As online data breaches become more prevalent, it’s more important than ever to protect client privacy.
Although recent legislation in the U.S. rolled back online privacy rules for Internet Service Providers (ISPs), and make the rules more lax regarding the collection of consumer data, the tighter cybersecurity requirements imposed by Europe’s recently-enacted General Data Protection Regulation (GDPR) will have international repercussions sure to impact the U.S. insurance and finance industry.
Closer to home
The U.S. laws in place for the protection of personal information generally involve one of these four areas:
- Security: Companies aren’t allowed to release personal information unless required by law.
- Disclosure: Companies must tell the client/consumer what information they collect and what the company plans to do with that information.
- Breach Disclosure: If there has been a data breach, the company is required to tell the consumer.
- Direct Electronic Marketing: Companies must respect laws around advertisements via fax, email, or phone.
The main legislation that protects consumer information is the Gramm-Leach-Bliley Act, which was passed in 1999 and requires “financial institutions — companies that offer consumers financial products or services like loans, financial or investment advice, or insurance — to explain their information-sharing practices to their customers and to safeguard sensitive data.”
Financial institutions also are required to implement “information security programs“ to put safeguards in place to protect sensitive client data.
Insurance industry concerns
When processing an insurance claim, any information collected is at risk from hacking, leaking, or other security breaches.
Heed these tips to help keep this data safe.
No. 8: Encrypt important information and correspondence.
Data that has been encrypted requires a password or secret key to access, making it that much more difficult for hackers to get into. Encrypting your data makes it more secure when you’re sharing it on the internet or via email. Some email services, such as Microsoft Outlook, offer an option in the Security Settings to encrypt messages before sending them.
Another way to encrypt information is by setting up a Virtual Private Network (VPN). They’re used by people around the world for their work, to hide their location, or even to avoid government censorship. Several VPN providers offer this service, or you can take this a step further by setting up a private server. A private option is more expensive but prevents your website from being hacked if your hosting provider is compromised. Another benefit to having your own server is that only you and your employees can access the information on it.
No. 7: Choose a reliable ISP.
With so many internet service providers out there, it can be tough to find one that is reliable and fast and offers extra technology services that you might be looking for (email accounts, backups, cloud storage, etc.). Carefully review your options before deciding, and take into consideration any security suite options that are included.
No. 6: Use a firewall.
Check your router and turn on your firewall. A firewall controls what goes in and out of your network, protecting certain information. It’s also a barrier between your computer/network and hackers, which keeps the information on your computer safer. A firewall is also a good option if you have multiple employees that all use the same network.
No. 5: Create strong passwords.
The more difficult your password is to crack, the less likely someone will be able to access the information you’re working on. From your computer login to your email password, it’s recommended to use a long string of unrelated words, a random string of letters/numbers/symbols, and something unique to your work instead of the password(s) you use for all of your other accounts.
No. 4: Keep your computer and programs updated.
Regularly updating your operating system and programs will help keep your computer — and therefore the data on your computer — secure. The updates for systems are often to secure possible vulnerabilities the creators find in their programming.
No. 3: Delete data every day.
Regularly delete any extra information or data you no longer need. Get into a routine of doing it on a daily basis, including deleting cookies. Cookies are small pieces of information from websites that store information about your passwords and shopping cart, and they also save private information about your browsing history and any personal information you might have entered into a given website.
No. 2: Don’t forget about paperwork.
Most of the focus these days is around online privacy, but if you do print any forms or have any physical data, be sure to lock them securely in a filing cabinet. Shred paperwork as soon as you no longer need it to protect your clients’ information from physical break-ins as well.
No. 1: Communicate broadly about cybersecurity best practices.
While you have the most control over you and your employees’ actions, many of these safeguards will protect your clients as well. Even if the stolen data isn’t social security numbers and bank accounts, client data can be sold to other companies for marketing purposes or even used against the client when they try to buy life or health insurance. Communicate best practices with your clients so that they can be proactive in protecting their own data.
Online privacy is worth taking seriously. According to the 2017 Cost of Data Breach Study, the average cost of a data breach for a company is an astounding $3.62 million, or $225 per compromised record. (The healthcare industry ends up paying the most when online privacy is jeopardized — $380 per record.)
While more and more components of processing an insurance claim are automated, you still transmit plenty of secure information throughout the process, so it’s essential that you know both the rules around online privacy and how to implement them. Use these tools and data safety steps to keep your clients protected as much as you can.
Author: Elaine Thompson