Approach Integration With Caution

By Karyn Buckley | January 13, 2023
Photo of "computer" handshake

Data protection must be a critical consideration when selecting new applications and technology solutions.

By Kitty Ambers, CIC, CPIA, CISR, Chief Operating Officer at AVYST

Cybersecurity is a top concern of lawmakers, business owners, and consumers alike.  As insurance professionals, data protection must be a critical consideration when selecting new applications and technology solutions.

The term “API” has been a major topic of conversation when it comes to improving efficiency. InsurTechs routinely tout the use of APIs to speed the exchange of data across the insurance channel. Agents have become conditioned to think that these Application Programming Interfaces (APIs) are the holy grail and that they are naively safe and secure, but this is often not the case.

I encourage you to approach technology integrations with caution. Here are three suggested protocols to consider before opening your technology platform to others:

  1. Understand what APIs you’re using, for what purpose, and how they work.
    According to SearchSecurity, “Implemented securely, APIs can allow an enterprise to leverage its own and others’ data with ease and security. Implemented badly, they can be leveraged by hackers to attack an enterprise and its users.” Further, “PrismaCloud cautions, “APIs can create additional security risks, as they increase the number of ways in which malicious actors could get into applications and cause chaos.”
  2. Stay abreast of Cybersecurity Legislation and how it impacts your firm.
    As noted in a recent article from the National Conference of State Legislators (NCSL) ” At least 45 states and Puerto Rico introduced or considered more than 250 bills or resolutions last year dealing significantly with cybersecurity”.  Connect with your state insurance industry association and technology user groups to learn how to comply with these evolving requirements.
  3. Ensure your technology solution providers have legal permission to “integrate.”

At AVYST, we are focused on ensuring your client data is secure – both at rest and in motion. Part of this focus includes promoting user education. To understand more about cybersecurity frameworks and suggested protocols, listen in on our InsurTech Talk with RigidBits which highlights Three Common Misconceptions of Cybersecurity.

Protect the treasure that is your data!

As always, we invite you to leave a comment, question or suggestion for a future blog topic.  Check out past posts at AVYST.com/blog.

 

Don’t miss our future blog posts!

Wave Insurance Technologies, Inc. dba AVYST

Subscribe for News & Updates

 

Posted in Crystal Ball Blog and tagged , , , , , , ,