As insurers continue to expand into new online territory, fromagency portals and online policy applications to mobile phone apps,their appeal to cybercriminals only deepens.
|The increased use of outsourcing for various aspects of theoperation only adds to the risk for information getting into thewrong hands. Insurers' rich policyholder data records, consistingof social security numbers, driving license numbers, employmentrecords, health records and much more, are a hacker's paradise.
|Related: 8 online tech tools that boost insurance agency andcarrier collaboration
|While credit cards can quickly be cancelled, making theirblack-market prices very low, data that is tied to a customer for life ishighly valuable. A healthcare record for example can net 10 timesmore than credit card numbers online. This kind of personallyidentifiable information can be used to conduct highly targetedspear phishing, allowing hackers to customize an attack based onwhat they know about the target.
|When it comes to business, we know trust is key. Protecting theprivate information that policyholders have entrusted to you shouldalways be a top business priority. If this trust is broken, therecan be serious consequences. Merely hoping that sensitive datastays in the right hands is no longer a viable strategy in thecurrent threat landscape. Whether you are assessing home, motor, orhealth risks for your customers, you now have a duty to do re-assess your internal risk of whether you are doingeverything you can to protect policyholder data, along with yourhard-earned reputation.
|Here are five best practices to avoid a costly data breach:
|No. 5: Understand your data and where it flows.
In order to protect your data, you first need to understand it'svalue, where and how it is beingused — and by who. Whichemployees or third parties have access to this data, for example?Once you have a complete 360-degree view of your data environmentand usage, you can build a tailored defense.
|No. 4: Go beyond the network and protect information whereverit travels.
A recent study from Enterprise Strategy Group (ESG) wasundertaken in order to evaluate the challenges, best practices, andsolution requirements for securing data that is shared externally.ESG spoke with 200 IT security professionals who hold purchasedecision-making authority or influence for data security technologyproducts and services.
|Related: Data obstacles hamper cyber insurancegrowth
|Ninety-eight percent (98%) of respondents cited the loss ofsensitive data as a top or significant concern, and also indicatedit was very or somewhat likely that their organization has alreadylost data via a variety of ways in the last 12 months. Of note,participants cited data loss vectors such as files beinginadvertently emailed to the wrong person (cited by 67% ofrespondents) and unauthorized access (66%) as top issues.
|The increase in outsourcing and collaboration withexternal partners and subcontractors is extending the flow ofinformation outside of the secure confines of corporate controlledperimeters. While this collaboration is necessary and encouragesinnovation, it opens up companies to unnecessaryrisk.
|To reduce the risk of external collaboration,many companies are now taking a data-centric approach to security.In addition to data-loss prevention (DLP) solutions, organizationsare now adding enterprise digital rights management (EDRM)solutions to their information security framework. EDRM enables theorganization to 'wrap' a sensitive document with persistent,granular controls. Using EDRM, document owners can control who canaccess the document, what that recipient can do with the document(view, print, cut/paste, screen share, etc.), from which locationor device, and for how long.
||
In addition to data-loss prevention (DLP) solutions,organizations are now adding enterprise digital rights management(EDRM) solutions to their information security framework. (Photo:iStock)
No. 3: Automate reporting on information usage inside andoutside of your network.
By adding data-centric security to your infrastructure, you willnot only reduce the risk of policyholder information getting intothe wrong hands, you will also receive real-time information on whois accessing your information, from where, and what they are doingwith it. Consolidated information usage details, both forinformation within and outside of your network, will give you theinsights you need to respond to compliance and audit reporting.
|No. 2: Scrutinize vendors' and third parties' securityinfrastructure.
While using data-centric security will keep you in control ofyour information, even when it is being used by a third party, youwill want to ensure that your partners fully understand and complywith your exact security requirements and processes. It's importantthey hold the same high standards as your own organization.
|Related: 3 wise cybersecurity solutions for2017
|No. 1: Stay up to date.
Businesses change, collaboration methods change, data usagechanges; third parties and vendors change; and most importantly,cybercriminal tactics change. You thereforeneed to do regular risk assessments to ensure all areas of datasecurity remain covered. While adding data-centric security to yourinfrastructure will increase your visibility to vulnerabilities andreduce your risks considerably, a one-off initial security audit isnot enough. Keep on top of security software updates too and ensurethere are no weak spots available to hackers – you simply can'tafford to operate business with an unpatched system.
Keeping your business afloat in the age of the megabreach
Robust planning, on-going risk assessments and data-centricsolutions such as EDRM are what will enable insurers to furtherembrace the use of mobile devices, filesharing, and outsourcing with complete confidence. It will ensurethat security remains effective wherever files travels and whilethey are being utilized, making it possible for both insurers andtheir partners to have peace of mind, and agile collaboration.Because, ultimately, no organization is immune to the seriousrepercussions that come along with being breached, and in anindustry as heavily targeted as insurance, maintaining a goodsecurity posture is an absolutely essential.
|Vishal Gupta is founder and CEO of the Sunnyvale,California-based data security company Seclore. To reach him viaemail: [email protected].
See also:
|Cyber (in)security: Can insurance solutions keeppace with threats?
|5 trends and factors that continue to impactcybersecurity in 2017
|Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
