| |DECEMBER 20229With the release of draft Data Protection Bill in India, security governance has taken the center stage with focus on handling customer consent, data, grievances, and rightsfind loopholes even before they happen. Other steps that can be taken include (but not limited to): Encryption of Data: Encryption is the process of scrambling information so that it's unreadable without decryption. Encrypting databases is an important practice for data security. This ensures that those who do not have the decryption key cannot decipher the stored information even if they somehow get access. Key points to cover include encryption of data-at-rest and encryption of data-in-transit.Robust Backup & Disaster Recovery Plan: A crucial way to instantly improve the company's data security is to create backups of all critical processes and assets. After all, no organisation would ever want to fall victim to a cyber-attack and lose everything that the respective teams have worked so hard to achieve. Backups should be regular, and preferably on multiple locations and in different formats. It is also important to test the backups regularly to make sure they're working properly, especially if they'll be used for long periods of time. Another critical aspect is defining frequency of backups in tandem with RTO and RPO for an effective DR test plan.Comprehensive IT audit process: The regular IT audit process should include audit of not only the data, but also the entire process/activitiescarried out to secure that data. Auditingthe entire security strategy and procedures for different types of risks, including compliance with industry standards and regulations is a must to achieve the next level of security within any organisation.Proactively Monitoring Access to Sensitive Data: In order to prevent unauthorised access, it's important to know who has been given access, to what, and what they are doing with it. A number of tools can be used to keep track of who has accessed the systems, when they accessed them and what they did while in possession of confidential information. Logging software can help record all activity in the landscape while tracking users' activities across time periods, along with providing audit trails so that administrators can easily review events such as failed logins or any suspicious activities that may have taken place during business hours. On the other hand, intrusion detection systems (IDS) and intrusion prevention systems (IPS) can block unwanted traffic from entering into systems so employees aren't able to transmit malicious code onto company servers without detection from security teams.Why Fool-proof Governance MattersWith the release of draft Data Protection Bill in India, security governance has taken the center stage with focus on handling customer consent, data, grievances, and rights. Customers today are aware and empowered. They know the risks in case their personal data is leaked. For insurance, the exchange of sensitive financial information is pretty standard and frequent, so even a minute's snag or glitch has to be kept at bay at all costs. As much as customers are looking for good claim settlement ratio, they are also looking at good data security practices, given the recent increase in data breaches.When one talks about robust data governance, it's not a one-time effort but a continuous, ongoing and an ever-improving process. This process is also subject to change in data privacy rules and regulations that the framework needs to adhere to. For instance, the organisation needs to segregate and categorize customer data right in the beginning of their journey where respective teams are accountable for the data that they are handling.What makes data security a big deal, especially in insurance is the fact that it's not just about protecting the data you have; it's also about protecting your customers' trust in you and their ability to do business with you safely and securely.
<
Page 8 |
Page 10 >