Insurance companies in New York are helping businesses bump up their information security by outlining 12 Guiding Principles to Advance Information Security. These principles MUST be followed by businesses in the financial services industry, and are highly recommended for ALL businesses.
While the main goal is protecting customer info, there’s the added bonus of protecting company data if you follow all 12 guidelines properly.
What Are the Information Security Guidelines?
According to the NYIA,
The principles are designed to provide a general road map for agents and companies and are the outcome of a roundtable discussion of representatives from the agent and carrier communities.
The goal of the principles is to create a strong working relationship within the insurance industry to ensure agencies, companies and policyholders are better protected.
Here are the 12 info security commandments:
- Educating all parties about info security is key
- Security standards and best practices must evolve with new crimes and crime channels
- ALL info must be protected – not all breaches happen online
- Establish standards based on reputable resources
- Write up an information security program that ALL data accessors must follow
- Regularly reassess vulnerabilities
- Create and regularly test an incident response plan
- Limit the amount of personal information you keep in your system
- Use strong passwords and change them regularly
- Make sure your hardware and software are up to date and patched
- Get insurance coverage for cyber security
- Guard against reputational risk – you are partially liable for info security
Businesses in the financial services industry are now required to provide proof of compliance to the NY DFS. There are a few exemptions:
-Fewer than 10 employees
-Less than $5m gross revenue in the last three years
-Less than $10m in year-end total assets
Who’s backing it:
-Independent Insurance Agents and Brokers of New York (IIABNY)
-New York Insurance Association (NYIA)
-Professional Insurance Agents of New York (PIANY)
-New York Department of Financial Security (NY DFS)
These organizations, along with pretty much everyone else, are increasingly concerned about business cybersecurity.
Poor cybersecurity leads to hacks, breaches, virus and malware infections, and ultimately, the exploitation of personal information. Businesses can easily go under in the face of critical info loss and reputational damage.
While the blame is certainly on the cyber criminal, the initial breach is often due to undereducated users. Undereducated employees are your greatest vulnerability. (Here are some quick ways you can beef up your cybersecurity.)
Following the 12 guidelines above helps to mitigate and manage information security risks. We highly recommend implementing them ASAP, even if you qualify for exemptions.