As insurance professionals, the protection of client data must be a critical consideration when selecting technology solutions.
By Kitty Ambers in NU Property Casual 360

Strategies, guidelines and protocols for reopening America post-coronavirus shutdowns are hitting headlines on both micro- and macro-levels. Every business and organization imaginable, from churches to salons, must rethink and retool how they connect and interact with patrons as well as the greater public.

Personally, I’ve been asked to sit on our church “Back-in-Person” (BIP) Task Force to work through documentation provided to us by our conference leadership. The requirements outlined, in addition to our state-issued mandates, impact decisions we must make to ensure the safe reopening of our campus.

It occurs to me that the process of crafting new and stringent protocols to ensure the safety of people as they interact is not unlike sifting through the complexities of technology integrations. There are systematic things to address, and there are protocols required to ensure safe interactions.

Data protection must be a critical consideration when selecting new applications and technology solutions.

Data protection must be a critical consideration when selecting new applications and technology solutions.

Cybersecurity is a top concern of lawmakers, business owners and consumers alike. As insurance professionals, the protection of client data must be a critical consideration when selecting technology solutions.

The term “API” has been a major topic of conversation when it comes to improving efficiency. InsurTechs routinely tout the use of APIs to speed the exchange of data across the insurance channel. Agents have become conditioned to think that these Application Programming Interfaces (APIs) are the Holy Grail and safe and secure. But this is often not the case.

I encourage you to approach technology integrations with caution. Here are three suggested protocols to consider before opening your technology platform to others:

Understand your APIs

According to SearchSecurity, when “implemented securely, APIs can allow an enterprise to leverage its own and others’ data with ease and security. Implemented badly, they can be leveraged by hackers to attack an enterprise and its users.”

Further, Twistlock cautions, “APIs can create additional security risks, as they increase the number of ways in which malicious actors could get into applications and cause chaos.”

Track Cybersecurity Laws

As noted in a recent legislative brief from the National Association of Insurance Commissioners (NAIC), 11 states have now adopted the Insurance Data Security Model Law. They are Alabama, Connecticut, Delaware, Indiana, Louisiana, Michigan, Mississippi, New Hampshire, Ohio, South Carolina and Virginia. Connect with your state insurance association to learn how to comply with these evolving requirements.

Ensure Legal Permissions

It is vital to thoroughly review the fine print in end-user license agreements (EULAs) and vendor contracts. Understanding who owns and controls agency data is critical.

This is where initiatives like the Vertafore Orange Partner Program are so valuable. Vertafore understands and supports the reality that the insurance community has needs beyond those served by Vertafore solutions. Through vetted partnerships, Vertafore brings together best-in-class capabilities that are complementary to Vertafore solutions. These formal agreements empower Vertafore customers to confidently take advantage of more secure integrations.

Other management system vendors also are adamant about approaching integrations the right way — the way that protects an agency’s data. As a caution, if a vendor explains that their integration solution with another platform involves you, the client, providing your logins and passwords, it isn’t a true, legal integration. This is also likely a violation, by you, of the EULA with the other platform.

At AVYST, we take our partnerships seriously and remain focused on ensuring client data is secure — both at rest and in motion. Part of this focus includes promoting user education. To understand more about cybersecurity frameworks and suggested protocols, listen to Dustin Moody of RigidBits, who explains “Three Common Misconceptions of Cyber Security.”

Mind your manners, and be sure you aren’t oversharing.

Kitty Ambers (kitty@avyst.com), CIC, CPIA, CISR, is Chief Growth Officer at AVYST and a member of the NU Property & Casualty Editorial Advisory Board.

Leave a Comment