Enterprising Developments

The 4 Pillars of IT Security

Joe McKendrick
Insurance Experts' Forum, November 8, 2013

A nasty new version of “ransomware” has been making the rounds on the Internet, putting millions of personal and corporate files at risk. Instead of stealthily copying data and sending it somewhere else, this type of Trojan virus encrypts the data in an unbreakable algorithm, then demands payment for the key to unlock it.

“This kind of malware is not new but over the past 18 months it has become significantly more prevalent and the malware authors have written significantly more clever and scary versions,” writes James Lyne, global head of security research for Sophos. Even after security tools clean out the virus, the files remain encrypted. The latest variation of the threat, called CryptoLocker, includes a countdown timer which demands a payment of $300 within 72 hours or else the key file will be deleted.

Hopefully, law enforcement will catch up to the creators of this and other viruses, but unfortunately, there will be others. This is only the latest reason – as if any more were needed – for continuing, comprehensive employee education on data security. In addition, it points to the urgency of making sure that all important data is backed up and available on a continuous basis.

Some best practices every insurer needs to engage in and maintain:

Education and training: This is the first, and best, line of defense for organizations. Build a security-aware organization, in which employees can effectively “police” their own domains, following best practices such as not opening suspicious emails or visiting non work-related websites.

Your own encryption: After employee engagement and training, this is the second best line of defense against data theft or corruption. You may have the best technical defenses in the world at your production site, but what happens as data is sent out to development groups or backup sites? How secure are these parties, even if they are still part of your organization?

Monitoring and auditing: Companies don't do enough monitoring and auditing to ensure that unwarranted access is taking place. In surveys I have conducted, many companies only audit their access logs every few months or so. By then, it may be too late.

Technical tools:  Finally, there is a range of security solutions that help ensure that databases, servers, networks and client devices are protected against unwarranted intrusions.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

On Thanking the Regulator … Really

The Financial Conduct Authority is demanding higher standards of consumer protection from insurers, which could lead to greater customer engagement and understanding.

Competing with the Coasts for Tech Talent

Are heartland-based insurers at a recruiting disadvantage for tech skills?

Putting Your Investments Where Your Transformation Is: Part 2: Optimizing Your IT Investments Portfolio

Sam Medina continues a 3-part series on Transforming the IT Investment Budget in order to fund new programs and initiatives without the necessity of additional capital expense.

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently — and profitably.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

Advertisement

Advertisement