Skip to Main Content

Thinking Strategically about Cyber Security

The recent data breach at Sony Pictures has raised some important questions about how we should use email and store important documents. By now, many people know that they should avoid writing anything in an email that could potentially embarrass or hurt someone. They also know that they should keep electronic files in password-protected folders and that those passwords should be changed regularly.

But there are also security measures we take that potentially leave us vulnerable to hackers. For instance: Do you use passwords that are hard to guess? Or do you use "password" or "123456" or any of the other identified worst passwords? Do you use the same user name and password for multiple sites? If not, how do you remember your many user names and passwords?

According to a recent report, some employees at Sony saved lists of their passwords on their work computers. That may sound convenient, but in today’s world, it’s kind of like leaving a whole set of keys under your doormat for potential thieves.

You also need to ask yourself how sensitive are the documents you have and how should they be stored to avoid falling into the wrong hands. Does the data you have contain personally identifiable information (PII) or protected health information (PHI)? If so, does it make sense to store all that data in one folder on your server? Or should the data be separated into different folders to mitigate the risk? How sensitive are the documents you attach to your emails? Are there more secure ways to send documents that might be just as effective?

There’s no 100 percent fool-proof way to be cyber safe. But as the year comes to a close, it’s worth taking a look at how safe your information is and how you might take steps to make it more secure.

If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website,, or email me at You can also follow me on Twitter @doughertyshawn.

Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.

You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.