing ways to monitor is the
ations        maturation of risk management




                                                                                                     16
                        Risk Management

Risk Management Example
                                               Probability of     Severity of
 Uncertainty Item    Result of Occurrence                                               Response                 Indicators
                                                Occurrence          Impact
Direct Payments      Household receives      Low to Medium     Low to medium    Limit occurrences of      Report from
to household.         one or more cash         For a single     For a single   direct payments by        concerned citizen
Direct payments       benefit                   household         household      having system             Pattern of direct
remove a check       Benefit is used for       Medium            Low            distribute to next        payments to a similar
point from normal     non intended             For              For            available vendor. For     addresses, name etc.
EAP controls by       purposes or               conspiracy        conspiracy     risk areas:               (Data analysis)
taking vendor         misused by                with an           with an         Require accounts        An inordinate amount
registration and      household                 Application       Application     whenever possible       of direct payments for
vendor cross         Very bad publicity        processor         processor       Recover funds when      an SP without socio
checks. Could         for program affects       high but          high              it occurs              economic reason
include an            services to others in     conspiracy        especially     File Incident Report     (eHEAT data)
application           need, when 5 Eye          requires more     with if        Investigate incident     Inordinate number of
processor             Witness News              risk of           multiple          and escalate           direct payments form
fabricating           reports people            secrecy and       households        appropriately (Error   a particular
households. If        cashing it at local       penalty                             and Fraud)             Application Processor
combined with         bar                                                        Terminate staff if       (Files and eHEAT)
falsifying           Multiple direct                                               involved
households for        payments by one
application,          person would result
multiple direct       in services not
payments could be     available for other
generated.            households in need                                                                                      17
                Risk Management

Risk Management and EAP
 The Local Plan requires risk assessment.
 The State has started to conduct formal risk assessment
 State & Service Providers identify risk and use program
  specific knowledge to do diligent planning, monitoring and
  actions for these risks.
 The State will continue to develop risk management
  requirements and practices. Examples include:
    Duplication Checks and other queries
    The FFY2010 Local Plan is a first step of formalizing the SP process
    SP should design practices to improve it
    DOC will support the development of competency in this area
    DOC will conduct risk management activities

                                                                            18
           Risk Management

Dup Check
 Dup Check is not a Russian hockey player
 Dup Check is not a quality control effort
 Dup check is a risk mitigation activity
 EAP must do due diligence on risk areas to assure
  responsible management of public funds




                                                      19
                             Risk Management

Why Dup Check on Vendor Accounts?
 Payments to vendors accounts is the main way money
  money flows
 Using it as a key, there cross checks with other data:
                                                                                  VND                            APT
HH_N                                                                              R_N   HOUSE_                   _NB     CUST_ACC
 BR      FIRST_NM      LAST_NM       SSN       DOB             CUST_ACCT_NM       M      NBR       STREET        R        T_NBR
                                                                                                                 <null
111111   CAROL      NUMBERSWITCH   717449103   16-Feb-51   CAROL NUMBERSWITCH     CPE     3828      LIAR AVE S   >         1111111
                                                                                                                 <null
888888   CAROL      NUMBERSWITCH   414779103   16-Feb-51   CAROL NUMBERSWITCH S   CPE     3828        LIAR AVE   >         1111111

222222   SPACEY     EL ROY         472111111   03-Jul-58   SPACEY ELROY           CPE     1410   GERRYRIG AVE        2     2222222

999999   TOUHY      SHAM ELROY     475222222   06-Dec-82   SPACEY EL ROY          CPE     1410   GERRYRIG AVE        1     2222222
                                                                                                                 <null
333333   WANDA      TRICKYBERGER   472111111   24-Oct-68   ERNEST TRICKYBURGER    CPE     4208      12TH AV S    >         3333333
                                                                                                                 <null
666666   WANDA      TRICKYBERGER   475222222   24-Oct-68   WANDA TRICKYBERGER     CPE     4208      12TH AVE S   >         3333333




                                                                                                                          20
             Risk Management

Dup Check Procedure for FFY2010
Overview
 DOC will periodically produce a matching account numbers list
  (Early & often to keep effort sizable).
 SP will receive a secure email with their list.
 SP investigates by performing the following processes:
   1. Analyze & validate reason match is correct
   2. Escalate as needed (Detail in the following slides)
   3. Take appropriate corrective action
   4. Document results and report

                                                             21
              Risk Management

Dup Check Procedure for FFY2010
Step 1: Validate the Reason for Match Is Correct
 If you know a valid reason for duplication enter the reason for
  the duplicate vendor account number on the spreadsheet
 Look at paper application and file. Determine probable reason
  and escalate appropriately.
 Ask household(s) to explain if appropriate occurrences and
  record finding in list
  Examples: One household moved out and now rents the house to a
  relative who applied for EAP. Building has multiple units with one
  landlord account.
                                                                       22
           Risk Management

Dup Check Procedure for FFY2010
Step 2: Duplicate Application Error
 Take corrective action including recalling funds
 Close duplicate applications
 Record an explanation of your determination on the
  spreadsheet




                                                       23
             Risk Management

Dup Check Procedure for FFY2010
Step 3. Duplicate Application – Fraud Suspected
 Review previous years and review all the information provided
 Take corrective action including recalling funds
 Submit an incident report
 Close duplicate applications
 Record an explanation on the spreadsheet
  Investigate fraud, report to officials and follow EAP Policy
  Manual Chapter 17
                                                                 24
           Risk Management

Dup Check Procedure for FFY2010
Step 4: Return list with validation or actions to DOC
 The completed list (Excel spreadsheet) with
  explanations is due at eap.mail@state.mn.us
 A deadline will be prescribed. DOC tracks compliance.
 Delete the household’s private data (name, SSN,
  address, vendor account name) before returning
  the spreadsheet. Contact your EAP field
  representative if you have any questions.

                                                      25
             Risk Management

Dup Check Procedure for FFY2010
Best & Other Practice
 Applications with the same vendor for Heat & Electric should
  list the vendor once, choose heat and electric as vendor type.
  Less likely to get false positives for risk and best for
  application processing.
 Need to report issues and non issues. As a program we need
  to assure we have done due diligence to protect the integrity
  of the program
 Late report will result if you don’t respond to request
                                                                 26
             Risk Management

Data Practices in the EAP Manual
Chapter 19. DATA PRACTICES AND RECORDS p. 120




                                                27
                Risk Management

Chapter 19. DATA PRACTICES AND RECORDS
 Data Practices Policies and Procedures, Private Data
   • Who has access
   • Who does not
   • Must be released to the individual or to a 3rd party with
     consent
 Social Security Number for EAP Applications
   • Optional

                                                                 28
             Risk Management

Chapter 19. DATA PRACTICES AND
RECORDS
 Application Documentation, p. 122
   • Where and how to save application documentation
 Security Of Records, p. 123
   • List of requirements to secure records
 Records Accessibility, p.124
   • What it means to have access to records
   • Reasons for maintaining access to records
 Record Retention Requirements, p.124
   • Records to retain                                 29
            Risk Management

Informed Consent For Release
Of Information
 Informed consent is needed when the information
  will be given or sent to a third party.
   • Example: Garnishment information requests often go
     to an attorney
 ―Informed consent‖ are key words that need to be
  taken at face value
   • The statute is very specific about what must be
     included in an informed request
                                                          30
              Risk Management

Data Practices Focus
   Develop a good working relationship with the data practices
    contact in your agency, if there is one
   Plan – Have a written policy
    • Who will have authority to see private data
    • Who will have authority to release private data
    • How your agency will maintain data security in all situations
    • How you will request private data and document the request
    • How you will maintain documentation of requests for private data
    • How you will train staff on data privacy requirements
   Use centralized authority in the agency, if any
   Centralize authority in EAP, if possible
                                                                         31
            Risk Management

Plan - Local Procedures Needed
 To request information allowed by the application
  consent so the request is done in a consistent manner
  and so each request is documented

 Best practice is for the local procedures to use a form
  for requesting information by letter or e-mail and a
  format for documenting a request by telephone



                                                            32
            Risk Management
Minnesota Department of Administration
Information Policy Analysis Division – IPAD
 The State authority on Data Practices
 If you have questions about information policy laws,
  including Minnesota’s Data Practices Act and the Open
  Meeting Law, you’re at the right place. Look over the
  resources on this website or give us a call. (Copied from IPAD
  website) http://www.ipad.state.mn.us




                                                              33
            Risk Management

New Technology – New Data Practices
 Laptop Security
 Imaging Equipment
  • Data access
  • Data storage
  • Data retrieval and back-up
  • Best Practice – Before destroying paper documents
     – Make sure it all works
     – Every imaged document is accessible and as readable
     – No problems exist regarding record retention

                                                             34
                  Risk Management

Electronic Records Management Guidelines
 Recommended by IPAD
     • Minnesota Historical Society
    http://www.mnhs.org/index.htm - home page
    http://www.mnhs.org/preserve/records/electronicrecords/erintro.html
      Imaging/scanning and storage of household files
•   Which Minnesota laws apply to electronic records?
•   How do we use electronic records to help ensure public accountability while ensuring
    that not-public records are protected?
•   Who is responsible for developing our electronic records management strategy?
•   How do we dispose of electronic records?
•   Should we manage our electronic records differently from our paper records?
•   How do we know what information is an electronic record?
•   Is an electronic copy of a record an acceptable substitute for the original?
•   Does an electronic record have the same legal significance as a paper record?

                                                                                           35
             Risk Management

eHEAT Security and Agreements
 Levels of authority
   • State Data Base Administrator
   • Local (or vendor) eHEAT Administrators
      – Administrative Change Process, Chapter 3, p. 16
   • Local (or vendor) users
 Agreements—Annual
   • See EAP Tools on website www.energy.mn.gov

                                                          36
               Risk Management

Summary of Data Practices
 Staff should know:
   •   What private data is and how it relates to EAP
   •   What data they can reveal and what they need to do to assure
       they aren’t violating data privacy
   •   How to document information they have revealed
 Staff with authority to release private data should know:
   •   All of the above
   •   The SP-approved processes for following up on data requests
 Agency management should:
   •   Support the data practices activities with knowledge and
       practical resources
                                                                      37
Debtors Exemption Claims




                           38
Debtors Exemption Claims (Issue)
 Collection Firms are asking for information beyond
  what the manual states that we have to tell them
 They are saying that unless we tell them when
  payments were made, they will not honor the
  garnishment exemption (sometimes people lie)
 We need a universal form that gives only the
  information that they need


                                                       39
Debtor’s Exemptions Claims (Solution)
 You don’t need to be experts in the law but you do
  need to know and understand it
 There were changes made to the law for 2009
 Garnishment firms need to be told EAP rules and
  timelines by you;
 You are the EAP expert!


                                                  40
Debtors Exemption Claims
 Many of you may have already seen these requests
 A household is being pursued to pay a debt by a third party
  collection agent that may or may not be an attorney
 The collection agents use tools like garnishment of wages
  and levies aka ―Freezing‖ of the bank accounts
 The law provides certain protections of some or all of their
  money in certain situations, for certain people
 The form used to claim these protections is called an
  ―Exemption Notice‖

                                                                 41
Debtors Exemption Claims
Some or all of their money is protected if:
 The source of the money is Government benefits such as Social Security
  benefits; Unemployment benefits; Workers' compensation; or Veterans
  benefits
 They currently receive other assistance based on need
 They have received government benefits in the last six months
 They were in jail or prison in the last six months
Some or all of their earnings (wages) are protected if:
 They get government benefits (see list of government benefits)
 They currently receive other assistance based on need
 They have received government benefits in the last six months
 They were in jail or prison in the last six months
                                                                      42
Debtor’s Exemptions Claims Law
 The legislation, which will become effective on Aug. 1, 2009, updates the
  exemption process and makes technical changes to the current law
 The legislation modifies legal requirements regarding levies and
   garnishments and expedites the process for both the creditor and debtor
   and makes the following revisions to the current garnishment law:
    • Modifies the process;
    • Updates forms;
    • Creates a new notice of intent to garnish;
    • Alters the exemption form and creditor’s exemption form; and
    • Adjusts timing requirements.

 It does not change the intent of existing law or impact current or future
   case law (quote from the new law)

                                                                              43
Debtors Exemption Claim Laws
 Website: MN office of the Revisor of Statues
   • Index of the laws relating to Fuel Assistance in MN
 https://www.revisor.leg.state.mn.us/statutes/?topic=
  202092
   • Address of the website with the new law
 https://www.revisor.leg.state.mn.us/laws/?id=31&do
  ctype=chapter&year=2009&type=0


                                                           44
Debtor’s Exemption Claim Form
 Section 1. Minnesota Statutes 2008, section 550.143, is amended to
  read: 550.143 LEVY ON FUNDS AT A FINANCIAL INSTITUTION.
 Form of notice. The notice required by subdivision 3
  must be provided as a separate form and must be
  substantially in the following form:
 EXEMPTION FORM
   •   HOW MUCH MONEY IS PROTECTED.....
   •   I claim ALL of the money being frozen by the bank is protected......
   •   I claim SOME of the money is protected. The amount I claim is
       protected is $.......
                                                                              45
Debtor’s Exemption Claim Form
WHY THE MONEY IS PROTECTED
 My money is protected because I get it from one or more of the following
  places: (Check all that apply).....
 Government benefits include, but are not limited to, the following:
 MFIP - Minnesota family investment program, MFIP Diversionary Work
  Program, Work participation cash benefit, GA - general assistance, EA
  - emergency assistance, MA - medical assistance, GAMC - general
  assistance medical care, EGA - emergency general assistance, MSA -
  Minnesota supplemental aid, MSA-EA - MSA emergency assistance,
  Food Support, SSI - Supplemental Security Income, Minnesota Care,
  Medicare part B premium payments, Medicare part D extra help,
 Energy or fuel assistance.
                                                                      46
Debtor’s Exemption Claim Form
  Government benefits also include:..... Social Security benefits.....
     Unemployment benefits..... Workers' compensation..... Veterans
     benefits
    If you receive any of these government benefits, include copies of
     any documents you have that show you receive Social Security,
     unemployment, workers' compensation, or veterans benefits......
    Other assistance based on need You may have assistance based on
     need from another source that is not on the list. If you do, check this
     box, and fill in the source of your money on the line below:
    Case Number:..... County: ... Source: .....
    Include copies of any documents you have that show the source
     of this money.
    Some of your earnings (wages) are protected

                                                                          47
Debtor’s Exemption Claim Form
  OTHER EXEMPT FUNDS
  The money from the following are also completely protected......
  An accident, disability, or retirement pension or annuity.....
  Payments to you from a life insurance policy.....
  Earnings of your child who is under 18 years of age.....
  Child support…
  Money paid to you from a claim for damage or destruction of
    property…
     •   Property includes household goods, farm tools or machinery, tools for your job,
         business equipment, a mobile home, a car, a musical instrument, a pew or burial
         lot, clothes, furniture, or appliances......
  Death benefits paid to you
                                                                                      48
Debtor’s Exemption Claim Form
 I give permission to any agency that has given me cash benefits
  to give information about my benefits to the above-named
  creditor, or its attorney.
 The information will ONLY concern whether I get benefits or not,
  or whether I have gotten them in the past six months
 If I was an inmate in the last six months, I give my permission to
  the correctional institution to tell the above-named creditor that I
  was an inmate there.

 There are additional instructions and timelines in the new law
  that I did not include here, but would encourage you all to take a
  look at so you’re familiar
                                                                   49
Debtor’s Exemption Claims and EAP
 A person's wages are exempt if they currently receive need
  based aid, or have been a recipient within the last 6 months
 Households are now required to provide bank statements with
  the exemption notices
 The creditor is looking for some proof that the debtor currently
  receives EAP or was a recipient in the last 6 months
   •   Will need additional help from us unless they received a direct payment
 A benefit statement from us will suffice
 So, here’s what you need to do
   •   The new export will contain information on payments and dates
   •   Redact what is unnecessary (payment amounts)
   •   If they demand more you can refer them to the state
                                                                          50
Debtor’s Exemption Claims and EAP
 You are the EAP experts
 You have the support of DOC and our timelines for
  eligibility is clearly documented in our EAP policy
  manual
 Once determined eligible; a household is eligible until
  the end of the program year (September 30)
 They are still protected for 6 months after they last
  received assistance

                                                            51
Debtor’s Exemption Claim Notice
 The ―Debtor’s Exemption Claim Notice‖ is a type of
  Informed Consent form (Appendix 19B) and will be
  updated to reflect the new statues
 New template letter for providing the information that
  will meet the legal requirements and reflect EAP policy
  guidelines



                                                       52
             Risk Management

Data Security and You!
Richard Gooley Chief Information Security Officer
  Minnesota Department of Commerce




                                                     53
      Risk Management

Data Security and You!




                         54
           Risk Management

Executive Summary
 Be cyber smart – Sec rity needs U!
 Security is everyone’s responsibility
 Security doesn’t need to be intimidating
 Security doesn’t have to cost an arm and a leg



                                                   55
              Risk Management

Agenda
 7 Top Tips for Keeping Your Data Secure
   1.Identify and guard sensitive information
   2.Create bulletproof passwords
   3.Use secure email
   4.Protect your computer
   5.Keep your computer patched
   6.Properly dispose of information no longer needed
   7.Be mindful of social engineering
 Excellent Resources for Free Stuff!
 Questions and Discussion
                                                        56
            Risk Management

7 Top Tips for Keeping Your
Data Secure *




* aka “How to Keep Out of Current Events”

                                            57
              Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 1: Identify and guard sensitive information
   Dumpster diving
   What sensitive information do you work with?
    •   Social Security Number
    •   Addresses
    •   Children
    •   Household income
    •   Private financial information

                                                   58
             Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 2: Create bulletproof passwords
   Weak passwords are all too common
    •   They are easy for users to remember.
    •   They include personal information about the user.
    •   They consist of known words found in many hacker
        password dictionaries.



                                                            59
             Risk Management

7 Top Tips for
Keeping Your Data Secure
   Examples of bulletproof passwords
    •   eX@mp13s0f
    •   Bu!1e7Pr0of
    •   Do you know my address?
        – DUKma?45410akland




                                        60
            Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 3: Use secure email
 All email from The State containing private data will
  be sent using secure email
 Method for retrieving secure email
   • Use link in email to go to The State’s secure site
   • Establish password
   • Retrieve email and attachments
   • Retain password for future use
                                                          61
        Risk Management
Example of Secure email from The State




                                         62
      Risk Management

Establish/enter password




                           63
      Risk Management

Retrieve email/attachment




                            64
           Risk Management

Secure email
What is TLS encryption?
   Transport Layer Security TLS is a standard
   protocol that is used to provide secure Web
   communications on the Internet or intranets. It
   enables clients to authenticate servers or,
   optionally, servers to authenticate clients. It also
   provides a secure channel by encrypting
   communications. TLS is the latest version of the
   Secure Sockets Layer (SSL) protocol.

                                                          65
      Risk Management

Secure email – TLS encryption




                                66
           Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 4: Protect your computer (with your life!)
   Where’s my laptop?




                                                 67
            Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 5: Properly dispose of information no longer needed
   Where's that usb drive?




                                                   68
          Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 6: Keep your computer patched




                                    69
     Risk Management

Patch Management




                       70
           Risk Management

7 Top Tips for
Keeping Your Data Secure
Tip 7: Be mindful of social engineering
   Know thy neighbor




                                          71
        Risk Management

“All I did was smile and they let me
 in the door”




                                       72
       Risk Management

Excellent Resources for Free Stuff!




                                 73
       Risk Management

https://www.act-online.net/




                              74
        Risk Management

Business Continuity & Disaster Recovery




                                          75
     Risk Management

www.flu.gov




                       76
           Risk Management

Excellent Resources for Free Stuff!
Tools to wipe drives when disposing computer
   www.killdisk.com/
   www.diskwipe.org/

Free anti-virus protection for home use
   www.free.avg.com/

Some Internet Providers offer free anti-virus

                                                77
             Risk Management

Excellent Resources for Free Stuff!
 www.act-online.net
 www.killdisk.com
 www.diskwipe.org
 www.free.avg.com
 www.msisac.org
Business continuity and Disaster Recovery
 www.disaster-recovery-guide.com
 www.flu.gov
 www.drj.com
 www.ready.gov
                                            78
           Risk Management

Conclusion
   Security is everyone’s responsibility
   Security doesn’t need to be intimidating
   Security doesn’t have to cost an arm or a leg




                                                    79

				
DOCUMENT INFO
Description: Insurance Claim Demand Letter Template document sample