Data Loss Prevention for Insurance Providers
The insurance sector includes many types of insurance companies. Some of the largest categories include health, life, accident and property insurers. While the types of insurance vary, all insurance companies collect data from their customer base and most of the data is highly sensitive (e.g., healthcare and financial information). Just think about how much personally identifiable information(PII) you provide when you purchase an insurance policy for your vehicle or obtain health insurance for you and your family. Similarly, if you own a vehicle in the United States, you are required by law to have auto insurance and doing so, you provided the insurer with PII.
Data loss prevention (DLP) solutions help mitigate the risk associated with data loss due to insider – related incidents (e.g., employee theft of proprietary information), physical damage to computers, or as a result of human error (e.g., unintentional file deletion or the unintentional sharing of sensitive data in an email), and data breaches due to malicious attacks.
Insurers understand that a strong cybersecurity program is vital for their success and that preventing data loss must remain a top priority for future success. Mitigating the risk of loss requires a combination of properly educated and trained people, processes and technology. In this blog, I will focus on technology and discuss three capabilities or features that insurance providers should consider when evaluating technology to help mature their data loss prevention (DLP) program.
Data Classification
Data classification is the process of categorizing data to easily retrieve and store it for business use, but also to protect it from loss and theft, and enable regulatory compliance and incident response activities. Because insurers process highly sensitive data, they must comply with data protection laws and regulations, and meet industry standards (e.g., California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS)).
To do so, it’s imperative that the company have a full understanding of the types of data they have and where it is located. Without this understanding, it will be very challenging to keep pace with an ever-evolving regulatory landscape, or to enable appropriate incident response in the case of a data leakage or a breach caused by malicious actors. Automated data classification and labeling is foundational to preventing data loss. It is the best way for organizations to not only fully understand what types of data they are collecting, processing, and storing, but to also enable the organization to set policies for each data type.
Content Inspection
DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way that the policy does not allow. Offerings that inspect confidential data based on both content and context are most desirable. For example, content inspection techniques and contextual analysis help identify sensitive data before it is shared in a file with an unauthorized individual.
In fact, Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee). The inspection capability of the DLP solution is very important and when selecting a solution, it’s even more important to evaluate modern DLP solutions. Traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on premises environments. Traditional DLP rely heavily on content analysis and do not always accurately identify sensitive data. Sometimes the traditional tools blocked normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is in fact sensitive.
Insider Threats
Insider-related incidents are always a possibility. Employees who make mistakes that result in data leakage are more common than attacks from external malicious actors. Insider related incidents may occur when a disgruntled employee leaves the company, when a dissatisfied employee transmits files to their personal computer, or when an employee begins printing large amounts of documents that are unrelated to their position.
Recall the 2020 Marriott breach when guest information was accessed using the login credentials of two employees at a franchise property. Marriott did not notice the suspicious activity of the employees’ profiles from mid-January to the end of February. DLP solution can help insurance companies monitor for suspicious activity and policy violations, and take action on insider threat indicators by sending out alerts when there has been an indication that an individual’s behavior is suspicious, display warnings using pop-up messages, and block data entirely to prevent leakage or exfiltration.
Conclusion
Insurance companies are not created equal. The insurance sector includes many categories with varying customer bases, data and applicable laws and regulations. The one thing they all have in common, however, is the need to prevent data loss. When highly sensitive data is leaked or a data breach occurs, insurance companies are faced with navigating the negative consequences such as having to pay the high cost associated with data breach fines and remediation, and repair the reputational harm to their company and brand.
Selecting the right DLP solution requires knowledge of market trends, the gap between traditional DLP tools and modern DLP tools, data loss prevention best practices and the purchasing organization’s security initiatives and goals. Given the many options and variables to consider, it will also be important to understand the nuances and distinctions among solutions on the market.