Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:45 AM
Connect Directly

Attention to Security Lacking

A LOMA study finds that financial services companies aren't paying enough attention to security.

Although insurers have scrutinized IT security more closely post-9/11 and in preparation for HIPAA and USA PATRIOT Act compliance, a recent LOMA (Atlanta) study, "Data Privacy, IT Security and Disaster Recovery in Financial Services," reports that many financial services organizations have not paid enough attention to these functions. The study, authored by Steve Forbes, senior vice president of research, LOMA, explores the technological and managerial issues that are associated with the issues of data privacy, IT security and disaster recovery within financial services companies.

The main reasons for the continuing security short-falls, according to Forbes, have to do with the increasing complexity and interconnectivity of information systems that support complex products through more distribution channels. Along with this complexity comes more numerous vulnerabilities to interferences with IT processes and data security, Forbes explains.

To reduce these vulnerabilities, he advises, insurers should utilize virtual private networks (VPNs) to deliver data to customers over the Internet. Data encryption is also important for protection as data is transmitted from one party to another, but this is not 100 percent reliable, he notes. "Data encryption is fairly powerful when it's used properly," says Forbes. "However, every data encryption code can be broken with sufficient effort." To reduce the risk of broken code, Forbes advises CIOs to change the encryption key frequently. Also, "the more bits that are used, the harder it is to decrypt," says Forbes. "One-hundred-twenty-eight-bit keys are better than a smaller number of key bits."

The LOMA study also suggests that vulnerability to security breaches can be prevented when extra care is taken during the employee hiring process. Also, IT executives can protect data through limitation of employee access to all information except that which is necessary for them to perform their job functions.

Where it is plausible, duties can be spread among employees so that a particular employee doesn't see the entire content of another individual's data. Internal firewalls should also be built into systems to enforce this policy, the study recommends, and Forbes further advises the prompt dismissal of individuals who don't adhere to these rules.

Third-Party Threat

The LOMA report also encourages due diligence performance when dealing with a third-party provider. "It's important to make sure partners are adhering to the same IT security and data privacy policies" as the insurer, explains Forbes.

It's also important to "design appropriate contractual provisions so that the insurer and the third party have a clear understanding of what the data privacy policy is and what the contractual penalties would be for failing to adhere to that policy."


Is Your Firm Practicing Good Security Strategies?

-- Utilizing a VPN for data delivery.

-- Practicing data encryption.

-- Limiting employee access to data.

-- Taking care in the employee hiring process.

-- Performing due diligence of third-party provider security policies.

-- Designing appropriate contractual provisions with partners.

Clearly define penalties for contractual adherence failure.

Register for Insurance & Technology Newsletters