10 Questions to Ask About Your Agency's System Security

Data security breaches are up 25% from last year. How can you make sure your customer's confidential information is safe?

Editor's note: Joshua Schmidt is vice president and chief information security officer of Vertafore

In the wake of recent widely publicized data breaches, security is a paramount concern for all businesses. According to a recent PwC survey, the number of data security incidents has increased globally across various industries by 25% in the last year. In the financial services industry, the survey revealed the average number of detected incidents increased by 169% since 2012, and the average total financial losses have increased significantly in the past year.    

For independent agents and brokers, there are two sides to the data security coin: Although the increase in risk presents an opportunity to provide insurance to businesses in every industry, that same risk of an intentional or accidental data breach can threaten an agency's confidential client information.

How can agencies manage their time and resources appropriately, stay ahead of criminals, and prevent data disclosure accidents? Here’s a 10-question checklist for covering the basics of system security.

Click on the following pages to learn all 10 tips.

1. Are you properly funding your information security program? Security budgets need to be properly funded and the commitment to security initiatives need to remain constant.

2. Do your staff and contractors understand their security and data privacy obligations? A clearly written policy that is cross-referenced by legal, regulatory and contractual requirements explaining employee responsibilities for protecting clients’ sensitive information is necessary.

3. Are you compliant with data protection laws? To ensure that agencies are compliant with government and market standards, they must keep up with hundreds of data security guidelines.

4. Are you in the “security arms race”? Each year, new attack methods are developed and new technologies are built to combat those attacks. Deploy and maintain technological defenses within each layer of your IT infrastructure.

5. Are insecure configurations and unpatched systems in your IT infrastructure making you vulnerable? Keep systems secured by performing frequent testing for vulnerabilities and exposures and maintain rapid patch management processes.

6. Are bugs in your software applications developed in-house making you vulnerable? Have in-house developed software tested with secure code reviews and application vulnerability testing tools to detect bugs before someone else discovers and exploits them.

7. What would you do if someone hacked into your systems and accessed customer records? All agencies need a computer security incident response plan to ensure a timely understanding of significant security events and their impact.

8. If your office and the place you store data backups were both flooded and lost power for a week, how could you continue to stay in business? Disaster recovery is typically focused on timely recovery of IT systems and includes data backup processes.

9. Can you trust that your service providers are compliant with data protection laws, will securely handle your data and can quickly recover their systems following a disastrous event? It’s essential that the security practices of service providers be evaluated to ensure they facilitate your legal compliance, properly secure data and ensure rapid recovery of systems so that your business operations are not interrupted by security incidents or disasters.

10. Could a significant data breach ruin you financially? Maintaining your own cyber insurance policy is a good option for managing the risk of costly data breaches.

Many businesses are deciding the burden of maintaining secure, compliant, and highly available Information Technology (IT) infrastructure is too costly, so they turn to service providers to host the critical business systems that process and store client data. Before outsourcing to service providers, it is important to ask them the same series of questions to ensure a chain of trust when handling client data. After contracting with a service provider, periodically check in on the service provider’s control measures, such as reviewing annual audit reports like an SSAE 16, to ensure appropriate control measures are maintained over time.

Page 1 of 5

Resource Center

View All »

Complimentary Case Study: Helping achieve your financial goals By:...

Find out how a Special Investigation Unit used TLOxp to save the company money and...

Do Your Clients Hold The Right CDL License?

Learn about the various classes of CDL Licenses and the industries that are impacted by...

Integrated Content & Communications: A Key Business Issue For Insurers

Insurers are renewing their focus on top line growth, and many are learning that growth...

High Risk Insurance Coverage in the E&S Market

Experts discuss market conditions, trends and projected growth in a rapidly changing niche.

Top E-Signature Security Requirements

This white paper covers the most important security features to look for when evaluating e-signatures...

EPLI Programs Crafted Just For Your Clients

Bring us your restaurant clients, associations and other groups and we’ll help you win more...

Is It Time To Step Up And Own An Agency?

Download this eBook for insight on how to determine if owning an agency is right...

Claims - The Good The Bad And The Ugly

Fraudulent claims cost the industry and the public thousands of dollars in losses. This article...

Leveraging BI for Improved Claims Performance and Results

If claims organizations do not avail themselves of the latest business intelligence (BI) tools, they...

Top 10 Legal Requirements for E-Signatures in Insurance

Want to make sure you’ve covered all your bases when adopting e-signatures? Learn how to...

Tech Digest eNewsletter

Technology related insights for insurance professionals including key developments, solution providers and news briefs from the carrier front – FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.