Posts Tagged Insurance

Customer Success Story: United Security Life and Health

Posted by on Friday, 31 August, 2012

It’s Friday, heading into a long overdue holiday weekend, so we thought we’d share a video we recently posted that highlights how Lorraine Callahan, a senior programmer analyst with United Security Life and Health, has implemented GoAnywhere to improve workflow and save time.

 

GoAnywhere Success Story: United Security Insurance
YouTube - GoAnywhere Success Story: United Security Insurance

 

If you’d like to see other customer success stories, visit our website where you can find videos, testimonials, and case studies.

 

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Are Insurance Companies Managing Their Risk of Data Breach?

Posted by on Wednesday, 9 May, 2012

An injury that doesn’t happen needs no treatment. An emergency that doesn’t occur requires no response. An illness that doesn’t develop demands no remedy. The best way to stay safe … is to avoid getting into trouble in the first place. That requires planning, training, leadership, good judgment, and accepting responsibility—in short, risk management.  

– Boy Scout Field Book

Insurance companies are the experts at analyzing and managing risk. They identify, quantify and set pricing based on the calculated costs of risk. Naturally, the higher the perceived risk, the higher the cost to mitigate the potential losses.

Yet here is the irony.  While those in the insurance industry excel at evaluating risk management for their clients, they often neglect risk mitigation within their own operation.

Exposed data is serious risk

The insurance industry collects and analyzes overwhelming amounts of data. This often sensitive and confidential information becomes the basis upon which many critical decisions are made, and which produces the competitive advantage to provide better policies, prices, and solutions to the market.

All of this data, both historical and cutting-edge, is truly the lifeblood of the insurance industry. Therefore, the astute management and protection of this data is the infrastructure of arteries and veins delivering this lifeblood to all of the appendages of the company that need the results of this data compilation.

In addition, this sensitive and private information is disseminated to various internal and external associates, customers, partners and collaborators usually via the Internet, which exposes this data to compromise.

And yet, despite their expertise in risk analysis, many in the insurance industry fail to ask these questions:

  • Given how much data we’re exchanging with clients, partners, financial institutions, healthcare organizations, etc., what is our risk of a data breach?
  • What is our liability if we suffer a data breach?
  • What can be done to mitigate potential losses?

When examined this way, any underwriter would agree that failure to adequately protect the sensitive data continually in transit in an insurance company’s daily workflow presents an extremely high risk.

Insurance industry, heal thyself

If data really is the lifeblood of the insurance business, and the data center is at the heart of the company, then the arteries and veins are the methods of moving that data to and from your departments, clients, business partners, and others.

While adding layers of physical security to the data center is a top priority for insurance IT professionals, securing the pathways in and out of that data center tends to be overlooked, despite media coverage of data breaches at companies worldwide.   This lack of action underestimates the extent of the public’s concern that their private data may be compromised, and state and federal efforts to more strictly regulate data storage and transfer policies.

Effectively managing FTP transactions is essential to mitigating the risks of data loss.  The costs of implementing managed file transfer solutions are minimal and provide tremendous flexibility when striving to meet the requirements of trading partners and compliance regulations.

As the insurance industry knows better than anyone, the best approach is to mitigate risk with a cost efficient solution.  In this case, taking direct action to protect data transfers is the obvious prescription for any organization — especially one based on risk management.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Who Insures the Insurer?

Posted by on Monday, 2 August, 2010

Do insurance companies maintain Data Security Breach Insurance?

On June 23, 2010 more than 200,000 Anthem Blue Cross customers received letters informing them that their personal information might have been accessed during a security breach of the company’s website. Customers who had pending insurance applications in the system are currently being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed.  It’s one more tumble in a cascade of security breaches that can have terrible consequences for the customers and clients of such a large insurance company.

And of course, this raises an ironic question: Do insurance companies maintain their own liability insurance in the event that their information systems are compromised?  As absurd as it may seem at first glance, it’s really not a laughing matter. According to the Ponemon Institute, the average cost of a security breach is now exceeding $200 per client record.  This would mean that Anthem Blue Cross’s breach last month created a liability as great as $40M.

Moreover, there’s a ripple effect to organizations that do business with insurance companies that suffer such an information security breach.  Each Personnel Department that delivers private employee information to an outside service supplier has an inherent responsibility and liability to its employees.

We all know that the privacy information transferred between companies should use a secure and confidential method of transmission.  Yet too many small and medium-sized companies are still using simple FTP (File Transfer Protocol) software that has been proven to be susceptible to the threats of network hackers.  And by the time these organizations realize their vulnerability, it’s often too late.  These companies are often performing these FTP transfers below the radar of their IT departments.  How does it happen?

Often personnel data is off-loaded to PCs from the main information systems where it is left “in the open” on the hard drives of desktops or laptops. After the data is transferred this residual data is often unprotected, where it’s subject to theft or secondary security flaws. Insurance agents – whose jobs are to facilitate the processing of the data with their insurance providers – can also suffer from such breaches. The loss of an agent’s laptop – through theft, accident, or routine use of USB thumb-drives – poses additional liability.

There are two readily available strategies to help prevent these kinds of security abuses. The first strategy is to use data encryption technologies that not only encrypt the data, but also record into a secure log detailing when, where, and by whom the sensitive data has moved from the main information database.  Linoma’s CryptoComplete offers precisely this kind of encryption capability, and it should be examined by IT professionals as a viable, highly configurable resource for the protection of the company’s information assets.

The second strategy is to use a secure method of transfer for the data itself, ensuring that the information is never left in a vulnerable state on an individual’s personal computer.  By removing FTP access to the data by any employee’s PC and channeling the transfer through the secure corporate server, IT can prevent the problem of network hacking from occurring.  Linoma’s GoAnywhere Director solution is precisely the means of achieving the goal of a secure FTP transfer between companies.

The tragedy of the Anthem Blue Cross breach was the result of a faulty security scheme in the design of its customer service solution.  But it is not the only potential failure of data security that can impact its customers and business partners. And, unfortunately, this information security breach is just one of the 356 million reported breaches that have occurred in the US over the last five years.

So who insures the insurer when a data security breach occurs?  The real answer is IT itself.  And helping IT achieve a better result will be the subject of this blog over the next few months.

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website