Third-party vendors putting your customers’ info at risk? #InsureTechConnect

In our recently published eBook How exposed are you? 5 security questions every insurer should have an answer for (and the answers they should have), we remind readers that even as we strive for digital transformation and look forward to the promise of insuretech innovations, insurers must not forget that information security is vital in the here and now.

In the eBook How exposed are you?, we prompt insurers to ask some important questions:

  1. Are we prepared to comply with the changing regulatory landscape?
  2. Can we fend off a cyberattack?
  3. Are we replacing error-prone, paper-based, manual processes with secure digital versions?
  4. Are we educating our members and employees about online security?
  5. Where can you focus on opportunities for data security improvement?

Except we left one question out. An important sixth question. And we’re sharing it with you today.

That question is: Are third-party vendors putting your customer information at risk?

The answer is, “Maybe.”

Back in August 2016, someone gained unauthorized access to a server containing personal member information held by Newkirk Products Inc. It included some combinations of member names, mailing addresses, types of plans, members and group ID numbers, names of dependents enrolled in the plan, primary care providers and, in some cases, dates of birth, premium invoice information and Medicaid ID numbers.

The twist? Newkirk issues healthcare ID cards for health insurance plans, which means the accessed personal information was that of its customers’ customers.

For many insurers – and certainly for members – the thought of security risks to customer information outside its firewalls may not occur as often as it should.

How to protect customer information when someone else is using it

There are steps you can take to protect your customers’ information. They include fortifying your own security standards, as well as getting to know your vendors a little better.

Here are the top three experts recommend:

1. Look inward

Start by protecting your own cyber infrastructure from attack through a third-party vendor. In other words, make sure ne’er-do-wells can’t hack your systems by first hacking your vendor’s systems.

Create a multi-layered defense strategy covering your enterprise.

You should also include encryption and two- or three-factor authentication for all network and data access requests from third parties, suggests Sanjay Katkar, co-founder and CTO of Quick Heal Technologies, via Security Magazine.

2. Get a good look at your vendors

It doesn’t matter how much you trust your vendors or how long you’ve worked with them, if you’re not regularly assessing their security protocols, you could put your information and your customers’ information at risk.

“Start with access,” says Katkar.

Implement a ‘least privilege’ policy specifying who can access data and the network – down to exactly what users can and cannot access. Limit temporary access and regularly review third-party credentials.

“Send only the data needed by the supplier,” adds Dennis Chepurnov, our security expert and senior manager of product marketing. “Exclude or redact everything else.”

3. Make them follow your lead

If you want third-party vendors to follow security protocols as strict as yours, make them. Work with your vendors on a service-level agreement (SLA) that says they will comply with your security policies and that they will allow you to audit their compliance with those rules.

“Maintain governance of information even outside the firewall,” says Chepurnov, “with features like retention management, password expiration, 2FA and download limits.”

To learn more, check out How exposed are you? 5 security questions every insurer should have an answer for (and the answers they should have).

Cara McFarlane

Cara McFarlane recently joined Hyland as the global portfolio manager for its insurance vertical. In her role, she is responsible for leading the software company’s strategic marketing strategy to effectively position OnBase as a leading enterprise information platform within the insurance market. Cara oversees all marketing initiatives to plan, execute and manage Hyland’s insurance marketing tactics including lead generation, tradeshow management and development of collateral. With more than 17 years’ experience in the software industry, Cara advises organizations on best practices to digitize processes and become more efficient.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...