Close Close

Retirement Planning > Social Security

5 steps to tackling data security in the insurance industry

Your article was successfully shared with the contacts you provided.

Today, insurance professionals handle terabytes of electronic information — including sensitive personal data or the protected health data of your clients. With that in mind, here’s why you should rethink your data security.

You have a responsibility to your clients. Your clients trust you with insuring their health, lives, property and more, so they expect a reasonable effort to prevent unauthorized disclosure or access to their information.

You must comply with government regulations. Various federal, state and industry guidelines regulate the exchange of sensitive information.

You should protect your reputation. A data security breach will almost certainly result in the loss of clients and possibly generate negative publicity. 

Airtight data security is hard to achieve. For small and midsize insurance practices, the task can be overwhelming. Also, technological changes mean that security measures can become obsolete in a matter of months.

Insurance professionals can address these challenges with a step-by-step plan. 

Step 1: Get ready. Data security is only achievable if you’re ready to lead the charge and make some changes.

Step 2: Assess risk. Security vulnerability occurs via your physical work environment, network security and mobile communication. How do you guard each area? Take the following actions.

Physical vulnerability

  • Make workstations inaccessible to the public.
  • Lock away your routers and servers.
  • If possible, incorporate industry standard protocols such as magnetic doors and keycard access.
  • Maintain protection against natural disasters.
  • Archive data offsite.
  • Replace aging physical equipment.

Unsecured networks

  • Configure your firewalls correctly.
  • Use strong, proven antivirus and antimalware software.
  • Keep your software current.
  • Password protect your network or make it invisible.
  • Never transmit private data on public networks. 

Mobile device weaknesses

  • Ensure your device doesn’t scan for and hook up to open Wi-Fi networks.
  • Transfer files via secure software, such as file-sharing apps that encrypt data, rather than email.
  • Enable security features such as remote wipe and automatic file deletion if you lose your phone.
  • Or … don’t lose your phone!

Step 3: Research regulations. Depending on the kind of data you’re storing and transferring, you could be subject to more regulations that you know. These include:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The Consumer Financial Protection Bureau’s (CFPB) data security guidelines
  • Various state data security laws
  • Records disposal laws and protocols
  • Industry standards such as Payment Card Industry Data Security Standards (PCI DSS)

Step 4: Set policies and procedures. Now that you understand what you need to do, decide how to do it. Develop a data security program, train any staff members and enforce protocols reasonably. For instance, if you cannot secure data onsite, look for offsite storage services that offer you features like advanced encryption methods. 

Step 5: Stay ahead of the game. Serve clients to the best of your ability by staying current with your security. It’s not possible to eliminate risk, but you can decrease it significantly by becoming aware of your security issues, learning everything you can and being proactive in your responses.

To learn more about how to keep your data protected, visit for more information.


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.