Four Essentials for Keeping Policyholders’ Data Secure
An average data breach costs $3.9 million, takes 279 days to contain, and results in $5.7 million in lost business. So how do you make sure it never happens to you? Check out four suggestions for reducing your data breach risks and keeping your policyholders’ information private and secure.
Data breaches are dangerous, expensive and increasingly common. An average data breach costs $3.9 million, takes 279 days to contain, and results in $5.7 million in lost business1. So given the incredibly high stakes, what’s the best way to protect your organization and policyholders from a data breach during the claim payment process? It’s a difficult question with a complex answer, but here are four basic data privacy suggestions that can help start the discussion:
- Strengthen Your Front-line Defenses
Most data breaches are the direct result of careless actions by employees—things like opening a phishing email, leaving a computer unlocked, taking sensitive files home, or using bad password practices. That’s why clear, enforceable policies combined with regular cybersecurity training and employee engagement are among the best measures you can take to minimize the risks of data breaches.
- Know Where You Stand
Bringing in an outside expert to conduct a thorough, objective cybersecurity vulnerability assessment is one of the most effective ways to identify data security weaknesses and develop a plan to address them. This assessment should include things like physical security controls, perimeter security, encryption practices, and how vulnerable your networks and systems are to internal and external attacks. But above all, make sure your security assessment thoroughly tests your ability to identify and contain data breach attempts quickly, so you can avoid the high costs and long-term damage that can result from undetected incursions.
- Stay on Top of Compliance
Today’s complex regulatory landscape affects every part of the claims payment process, so keeping up with the latest industry and government privacy, encryption, business continuity, and SLA requirements is essential. Here are four standards that you should keep on your radar. This includes knowing how they apply to your organization and what it will take to stay compliant:
- Payment Card Industry Data Security Standards (PCI DSS).
This set of 12 security standards—mandated by the major card brands—applies to every organization that accepts or processes credit and debit cards. PCI DSS covers a lot of ground, including things like network security protocols, antivirus protection, firewalls, password management, and more. Failure to meet PCI-DSS standards can lead to heavy fines and other penalties, especially if your business suffers a data breach.
- System and Organization Control (SOC) 1 and 2
are well-established audit controls defined by the American Institute of Certified Public Accountants, and they apply to most large organizations. SOC 1 focuses on financial audit controls. SOC 2 revolves around five “trust service principles,” including security, availability, processing integrity, confidentiality, and privacy.
This voluntary accreditation program applies specifically to third-party senders and organizations that send automated clearinghouse (ACH) payments. Nacha requirements revolve around ACH risk assessments and risk program policies and procedures.
is a set of U.S. government privacy regulations that apply specifically to the healthcare industry. If you are a health or dental plan provider, you should already have an effective, complete HIPAA compliance program in place.
- Hold Your Third-party Service Providers Accountable
Your data security responsibilities don’t end with your own internal teams and systems. To protect policyholders, you also need to make sure your vendors and service providers—especially those that handle sensitive personal information—meet the same strict standards and requirements. This typically involves carefully checking and certifying compliance when you evaluate and select payment vendors—and then performing periodic audits to make sure they maintain those standards. Careful, compliant partners can also help offload certain data privacy compliance issues, so your internal teams can focus on other priorities.
Of course, none of these simple suggestions are really simple at all. They all have layers of nuance and complexity that require careful planning and significant resources. But if you approach data privacy and security the right way—and choose the right partners—you can significantly reduce the risks and consequences of data breaches.
Find out how VPay can help with your efforts to lower the risk of data breaches—with a complete, compliant claim payment solution that keeps sensitive policyholder and service provider data safe through every step of the payment process.
- Source: https://databreachcalculator.mybluemix.net