By Brent McDaniel, Group Chief Solutions Architect, Cardinal Insurance Management Systems
If I had just one minute to sit with you and tell you how you could ramp up your insurance company’s data security, I would ask you one question: how strong is your password?
I know it might be a basic question, but it’s a fundamental one. Despite the firewalls we have today, the antivirus software, the intrusion detection, and all the world’s technical cybersecurity tools; human error is still a top cause of data breaches.
Secure Your Environment
That said, the most complex of passwords isn’t going to do much good if your environment isn’t secure in every possible way. This is why ISO 27001 compliance is becoming increasingly important. For us, it’s a way of showing that we have one of the most sophisticated information security management systems (ISMSs) available. It’s really about how Cardinal secures itself. And by securing ourselves, we are securing our clients too.
Data protection is paramount, especially in the world of insurance technology, and you want nothing less than the most advanced software, loaded with enhanced security measures. One crucial layer of protection, for example, is the encryption of sensitive data. At Cardinal, we’ve designed our insurance management systems to ensure that personal and financial information remains secure and indecipherable to unauthorised parties.
Network segmentation is another strategic approach that isolates critical systems and data from the rest of the network and restricts an attackers’ access to sensitive areas. We’re obviously also hyper-vigilant about our cybersecurity protocols, security audits, and frequent updates, and when it comes to human error, the technology of automated reporting is another invaluable tool.
TAKE THE ‘ADMIN’ OUT OF ADMINISTRATION.
Whatever your present challenges and future goals, C360 provides the best possible platform for building powerful, business-enabling solutions that future-proof your business while providing operational efficiency and regulatory peace of mind.
Check Your Access Management
When it comes to human error and cyber behaviour, it is also imperative that only the right people have access to each environment. Again, the ISO 27001 is an outstanding framework regarding the control of access to organisational data. Essentially, each user is provided access only to the specific information they need to perform their role within the organisation.
Not only is this role-based access control (RBAC) firmly in place at Cardinal itself, but we also tailor this access control and authentication mechanisms for each client to help them ensure that employees have access only to the data necessary for their specific roles, which minimises the risk of internal breaches and unauthorised access.
Access management goes far beyond restricting certain levels of information, networks, and resources. It starts, in fact, with hiring procedures and onboarding policies, and extends to creating a sense of individual accountability through ongoing communication, highly detailed contracts, and the “one user, one ID” principle – so that every user of every system is trackable – and more than that, responsible for their own actions.
And then of course we layer that with tools like two-factor authentications, protection software on all PCs and laptops, encryptions, and software that checks shared folders – all these things can be centrally managed from one ecosystem. At Cardinal we’ve also partnered with BCX, so we have their controls in place too. Their network architecture, their fortigate routers, their intrusion detection, and the team that actively monitors it all 24/7. Sometimes it feels like you’re living in a spy movie, but that’s what it takes these days.
Take Your Corporate Password Policy Seriously
And finally, we come to the question of the password. If we all remembered the story about how it used to take years to crack an eight-character password but now it takes only 37 seconds, we’d probably be a lot more vigilant about our choice of passwords and how we store them.
No matter how powerful computers become, the best defence against brute force algorithms, AI snooping, and immense databases of dictionaries and possible password entries, is a rigorous corporate password policy. I’m sure you already have one – you just may not be enforcing it. Added to that, I would caution that random passwords are not always quite so random when it comes to brute force. In fact, I like to suggest creating long phrases of up to 80 characters because they can be a nightmare to reengineer.
The best practice is to enable the password security features that come with the software, like Cardinal’s C360. I know that it means you have to keep up with the unavoidable necessity of creating more hard-to-guess yet still memorable passwords than you feel like you have the time for, but it’s the nudge we all need towards developing more responsible and safer cyber behaviour.