CIO Insider

CIOInsider India Magazine

Separator

Effective Ways to Improve Data Security in Insurance

Separator
Bibhu Krishna, IT Head, Policybazaar

As much as we continue to thrive in a data-centric world, it’s equally crucial to address the concerns regarding data security too. In the digital age, with most of the data locations connected through Internet, it only takes a moment for someone with technical knowhow to access private data if it is not well-protected. Especially when the data has financial element involved, there is sufficient motive to get unlawful access and exploit it for personal gains.

It is only fair to say that in a sector like insurance, there is no scope of compromising data security. The amount of sensitive data the industry deals with, as well as, their financial position and structure, can make them sit ducks in the absence of robust data security. For an insurance industry player, this means ensuring that its workforce is trained security in best practices for handling sensitive information, such as social identification and bank account details regarding claims. Needless to say, it also means implementing a watertight security net when it comes to protection of data. Here’s how to be more vigilant about what happens on the Internet outside the walls of the organization.

Implementing Proper Guardrails
In the insurance industry, a breach can be prevented proactively using data analytics to find loopholes even before they happen. Other steps that can be taken include (but not limited to):

Encryption of data: Encryption is the process of scrambling information so that it's unreadable without decryption. Encrypting databases is an important practice for data security. This ensures that those who do not have the decryption key cannot decipher the stored information even if they somehow get access. Key points to cover include encryption of data-at-rest and encryption of data-in-transit.

Robust backup and disaster recovery plan: A crucial way to instantly improve the company's data security is to create backups of critical processes and assets. After all, no organization would ever

want to fall victim to a cyber-attack and lose everything that the respective teams have worked so hard to achieve. Backups should be regular, and preferably on multiple locations and in different formats. It is also important to test the backups regularly to make sure they're working properly, especially if they'll be used for long periods of time. Another critical aspect is defining frequency of backups in tandem with RTO and RPO for an effective DR test plan.

Comprehensive IT audit process: The regular IT audit process should include audit of not only the data, but also the entire process/activities carried out to secure that data. Auditing the entire security strategy and procedures for different types of risks, including compliance with industry standards and regulations is a must to achieve the next level of security within any organization.

Proactively monitoring access to sensitive data: To prevent unauthorized access, it’s important to know who has been given access, to what, and what they are doing with it. Various tools can be used to track who accessed the systems, when they accessed them and what they did while in possession of confidential information. Logging software can help record all activity in the landscape while tracking users' activities across time periods, along with providing audit trails so that administrators can easily review events such as failed logins or any suspicious activities that may have taken place during business hours. On the other hand, intrusion detection systems (IDS) and intrusion prevention systems (IPS) can block unwanted traffic from entering into systems so employees aren't able to transmit malicious code onto company servers without detection from security teams.

Auditing the entire security strategy and procedures for different types of risks, including compliance with industry standards and regulations is a must to achieve the next level of security within any organization

Why Fool-Proof Governance Matters
With the release of draft Data Protection Bill in India, security governance has taken the center stage with focus on handling customer consent, data, grievances, and rights. Customers today are aware and empowered. They know the risks in case their personal data is leaked. For insurance, the exchange of sensitive financial information is pretty standard and frequent, so even a minute’s snag or glitch has to be kept at bay at all costs. As much as customers are looking for good claim settlement ratio, they are also looking at good data security practices, given the recent increase in data breaches.

When one talks about robust data governance, it’s not a one-time effort but a continuous, ongoing and an ever-improving process. This process is also subject to change in data privacy rules and regulations that the framework needs to adhere to. For instance, the organization needs to segregate and categorize customer data right in the beginning of their journey where respective teams are accountable for the data that they are handling.

What makes data security a big deal, especially in insurance is the fact that it's not just about protecting the data you have; it's also about protecting your customers' trust in you and their ability to do business with you safely and securely.

Current Issue
VKRAFT Software Services: Pioneering Innovation In Integration & Beyond