Data Felon’s Next Target: Insurance Firms

330
Rahul Kumar, Country Manager, WinMagic
Rahul Kumar, Country Manager, WinMagic

Consumers’ trust in the financial sector has always been high throughout the years. This trust seeps into the insurance sector as well, partly owing to the perception of the sustained performance of banking and insurance firms. What is interesting is that—according to a Capgemini study—a whopping 83 per cent of consumers also trust banks and insurers when it comes to their data, with just 3 percent believing that their bank or insurer ever suffered a breach.

However, the same survey of banking and insurance firms worldwide noted that just 21 per cent of banking executives claimed to be highly confident in their ability to detect a cybersecurity breach. Worse, 26 per cent of financial institutions acknowledged having been the victim of a breach.

This growing menace of data breaches spurred India’s insurance sector regulator, Insurance Regulatory and Development Authority of India (IRDA), to issue guidelines for insurance firms to appoint a chief information security officer (CSO) by April 30, 2018. The main job of the officer would be to articulate and enforce policies to protect information assets and take steps to form the Information Security Committee (ISC). The guidelines cover aspects relating to data, applications, operating systems and network layers; security audit; and other legal aspects.

VULNERABILITIES ARE EVIDENT

Information sharing is essential for conducting insurance business operations. Therefore, to ensure that adequate systems and procedures are in place, rules relating to information sharing are a part standard operating procedure. In the insurance sector, data is a rich target of theft and misuse.  As insurers share significant amounts of personal policyholder information and health-related information with third parties, the risk is even higher.  Notwithstanding such huge transfer of information taking place, insurance repositories, call centres and service centres have access to sensitive policyholders’ data.

It is high time that insurance companies take proactive steps to enhance security and privacy. The above survey findings highlight the need for data-centric approaches like encryption and encryption key management to mitigate the impact of any breach. Moreover, threats have an increasingly larger attack surface to target, thanks to the burgeoning virtualized and cloud applications, and this brings to focus not only protection for end-point devices, but also at a Virtual Machine (VM) Level.

Remember that cyber criminals’ weapon of choice is not always the sophisticated attack, but the common security pain points. As the cost of a breach, through lost customers, revenue and business, is rising dramatically, insurers need to assess their digital channels routinely. The issue of security takes on more urgency with the new General Data Protection Regulation (GDPR), which will come into force in a few months and change how companies handle data. GDPR requires that financial organizations reveal a data breach within 72 hours after the incident. The issue of GDPR takes on added significance as most of the private insurance firms have tie-ups with foreign companies.

It is quite a revelation to note that, in the banking and insurance sector, security concerns deter nearly half of consumers (47 per cent) from using digital channels and 74 per cent of them would switch their bank or insurer in the event of a data breach. Therefore, proper privacy protections offer a strategic business advantage to the firms. Building the reputation for data privacy is definitely challenging, and preparing the proactive security defenses is no easy task. However, data privacy and security does raise the bar on multiple factors that need constant consideration.

COMPLYING WITH IRDA’S GUIDELINES TO SAFEGUARD DATA

To deal with growing data requirements, tools such as WinMagic’s SecureDoc provide a common platform to control all aspects of data security as mandated by IRDA’s requirements, including:

  • Unified physical, virtualised, and cloud data security under one solution, reducing operation & time costs associated with managing multiple data security solutions
  • VM-level encryption for virtualized servers and cloud, offering the persistent encryption required for data portability
  • Visibility and control required to strengthen data security compliance efforts through a single console view providing audit, discovery, encryption and key management
  • Eased scalability with easily deployable licenses, supporting any of a customer’s growth or burst needs – no matter what speed, or scale
  • Support for the public, private and hybrid cloud solutions, keeping your data secure as it moves
  • Intelligent policy engine that prevents unapproved copying and snapshots or relocation of VMs outside a customer’s stated boundaries
  • Authentication with enterprise data privacy control to ensure confidentiality, integrity, availability and privacy of the data collected, processed, stored and disposed of through cloud services
  • Crypto Erase capability to terminate and remove all security credentials to prevent access to removed data
  • Segregated protection for production and non-production workloads with secured data at the logical level, and against the virtual storage

A common security platform offers you less complexity, more flexibility, and higher security, without cloud platform lock-in. SecureDoc CloudVM’s intelligent key management capability increases visibility and strengthens data security within virtual environments. With a strong policy engine, it helps you in controlling the encryption key management system across a vast array of layers including endpoints, file servers, virtual servers, enterprise file sync and share (EFSS) solutions and the Internet of Things (IoT) instances.

The time is now for insurance firms embrace encryption of data wherever it may be in their organizations. From desktops to servers, data centers to the cloud, build out your uniform data security approach, reducing complexity and data security silos in your organization.

About WinMagic                                                                                                  WinMagic, one of the most respected names in the data security business, encrypts over 8 million endpoints in 95 countries. Our award-winning comprehensive encryption and intelligent key management solution is the best protection against sophisticated threats and data loss. SecureDoc by WinMagic provides everything encryption, securing data wherever it is stored by enabling a unified key management strategy across any end point, virtualized, or Cloud IaaS environment.

Authored article by Rahul Kumar, Country Manager, WinMagic

Get a chance to meet the Who's who of the BFSI industry. Join Us for 8th SecureIT Summit, Mumbai and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.