Close Close

Retirement Planning > Social Security

4 ways to protect client data in the cloud

Your article was successfully shared with the contacts you provided.

When Premera suffered its devastating security breach earlier this year, losing 11 million patient records, the question on everyone’s minds was: How could it have been prevented? Many marveled at the fact that the company — along with others like Anthem — hadn’t bothered to encrypt its sensitive patient data. And while Premera and Anthem’s sizes and the volume of records they handle certainly made them prime targets, these situations also highlight the risks posed to much smaller firms — especially those that might not appear to have the latest and greatest security methods. The truth is, cyberattacks will probably increase in frequency, and as health insurance agents continue to handle complete medical records, they must take particular care to protect their sensitive client information.

Patient information is extremely valuable — and extremely expensive, costing healthcare organizations an average of $2.1 million per breach. Though cyberattacks are the largest threat, insider threats from malicious or simply careless employees are close behind. There are precautions insurance agents and firms can take to keep their clients’ information safe. Really, these are precautions agents must take. Updates to the HIPAA and HITECH regulations mean that you also need to be mindful of these rules, on top of practicing general good security.

Here are a few tips to keep in mind to boost productivity, maximize security, and assuage clients’ worries.

1. Accept the inevitable

We’ve addressed the increasing inevitability of breaches, but the other inevitability is the cloud. Businesses may be moving quickly toward universal cloud adoption, but individuals are moving even faster. More than 40 percent of American employees use their personal smartphones, tablets, or computers for work, and 83 percent of employees prefer to use cloud apps than on-premise equivalents. With such strong momentum, fighting the cloud or denying employees access to it may only set you back, or hinder your ability to block a breach.


2. Encrypt your files and folders.

Clients entrust their agents with their most personal information, so it’s essential to keep that data safe. Storing client files in the cloud can be a great asset to your agency’s workflow, making files easily sharable, accessible on the go, and retrievable from anywhere. But it’s absolutely critical to protect these files in the cloud with adequate encryption. File-level encryption protects the sensitive data itself — not just the place where it resides, which, as you can imagine, is much safer. Such encryption is seamless, so you can store and share files as usual, but they’ll remain encrypted and accessible only to authorized users. So, say your cloud service is hacked, files that are synced to the cloud and encrypted remain impenetrable — and your clients remain unscathed.


3. Send smarter emails.

Often, agents send client information to a third party or communicate with the clients themselves about their claims. Sending personal information in an offhand email or attaching an unencrypted file can prove damaging if the email is intercepted or the email provider is hacked — or even if your phone is lost and that message remains accessible in your inbox. Moreover, if an email containing sensitive information is mistakenly replied-all or misaddressed, the information could fall into the wrong hands. User error is one of the largest causes of data breaches, but one of the easiest to prevent. Take steps to encrypt your sensitive emails or send direct links to encrypted cloud-based files, which can only be accessed by the designated recipient.   


4. Maintain control.

Insurance agent customers consistently tell me that maintaining HIPAA compliance has completely changed their approach to security. For many of them, that comes down to control. A centralized dashboard that allows agents to manage access to their files is a great first step. Additionally, auditing your cloud-based information is smart, because it lets you stop problems before they occur. An audit trail lets administrators monitor who edits files and when. If an unauthorized user is active in your agency’s files, you’ll notice immediately and can take the necessary steps to stop it, like revoking access with the touch of a button to any user or device that no longer merits it.

Employing the cloud in the insurance business shouldn’t be daunting, particularly because it can be such an asset. But taking stock of the necessary precautions and enacting them is a vital first step to ensure security and your clients’ satisfaction. After all, you’re a professional risk assessor — so you should be the first to understand that the cloud’s benefits vastly outweigh its risks.