Broker blog from Delta Dental

Tag: IT security

Fear and comfort: Why businesses should care about data security

Fear and comfort: Why businesses should care about data security 

As technology advances and we make more and more personal information vulnerable to cyber breaches, it’s difficult not to feel fear or anxiety about cyber security. According to the FBI’s Internet Crime Complaint Center, the FBI receives an average of 284,000 complaints each year of cybercrimes ranging from identity theft to phishing scams.

When businesses are on the line, the stakes are high. But that doesn’t mean you can’t find peace of mind when conducting business with other organizations. To find some comfort, ensure your clients are asking the right questions beforethey trust their information with a third party, including software vendors, hosting service providers and even insurers. As an insurer, Delta Dental handles both personally identifiable information (PII) and personal health information (PHI), so we take cybersecurity extremely seriously.

To point your clients in the right direction, we asked our security experts on staff to list some categories and questions to begin. Here are some of their suggestions.

Questions about baseline security considerations

  • What policies does your organization have in place to safeguard information?
  • How often do organizations review and update their security posture?
  • What measures has the organization taken to prevent security breaches and/or threats?

Delta Dental uses both our enterprise code of conduct and federal regulations to guide our information security practices, and we regularly update our policies.

Questions about physical security safeguards

  • Does the organization employ multi-factor authentication? Are any of these combined for two-factor authentication? Here are three ways to authenticate: 
    • Something you know (pin, password or similar codes)
    • Something you are (a biometric verification)
    • Something you have (a smart card, badge or chip)

At Delta Dental we use a variety of physical safeguards, including limiting physical and cyber access to PII and PHI. We are proud to employ a “principal of least privilege.” This means staff should only have a level of access that is absolutely necessary.Delta Dental offers insights from their information security team on how businesses can evaluate third-party vendors’ cyber security measures.

Questions about technical safeguards 

  • How does your organization secure data in transit?
  • Does your organization use encryption for data at rest?
  • Does your organization conduct regular vulnerability scans?
  • How does your organization evaluate third parties who may have access to PII or PHI?

For instance, we use secure file transfer processes (SFTPs) for data in transit to and from Delta Dental. We use encryption for any sensitive information — in transit and at rest.

We also use a vendor evaluation matrix to determine what information our vendor partners have access to, and compare access to the level of risk they pose. We then categorize vendors as high‑, medium- or low-impact vendors and assess them accordingly.

Questions about incident reporting protocol

  • What is your process for reporting a cyber security incident?
  • What is your timeline for reporting a cyber security incident?

These questions are crucial for building trust with an organization. At Delta Dental, we have four ways for employees to report any information breaches and three mandatory training programs to educate and encourage our employees on best practices in information security.

For more thought leadership from Delta Dental, subscribe to Insider Update, our newsletter for brokers, agents and consultants.

If you’re a benefits decision maker, administrator or HR professional, subscribe to our group newsletter, Word of Mouth.

Certified Ethical Hacker: oxymoron or Information Security genius?

We hope you’ve enjoyed reading our internal spotlight series on Delta Dental’s Information Security. (In case you missed any content, check out our article on employee training and compliance and our article with insights from our Director of Information Security.)

Did you ever think you’d be thankful to read the term “hacker”? If not, we may have a new perspective for you. Meet Chad Greiner, Security Engineer III and Certified Ethical Hacker (CEH) in training, and see how he’s going the extra mile to protect your clients’ privacy.

Q: How long have you been with Delta Dental, and what other jobs have you held in your field?

A: I’ve been here for about six years. Before joining this team, I worked for a medical alert device company. I served as the main administrator for their entire IT operation.

Q: You’re training to become a CEH. Are there any other certifications you have or plan to earn?

A: Yes, I’m a Certified Information Systems Security Professional (CISSP). The CISSP seems sort of like a generalized job title, but it’s actually a comprehensive certification. To sit for the exam, you have to have about five years’ worth of work experience, be recommended by a fellow CISSP in good standing and re-certify every three years. The CEH is kind of an extension of the CISSP, except it focuses on strategies to help you think like a criminal — so you’re better armed to prevent a cyberattack.

Q: With that said, do you think the CEH is a controversial certification?

A: We don’t view it as controversial within the security industry. My perspective is that any type of attack is a crime, so in any criminal field, you need to understand the people you’re trying to catch or obstruct to be effective at your job.

Q: That makes sense. How would you respond to criticism that the title “ethical hacker” is an oxymoron?

A: In my mind, intent is what makes an action ethical or unethical. I’m not necessarily learning how to break things; instead, I’m learning how things can be broken to prevent breaches in security from occurring.

Q: What do you think is the most important aspect of your CEH training?

A: Learning about what tools are out there has been extremely important. Early on in my career, there weren’t as many “hacking” opportunities readily available to experienced cybercriminals, let alone the average person. The way technology is evolving has made it easier to access private information — so it’s that much more important to learn every defense against cyberattacks that we can.

Q: Why do you think being a CEH is particularly valuable to an analyst within an organization like Delta Dental?

A: Knowing what to protect against — knowing what avenues people can take in an attack — is critical. It’s really the first and most important step in securing private information. Clients can have confidence in knowing that, with a CEH, we’re able to get into a criminal’s mindset and get a step ahead of them.


Thanks for reading our series on Information Security! Stay tuned for more client news and insights from Delta Dental. 

Why Delta Dental hires Certified Ethical Hackers

(And other things you didn’t know about security)

Have you ever wondered how Delta Dental protects your clients from a data leak or cyberattack? If you have, Sitaram Inguva — our Director of Information Security — has some insight. And some of it may surprise you.

PHI is significantly more valuable on the internet than credit cards

All matters of information security are serious, but PHI is especially attractive because it can be more useful in identify theft. A data breach can also be very expensive. A recent study1 shows that a single compromised health record can cost a company more than $200 in reparation (per enrollee). For these reasons, we use world-class cybersecurity technology to prevent such compromises from happening.

Hackers and malicious software aren’t the only causes of data leaks

Sitaram says, “A data breach can take many forms, the most obvious form being external hacking attempts by cyber criminals. However, they also happen due to technology gaps, human error and a lack of awareness.” Delta Dental deploys best-in-class technologies to protect information, but our most valuable line of defense is employee training and awareness. Apart from data encryption and up-to-date software upgrades and patches, our greatest priority is ensuring that our people are trained on the latest best practices in information security.

Delta Dental has Certified Ethical Hackers on our side

We have a highly talented security team, many of whom have industry-leading certifications, like Certified Ethical Hacker (CEH). They’re trained to detect vulnerabilities in our security and employ their skills to keep our systems and client information safe.


At Delta Dental, there’s a lot that goes into security. Share this information with your clients to give them confidence that their information is in good hands. 

1 2015 Cost of a Data Breach: United States, Ponemon Institute, May 2015

© 2022 Insider Update

Theme by Anders NorenUp ↑