4 Valuable Ways to Immediately Reduce IT Compliance Stress
Insurance companies by default have a specialized need for IT compliance and cybersecurity due to the highly sensitive client data they handle and store. There’s an overwhelming amount of risk factors that include data breaches, human error and more that makes them automatic targets for opportunistic cybercrimals.
If you and your IT team are concerned about how you’ll keep up with the new NAIC cybersecurity regulations, you’re in good company. Most of our clients are feeling a great deal of stress on how they’ll handle the new regulations that require several highly technical and recommended provisions for cybersecurity.
One client’s story about compliance red flags:
We recently received a call from one of our newer clients who had an emergency security breach that they needed help with. They described their situation and said that their staff had just completed an audit. When they described what happened, they told us that their audit showed several red flags and they were extremely concerned about them. I could hear the worry in their voice as they explained that their dedicated IT staff member was highly skilled, however, they felt a number of security issues had fallen through the cracks.
As they described what happened they ended up working themselves up into a flurry of fears around being out of compliance. Then the big question—would this open them up to a legal liability or law suit? I quickly assured them that the faster we fixed their security issues the less likely they were to suffer damages. Although they were hesitant and fearful of what it would take to get their system back into a state of security, they agreed to have our team out that day to troubleshoot and repair their cybersecurity processes.
Our IT technicians got to work and reviewed their entire system, found and identified their vulnerabilities and worked diligently to update everything needed in order to bring them back into regulatory compliance.
Although this client is new, we explained that we’ve always used a simple 4 step process for all of our client’s cybersecurity concerns. I was so happy that we were able to catch their security red flags before they found themselves behind a catastrophic security and liability issue.
Here’s how we were able to tackle their tough job and come out ahead of their cybersecurity concerns:
Step 1 – Perform a Risk Assessment. Our client already completed an audit on their current system, but performing a risk assessment is still a key component of the new regulations. The risk assessment identifies internal and external threats, assesses their potential damage, and recommends counter measures to mitigate those risks. By performing and documenting the assessment, the client is now compliant, and the outcomes were used to address their vulnerabilities.
Step 2 – Improve the Information Security Plan. The audit and risk assessment results provided guidance on changes to their existing Information Security Plan. For example, our IT team worked with the clients’ management team to improve their access and authentication controls to better protect the clients’ nonpublic information through multi-factor authentication. The security policy on access controls was updated to reflect the improvements and were in line with the requirements.
Step 3 – Prepare Staff Training Curriculum. Security awareness training for personnel had yet to be initiated by our client. One of the challenges was the lack of a curriculum and understanding which staff required training. Our technical team helped identify the staff members that should be trained and provided them with a comprehensive security curriculum. We offered focused training on topics that included; password security, access to nonpublic information, encryption, and remote access.
Step 4 – Maintain Compliance Records. The regulations state that insurance companies must submit annually, by February 15th, a certification of compliance. It also requires that records are kept for 5 years. Our client identified a secure location to store the compliance reports and will ensure over time that the reports will be accessible to the business owner in the event their current IT person leaves their company.
Overall, our clients know that they can count on us to keep them up-to-date on track with the latest insurance industry regulations. We also make sure to implement changes in accordance with our client’s risk tolerance while staying within their budget at all times. We take the stress out of achieving and maintaining compliance. Our clients’ time is much better spent on growing their business and servicing their customers.
If you and your company need support, assistance or a complete cybersecurity protocol that meets the new industry regulations, contact ICS online or call us at 607-757-9551. Our dedicated IT team is standing by ready to help secure your business and your future.