This Month's Experts
Vice President of Product Management
Omniva, San Francisco
Senior Product Marketing Manager
SurfControl, Scotts Valley, Calif.
Director of Strategic Solutions
@stake, Cambridge, Mass.
Counsel, Financial Regulatory and Electronic Commerce Practices Mayer, Brown, Rowe & Maw, Washington, D.C.
Q: What are the e-mail security issues facing the insurance industry? What can insurers do to combat these problems?
A: Paris Trudeau, senior product marketing manager, SurfControl: Federal regulations have put insurance companies under increased pressure to secure confidential customer information or face legal liability issues and major fines for noncompliance. Insurers must put appropriate Internet and e-mail acceptable use policies in place, invest in staff training, and implement security technologies to combat these issues. Content filtering technology is one of the technologies that can enable the intelligent management of customer data and prevent unauthorized or inadvertent disclosures. It can also protect insurance companies from other e-mail content risks, such as spam, viruses and productivity losses.
A: Jeffrey Taft, counsel, financial regulatory and electronic commerce practices, Mayer, Brown, Rowe & Maw: There are two main risks regarding e-mail for insurance companies-inbound and outbound e-mails. For inbound e-mails, the risk is largely a technical and security one. Insurance companies must have sufficient safeguards in place to protect their systems, screen for viruses, and handle attachments and other similar security measures. For outbound e-mail, the issues are largely ones of regulatory compliance. The new federal e-mail law, called the CAN SPAM Act, impacts the way all businesses, including insurance companies, conduct their marketing and customer relationship programs via e-mail. In addition, regulated institutions such as insurance companies can find themselves on the wrong side of the regulations due to inadvertent but well-meaning e-mail responses to customers.
A: John Dawes, vice president of product management, Omniva: Companies already understand that the risks of viruses, spam and other unwanted e-mails require implementing an e-mail security solution, and increasingly they are starting to understand the risks of not complying with government regulations or not having good policies in place for corporate governance. An important first step in dealing with these risks is creating a compliance task force that can analyze what federal and state regulations apply to you and how, from a technology standpoint, you are going to automate the enforcement of specific policies. Corporations need to start with a clear understanding of the policies they need to put in place to comply with regulations and for good corporate governance. Once you understand the federal and state regulations that apply to your organization, you can map corporate communications policies to these regulations.
Q: To what extent is e-mail compliance a technology and systems issue, and to what extent is it about policies and training?
A: Samir Kapuria, director of strategic solutions, @stake: With the adoption of digital information usage, technology security teams have an additional goal of enabling compliance with privacy regulations. The solutions insurers employ to meet these growing requirements must be holistic and include facets of technology, policy and training. Utilizing technology addresses part of the required solution, with products like antivirus or intrusion detection. Implementing defined corporate policies armed with the methods of enforceability can deter employees from using technologies that can bypass corporate security controls-like Web mail. Establishing security awareness programs can be a strong tool in educating clients on security incident prevention.