The necessity of improving data security in insurance companies (challenges and solutions)
According to the financial news report, quoted from the public relations of Asmari Insurance Company, Arman Emadi, Vice President of Technology and Information of Asmari Insurance Company, has a special view on data security in insurance companies. seriously increase These measures should include solutions in the field of human resources, financial resources and other matters.
You can read parts of Arman Emadi’s interview with “Number 92 – Pulse of Economy” below:
In today’s complex and dynamic world, which has become an information society, data has become the main capital and asset of any company that can play an important role in decisions. Data, like other assets, needs to be maintained and taken care of, so insurance companies face great challenges in the field of data security. The main reason for security is summarized in two simple principles:
“Keeping confidential information of customers” and “No disruption in service”.
As it was published in the news, the insurance industry has also faced challenges in this field.
The main challenges in the field of security:
human resources:
– Weakness in the knowledge of general users of systems and unwillingness to learn and resistance to the use of training and new techniques. This weakness is evident to the extent of choosing a suitable password for entering information systems.
– Migration of experts in the field of information technology to other countries
– Dissatisfaction of the forces working in the field of IT with the income from employment, which has caused each of them to be like a time bomb and increases the possibility of information destruction from the inside or internal penetration. Most of the announced vulnerabilities are of the same type (from infrastructure and hosting companies and we suspect that the recent damage to the insurance industry is of the same type.)
– Ignorance of managers and decision makers in this field about the consequences of information leakage and destruction
Funds:
Backup and security equipment has become so expensive for companies that despite the knowledge of the need to strengthen the infrastructure, they accept risk and vulnerability.
– Using cracked software from operating systems to antivirus and backup programs
– Other items: Some of these items are so intertwined that they cannot be mentioned as financial resources or human resources, although they are related to both of these items.
– Impossibility of using foreign consultants
– The impossibility of using some equipment or software in this field due to cost and sanctions
– Excessive trust in people inside the organization that may lead to violation of security principles and standards.
– Absence of national operating system
– Management problems in making decisions and implementing security measures
– The unipolarity or bipolarity of the insurance industry in the selection of insurance software has caused most of the sensitive data of the industry and the country to be available to these two companies. In order to increase data security, insurance companies should look for diversity in the selection of insurance software. For example, when a security bug is found in any of these software, a large number of companies can suffer from this hole.
solutions:
Increasing the knowledge and awareness of general users of systems containing confidential information in the field of data security through training and courses.
Motivating the application of new techniques and using up-to-date approaches in data security.
Allocation of appropriate financial resources to data security and backup and security equipment.
Development of laws and regulations in the field of data security.
Amending employment contracts and pointing out the importance of the data area and determining punishments for neglect and abuse and sharing critical system information.
Improving the income of IT personnel and financing people who have access to confidential data.
As much as possible, do not use cracked software or operating systems for critical systems.
Conclusion:
Considering the importance of data security in insurance companies, it is essential that these companies seriously increase their data security by taking necessary measures. These measures should include solutions in the field of human resources, financial resources and other matters