Resource Center

Data Security in the Insurance Industry

en_US / Resources / Ebook

Data Security in the Insurance Industry:

What you need to know

Lock Down That Data

Today, some insurance professionals store or share terabytes of electronic information, some of which is sensitive personal data or even protected health data of your clients. With that in mind, here's why you should rethink your data security.

You have a responsibility to your clients

Your clients trust you with insuring their health, lives, property and more, so they expect a reasonable effort to prevent unauthorized disclosure or access to their information.

You must comply with government regulations

Various federal, state and industry guidelines regulate the exchange of sensitive information.

You should protect your reputation

A data security breach will almost certainly result in the loss of clients and possibly generate negative publicity.

Common Challenges

Airtight data security is hard to achieve. For small and midsize insurance practices, the task can be overwhelming. Also, technological changes mean that security measures can become obsolete in a matter of months.

Insurance professionals can address these challenges with a step-by-step plan.

Security: Step by Step

Get Ready

Data security is only achievable if you're ready to lead the charge and makes some changes.

Assess Risk

Security vulnerability occurs via your physical work environment, network security and mobile communication. How do you guard each area? Take the following actions.

Physical Vulnerability

  • Make workstations inaccessible to the public.
  • Lock away your routers and servers.
  • If possible, incorporate industry standard protocols such as magnetic doors and keycard access.
  • Maintain protection against natural disasters.
  • Archive data off-site.
  • Replace aging physical equipment.

Unsecured Networks

  • Configure your firewalls correctly.
  • Use strong, proven antivirus and antimalware software.
  • Keep your software current.
  • Password protect your network or make it invisible.
  • Don't transmit private data on public networks.

Mobile Device Weaknesses

  • Make sure your device doesn't scan for and hook up to open Wi-Fi networks.
  • Transfer files via secure software, such as file-sharing apps that encrypt data, rather than email.
  • Enable security features such as remote wipe and automatic file deletion if you lose your phone.
  • Don't lose your phone!

Research Regulations

Depending on the kind of data you're storing and transferring, you could be subject to more regulations that you know.

These include:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The Consumer Financial Protection Bureau's (CFPB) data security guidelines
  • Various state data security laws + Records disposal laws and protocols
  • Industry standards such as Payment Card Industry Data Security Standards (PCI DSS)

Set Policies and Procedures

Now that you understand what you need to do, decide how to do it. Develop a data security program, train any staff members and enforce protocols reasonably. For instance, if you cannot secure data onsite, look for offsite storage services that offer you features like advanced encryption methods.

Stay Ahead of the Game

If you're going to serve your clients to the best of your ability, you have to stay current with your security. It's not possible to eliminate risk, but you can decrease it significantly by becoming aware of your security issues, learning everything you can and being proactive in your responses.