If you’re reading this from a connected device, you could be vulnerable. In today’s digital age, people use their phones, computers, and even their watches to access information and store data. Just as quickly as you can go to your favorite website, data can be taken from you without you even noticing. According to the Varonis 2019 Data Risk Report, 53% of companies studied had over 1,000 sensitive files open to every employee. LegacyShield refuses to fall into this category. As a technology company, there is nothing more important than protecting the privacy of our users.
Kevin Higginbotham, LegacyShield’s Chief Technology Officer, has been working in technology for over 20 years, beginning in system administration before moving into engineering and architecture roles. His work gave him insight into the evolving world of security, and he has since applied that knowledge to the software as a service market. Kevin provided us with some insight to help users understand the importance of data security when investing in software.
Q: What is the goal of information security within an organization?
A: The role of information security within an organization is simple. Information security exists to maintain the confidentiality and integrity of protected data. An important piece of that is restricting access to information, resources, or other assets to those who require it for their business or job function.
Q: What should people look for in evaluating a company in relation to security?
A: A starting point that every person should be aware of when trusting a platform with important data is the privacy policy. This policy explains what data the company is collecting and what they plan to do with that data. Individuals should also focus on how a company stores your data and how they plan to keep it secure. The next step would be to evaluate their track record and check to see if the organization has any history of security missteps or other red flags. Each company has varying levels of transparency, so, ultimately, it comes down to the level of trust a person has with that provider.
Q: How do you work with engineers who are not versed in security, and how do you measure how well your team is doing?
A: In any modern application, security can’t be implemented as an afterthought. Due to current events in relation to cybersecurity, everyone on the team is more cognizant of the risks to users and their data. It’s important to emphasize security procedures as a crucial factor within the organization; we have procedural controls in place where any odd changes or activity would be scrutinized carefully. We, fortunately, do not have this issue at LegacyShield as our engineers have experience with regard to security. One thing we do that I would suggest to other companies who may have less experienced teams is to have a system of checks and balances so that nothing is introduced into the production environment without a security review. LegacyShield also reviews security as a whole during our regular meetings.
Q: What is your philosophy on security, and how do you make sure that LegacyShield data is secure?
A: Security is a paramount concern, especially when our system takes in the type of data that our users entrust us with. We as a team have a responsibility to take it seriously. To ensure that the data is secure, LegacyShield leverages an in-depth defense strategy with multiple layers of protection in place. All data exchanged with our platform is encrypted in transit and encrypted at rest. This is a must-have for secure communications, and we build upon that foundation to provide the best possible protection for exchanging information between two parties.
Q: Is it possible to prevent an intruder? If not, what do you have in place at LegacyShield to slow down any malicious attempt and then resolve it?
A: Many intrusion attempts can be prevented with the appropriate security configurations and procedural controls, but it would be foolish to think we are ever immune to attacks. For example, if you have a weak password, you’ve invited that level of concern upon yourself. However, we have not had a security issue at LegacyShield to date. We look for behaviors and activities that seem out of place or anything that is unexpected or anomalous. Our security system notifies us of those behaviors so that we may respond accordingly. We also offer multi-factor authentication in Link and encourage our users to require more than a strong password to access their account details. We recognize the unique risks internal and corporate systems may pose and routinely work with our team, partners, and vendors to ensure that we’re protecting all vectors of attack, not just those that are client-facing.
Q: Why do you think many companies haven’t fixed their vulnerabilities?
A: Frankly, because it’s difficult and time-consuming. Staying on top of vulnerabilities requires a lot of attention and effort that may not offer a client-facing benefit. Additionally, many organizations may not realize the risks they could be exposed to if the client data were compromised.
LegacyShield is proud to have a team that cares about the wellbeing of users (advisors and their clients) and looks to make collaborating easy. We recognize security is a fundamental part of what we do and make sure to keep up with the evolving security landscape in order to best serve our users. Unfortunately, many companies do not always realize the risks they are exposing themselves to, not to mention their customers and end-users, by not prioritizing security. Technology is an integral part in the everyday life of a consumer, which means advisors need to prioritize secure insurtech or risk losing clients.
As technology becomes more prominent in the insurance industry, it is crucial that advisors utilize platforms and software that provide exceptional security to their clients and other end-users. Our newest platform, Link, serves as the ultimate connector between advisors and their clients by allowing advisors to collaborate and do business securely in one place. Our internal security replaces encrypted messages and document downloads with secure, platform-level access to files, policies, communication, and transactions. Link gives advisors advanced insights into the needs of their clients and creates a trusting relationship that can be maintained for generations. To learn more about why data security is relevant to insurance advisors, check out our blog, “What Insurance Agents and Advisors Need to Know About Privacy.”
If you’re looking to take the next step with your practice and stop worrying about the security of your clients, connect with us to schedule a demo.