Blog

3 min read

3 Key Focus Areas for Improving Data Security in Insurance

Jun 6, 2019 12:15:12 PM

Network security is in a constant state of change, evolving and adapting in response to the ever-growing cyber threat.

Although no industry is safe, financial organizations – including insurance companies - are particularly vulnerable. Unfortunately, because insurers use and store large amounts of sensitive customer data, the industry is a prime target for hackers.

As infrastructures change to meet consumer demands, insurers must continually improve their cyber defense. By establishing best practices in the areas of network security, payment processing, and employee education, you're in a better position to protect your data from misuse.

1. Network Security 

Websites and account portals are common entry-points for data thieves. By enforcing network security best practices, you can prevent them from becoming easy prey. To start, insurers should:

Establish an enterprise-wide security policy. Create a company policy that sets clear parameters regarding passwords, use of external drives, account access, and how to handle potential risks. Consider regular training sessions to reinforce key concepts.

Limit user privileges. Many breaches begin with an unintentional error on the part of employees. These situations can be mitigated by establishing limits that restrict permissions to the minimum needed for an individual’s job performance.

Maintain software. Upgrade and install software patches as soon as they become available to stay ahead of the latest hacking techniques. Also conduct regular audits of your antivirus software.

Monitor third-party access. Screen all vendors to ensure strict compliance with industry regulations.

2. Payment Processing

Consumers can now enjoy the convenience of managing their insurance payments through the digital channels they use most. But new channels can mean new security risks. For this reason, insurers should choose a payment processor that offers the highest level of security compliance to protect your policyholders' payment data. Your provider should:

Keep payment data off your network. A total absence of available payment data negates the risk of it being stolen from your network.

Tokenize data. Tokenization translates payment data into a random set of characters, and splits them into multiple parts, in multiple locations. This prevents an outside entity (hacker) from reading or accessing any usable payment information.

Authenticate for extra security. A multi-step authentication process provides added security to ensure sensitive payment information is only accessed by the owner of that data.

Maintain security and compliance. Payment security organizations (PCI, NACHA, SOC, and others) set requirements for all companies that accept, store, process, and transmit payment card data. Different degrees of security standards apply to different companies, depending on the size, quantity processed, and other factors.

The most secure payment processors adhere to the top level of compliance across all categories. This gives you the benefits of the highest security, regardless of your company’s minimum requirements.

3. Employee Education

Security begins in-house. Unfortunately, internal mistakes (“user errors”) are among the most common gateways to data breaches. On the other hand, your employees can also become a vital resource to protect your organization. To build a strong first line of defense, you should:

Enforce a strict password policy. Require employees to create strong, unique passwords, and change them often. Remind your staff not to share or display passwords.

Ensure each device has a single user. Don’t let your employees’ mobile devices fall into the wrong hands. Multi-factor authentication, such as biometrics, push notifications to phones, pass-codes, smart cards, and token authentication, add an additional layer of security.

Keep employees informed. Invest in ongoing education for your IT staff. Make it a regular practice to educate employees about new and emerging risks. Provide regular updates via email, the company blog, newsletter, or monthly team meetings.

Establish a disaster recovery plan. When a crisis strikes, having a plan in place can mitigate damages. Consider assigning a point person or committee to keep employees updated on proper protocols. Evaluate and update the plan regularly.

 

As technology becomes more sophisticated, so does the vulnerability to breach. Enacting network security best practices, partnering with a secure payments provider, and educating employees are key components for protecting yourself (and your policyholders) against attack.

Want to know about PCI compliance and other security standards for insurance companies? Check out our blog: 

Beyond PCI Compliance: The Data Security Standards All Insurers Must Know


Learn more about One Inc security and compliance.

Patricia Moore
Written by Patricia Moore

As the lead writer at One Inc, Patricia is passionate about helping insurance companies successfully overcome modern industry challenges. She offers news, insights, and tips to help insurance professionals improve sales and retention, enjoy greater operational efficiency, and provide the most value to your policyholders.