Data Security and Testing in the Insurance Industry
More and more requirements are being put on insurance companies, general agents, and independent retail insurance agents when it comes to data security and testing. As a result, we need to have programs and testing in place to ensure the protection of the data we use and provide to our partners.
There are at least two different tests that an organization can do to determine their level of protection. One is a network penetration test, also called a pen test. This is an ethical, simulated cyberattack on your computer systems/networks from the outside. This test is performed to identify both weaknesses/vulnerabilities and the strengths of the target systems. The National Cyber Security Center describes penetration testing as the following: “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”
The second type of testing is a vulnerability scan. A vulnerability scan is typically automated and is used to identify the strengths and weaknesses of a network from the inside. It takes an inventory of the entire network and evaluates the security of each device connected to the network. The vulnerability scan application will then check each device against a database of known vulnerabilities to see if any of the devices are subject to any of these known vulnerabilities.
The Agents Council for Technology has offered some great resources for independent insurance agents. You can access this website for more information: www.independentagent.com/act/pages/planning/securityprivacy/cyberguide2.aspx. By no means is this all-inclusive to meet all the various state requirements. Please make sure to check your state’s insurance department for any and all requirements/laws that have been adopted for the insurance industry.
If you have other questions or would like assistance in finding a vendor to provide these tests for your organization, feel free to contact me at firstname.lastname@example.org.Share on Facebook Share on LinkedIn
Posted by Tate Tooley, IT on Jun 2, 2020