If you’re a New York insurance broker, you could be subject to new regulations for protecting your customers’ digital data under the New York State Department of Financial Services (NYDFS) Cybersecurity Regulations.
Fortunately, insurance brokers with fewer than 10 employees, less than $10 million in year-end total assets, or less than $5 million in gross annual revenue are not subject to the regulations, which reached their final transition phase on March 1, 2019.
Working Toward Enhanced Cybersecurity Best Practices for All Insurance Brokers
In addition to the new cybersecurity regulations for larger New York brokers, all insurance brokers who accept digital payments of any kind must follow applicable Payment Card Industry (PCI) Data Security Standards, established by the PCI Security Standards Council. The organization was founded to develop, enhance, disseminate, and assist with the understanding of security standards for payment account security.
Whatever the size of your brokerage, following basic cybersecurity measures can help you build the trust of your customers, and prevent your company from financial loss and loss of business if there is a data breach.
In short, keeping your customers’ data safe is a significant responsibility that insurance brokers shouldn’t take lightly. If you have questions about cybersecurity in your organization, it’s best to speak with a professional who can help your company undergo a security audit, spot weaknesses in your network and overall IT operations, and help you establish cybersecurity best practices.
These three steps can be a good start.
1. Assess Your Cybersecurity Strengths and Weaknesses
If you accept digital payments from your customers, you can complete a Self-Assessment Questionnaire to determine if you meet PCI Data Security Standard requirements. Checking for things like encryption software and up-to-date firewalls can give you an idea of whether or not your brokerage is in PCI compliance.
“If you’re accepting credit cards, debit or digital payments, you must be in compliance with up-to-date firewalls and other security standards to protect your customer data,” says Sunny Naqvi, President of CMIT Solutions of Mid-Suffolk, the award-winning technology firm that helps keep The DBL Center’s data safe.
It’s important to note that the PCI self-assessment only applies to your customers’ payment data, not other important customer information stored on your server. It is also not a complete measure of your organization’s security. PCI controls should continue to be implemented as part of your company’s overall security strategy.
2. Undergo a Security Audit
A security audit, performed by IT and networking professionals, ensures that your company is following cybersecurity best practices. Your auditors should be able to identify vulnerabilities in your network that could lead to a breach and offer a plan of action to fix those security risks.
Naqvi notes that firewalls and anti-virus software should all be up-to-date, and traffic on your network should be limited to only necessary users. Multiple security layers can ensure employees can access the documents they need while keeping customer data secure.
3. Employ the Right Training for Cybersecurity Best Practices
Ultimately, your cybersecurity tools are only as strong as the people using your network.
“Whenever you have to tighten the security, you have to take into account the weakest link in the security chain, which is the human factor,” says Ahmad Mirza, network engineer at CMIT Solutions.
“Training employees how to avoid phishing emails, how to recognize the latest cybersecurity scams, and how to protect their passwords should all be covered as part of cybersecurity best practices,” Mirza says.
He recommends password manager applications to make it easy to set secure, hard-to-crack passwords and then login to all your applications with a single key.
Just be sure to choose a password manager you can trust, with multi-key encryption and multi-factor authentication. “Your passwords should be strong,” Mirza says, “but however you’re storing your passwords should be even stronger.”
How Secure Is Your Brokerage Against a Cyber Attack?
Connect with us!