After the recent Anthem breach, there has been an influx of fears about data security. Data privacy and security are cited as the main reasons business executives are reluctant to adopt cloud technology for claims management. Shockingly, the recent Anthem breach has revealed that data isn’t safe when stored on internal servers.
Anthem, one of the largest insurers in the US, revealed there had been a breach of data on January 29th. It is likely that tens of millions of records were stolen, affecting up to 80 million customer records; exposing names, birthdays, addresses, employment information, email addresses and social security numbers. So far it appears that no medical information or financial details have been stolen.
Although details of how the breach occurred have not been released, it is an interesting test for other insurers to ensure their data is well protected from potential breaches. Whether your data is stored internally or in the cloud, there are a number of steps to consider.
- Multi-factor authentication
Using a two-step authentication process ensures no unauthorized users can gain access to a system. If a user attempts to log in from an unknown device, a verification code can be emailed or messaged to the user. If the user can access the verification code, it verifies that they are in fact authorized.
- Password policies
Strengthening internal password policies can ensure employees use no weak or easily guessed passwords. Complex alphanumeric passwords make passwords difficult to break. Implementing lockouts can block out unauthorized users and ensure you are aware of any potential threats.
- IP Restrictions
Implementing IP restrictions to internal IP addresses ensures no external users can gain access without permission from your organization. In the cloud, users can be approved through remote devices by allowing access to their IP addresses. Time restrictions can also ensure users can only access the system during working hours.
- Restrict Access
Different level employees need different access to different areas of the system. Users can be restricted to the specific information they require to complete their tasks and restricted from accessing other areas with sensitive data.
- Audit User Access
Audits should be completed regularly to monitor which areas of the system users are accessing, and the times they are accessing. If any irregular activity is determined, the users should be monitored more closely to ensure there is no breach of sensitive data. If irregular activity is spotted, an administrator should be able to reset all passwords immediately to avoid any further intrusions.
- Secure Employee Systems
Spam filters, malware software, phishing protection and, updated browsers are just a number of ways to secure employees systems. A dedicated team should be put in place to ensure all systems are secure.
These are just a number of ways in which data breaches can be avoided. Whether you have a cloud-based system, or store your information internally, you need to remain vigilant to protect yourself from potential data breaches, particularly when it comes to personal information.