Broker blog from Delta Dental

Tag: cybersecurity

Fear and comfort: Why businesses should care about data security

Fear and comfort: Why businesses should care about data security 

As technology advances and we make more and more personal information vulnerable to cyber breaches, it’s difficult not to feel fear or anxiety about cyber security. According to the FBI’s Internet Crime Complaint Center, the FBI receives an average of 284,000 complaints each year of cybercrimes ranging from identity theft to phishing scams.

When businesses are on the line, the stakes are high. But that doesn’t mean you can’t find peace of mind when conducting business with other organizations. To find some comfort, ensure your clients are asking the right questions beforethey trust their information with a third party, including software vendors, hosting service providers and even insurers. As an insurer, Delta Dental handles both personally identifiable information (PII) and personal health information (PHI), so we take cybersecurity extremely seriously.

To point your clients in the right direction, we asked our security experts on staff to list some categories and questions to begin. Here are some of their suggestions.

Questions about baseline security considerations

  • What policies does your organization have in place to safeguard information?
  • How often do organizations review and update their security posture?
  • What measures has the organization taken to prevent security breaches and/or threats?

Delta Dental uses both our enterprise code of conduct and federal regulations to guide our information security practices, and we regularly update our policies.

Questions about physical security safeguards

  • Does the organization employ multi-factor authentication? Are any of these combined for two-factor authentication? Here are three ways to authenticate: 
    • Something you know (pin, password or similar codes)
    • Something you are (a biometric verification)
    • Something you have (a smart card, badge or chip)

At Delta Dental we use a variety of physical safeguards, including limiting physical and cyber access to PII and PHI. We are proud to employ a “principal of least privilege.” This means staff should only have a level of access that is absolutely necessary.Delta Dental offers insights from their information security team on how businesses can evaluate third-party vendors’ cyber security measures.

Questions about technical safeguards 

  • How does your organization secure data in transit?
  • Does your organization use encryption for data at rest?
  • Does your organization conduct regular vulnerability scans?
  • How does your organization evaluate third parties who may have access to PII or PHI?

For instance, we use secure file transfer processes (SFTPs) for data in transit to and from Delta Dental. We use encryption for any sensitive information — in transit and at rest.

We also use a vendor evaluation matrix to determine what information our vendor partners have access to, and compare access to the level of risk they pose. We then categorize vendors as high‑, medium- or low-impact vendors and assess them accordingly.

Questions about incident reporting protocol

  • What is your process for reporting a cyber security incident?
  • What is your timeline for reporting a cyber security incident?

These questions are crucial for building trust with an organization. At Delta Dental, we have four ways for employees to report any information breaches and three mandatory training programs to educate and encourage our employees on best practices in information security.

For more thought leadership from Delta Dental, subscribe to Insider Update, our newsletter for brokers, agents and consultants.

If you’re a benefits decision maker, administrator or HR professional, subscribe to our group newsletter, Word of Mouth.

Life hack: 3 ways to make cyber security a priority

Did you know January 28 is Data Privacy Day? If so, you’re an information security rock star! If not, no worries — we’ve got you covered with some quick tips to bring you up to cyber speed.Man using laptop

We’re no stranger to exploring information security — from awareness and compliance to prevention, we’re constantly adapting to an evolving cyber landscape. Here are some ways your business can make data protection a priority, too:

  1. Know the impact

As evidenced in the wake of recent data breaches, people aren’t happy when their personal data is exposed in cyber attacks. But did you know that 76% of consumers say they’d abandon a company that experiences multiple breaches?

 

  1. Make compliance cultural 

Studies have proven that having a dedicated incident response team in the occasion of a breach can significantly lower the financial impact on an organization. But take it one step further! Share your organization’s prioritization of data privacy with all of your employees — because the more they care, the more likely they are to take care.

 

  1. Do the math 

If you’re not sure how your organization stacks up against cyber threats, try plugging some information into this Cost of a Data Breach calculator, provided by IBM and Ponemon Institute.

 

The calculator takes your organization’s location, industry and security measures into account to a deliver an estimated impact to your bottom line in the event of a threat. Take special note of how some factors, like participation in threat sharing and employee training, can actually lower your estimated costs.

Join the #DataPrivacyDay conversation on LinkedIn and Twitter, and subscribe to our newsletter for more industry news from Delta Dental.

Certified Ethical Hacker: oxymoron or Information Security genius?

We hope you’ve enjoyed reading our internal spotlight series on Delta Dental’s Information Security. (In case you missed any content, check out our article on employee training and compliance and our article with insights from our Director of Information Security.)

Did you ever think you’d be thankful to read the term “hacker”? If not, we may have a new perspective for you. Meet Chad Greiner, Security Engineer III and Certified Ethical Hacker (CEH) in training, and see how he’s going the extra mile to protect your clients’ privacy.

Q: How long have you been with Delta Dental, and what other jobs have you held in your field?

A: I’ve been here for about six years. Before joining this team, I worked for a medical alert device company. I served as the main administrator for their entire IT operation.

Q: You’re training to become a CEH. Are there any other certifications you have or plan to earn?

A: Yes, I’m a Certified Information Systems Security Professional (CISSP). The CISSP seems sort of like a generalized job title, but it’s actually a comprehensive certification. To sit for the exam, you have to have about five years’ worth of work experience, be recommended by a fellow CISSP in good standing and re-certify every three years. The CEH is kind of an extension of the CISSP, except it focuses on strategies to help you think like a criminal — so you’re better armed to prevent a cyberattack.

Q: With that said, do you think the CEH is a controversial certification?

A: We don’t view it as controversial within the security industry. My perspective is that any type of attack is a crime, so in any criminal field, you need to understand the people you’re trying to catch or obstruct to be effective at your job.

Q: That makes sense. How would you respond to criticism that the title “ethical hacker” is an oxymoron?

A: In my mind, intent is what makes an action ethical or unethical. I’m not necessarily learning how to break things; instead, I’m learning how things can be broken to prevent breaches in security from occurring.

Q: What do you think is the most important aspect of your CEH training?

A: Learning about what tools are out there has been extremely important. Early on in my career, there weren’t as many “hacking” opportunities readily available to experienced cybercriminals, let alone the average person. The way technology is evolving has made it easier to access private information — so it’s that much more important to learn every defense against cyberattacks that we can.

Q: Why do you think being a CEH is particularly valuable to an analyst within an organization like Delta Dental?

A: Knowing what to protect against — knowing what avenues people can take in an attack — is critical. It’s really the first and most important step in securing private information. Clients can have confidence in knowing that, with a CEH, we’re able to get into a criminal’s mindset and get a step ahead of them.


Thanks for reading our series on Information Security! Stay tuned for more client news and insights from Delta Dental. 

Information Security by the numbers

Spotlight on our Office of Compliance (OOC) team, and second article in our Information Security series.

We’ve done the math and found that preparation is better than reparation when it comes to securing private information. That’s why we prepare for security compromises as if they are imminent. In fact, we protect your private information in many different ways.

Beyond cutting-edge technology and a team of security analysts, preventing a security breach includes:

  • 1 focused team of compliance and privacy experts
  • 2 models for setting compliance standards — our enterprise code of conduct and federal guidelines
  • 3 mandatory training programs that educate employees and help prevent compliance, privacy and security breaches
  • 4 ways for employees to report potential compliance incidents if they do occur

98157_OOC article

Our compliance expertise adds up, giving you 10 reasons to know your organization’s private information is in good hands with Delta Dental.

And, did you know that one of the most frequent causes of a privacy incident is incorrect enrollee data? You can help safeguard sensitive information by ensuring that enrollee eligibility files are correct and updated with Delta Dental.

For more information on our approach to protecting your organization’s privacy, check out a recent interview with Sitaram Inguva, our director of Information Security.

© 2022 Insider Update

Theme by Anders NorenUp ↑