What Every Insurance Professional Needs to Know About the Safeguards Rule

What’s changing in cybersecurity regulations for insurance professionals, and how Stratti can help

The Federal Trade Commission (FTC) recently made updates to its Safeguards Rule. Regulations have shifted to mean non-banking institutions, like law firms, car dealerships, and insurance firms like yours are newly responsible for security systems that “safeguard” sensitive client information. 

This personal information like social security numbers and bank accounts, often referred to as Personally Identifiable Information (PII), is a tempting target for cybercriminals—and attacks and data breaches are getting worse. You’ve probably seen headlines over the past years, but now, federal regulations are catching up and the rules are tightening

So, to avoid the risk of fines, lawsuits, or damage to your personal and business reputation, all insurance professionals need to be in compliance.

For those in your industry, the safety of PII is very relevant: often, your firms collect and store a lot of sensitive client information, from health information to car loan details, all the way to social security and credit card numbers. 

If you read that and said to yourself “Well, that’s easy to lock down” — not so fast. Even if you’re ahead of the crowd on maintaining secure systems, the Safeguards rule changes put it pretty plainly: if you can’t oversee IT on your own, you need to hire someone to do it for you. 

Good news. As your IT wingman, Stratti’s got your back. 

We can help you navigate what changes are happening, what you need to know, and how to take action. The best place to get started is our FREE 15-minute cybersecurity assessment, during which we’ll help you identify areas of vulnerability and the best place to get started in protecting your clients’ data.

Click here to learn more about the FREE, no-obligation, 15-minute cybersecurity assessment.

What Does the FTC Require from Insurance Professionals?

The Safeguards rule is primarily about how, and why, businesses collect and store PII, but it’s also about what happens when a breach does occur. These days, it’s truly a matter of “when” and not “if,” so ensuring you have data protection as well as a disaster recovery plan in place is part of complying with the rule changes. 

When cybercriminals steal your clients’ information, it can have far-reaching consequences. Not only are your clients now at risk of having their own personal and professional accounts hacked, you and your organization are at risk. Business interruptions, errors with payroll, and ransomware demands could all occur, and of course, you likely know it’s hard to build a good reputation, but easy to lose it. 

Stratti can help ensure your firm is in compliance, but we’ll do you one better. We’ll make sure you know what you need, and why, to comprehensively protect your business.

Here’s where we can help:

We can handle the technical expertise you need to help you stay in compliance with the new FTC Safeguards Rule requirements: 

  1. Implement Stratti’s Ultimate Cybersecurity Solution to meet the FTC’s new cybersecurity requirements at once while protecting your business. We’ll help you establish:
    1. Multi-Factor Authentication (MFA)
    2. Multi-point protection from firewalls to user devices
    3. Endpoint protection with EDR antivirus
    4. Spam filtering and other email security
    5. Website blocking and online content filtering
    6. System isolation for infected systems
    7. Dark web monitoring 
  2. Test your security as often as you need with our Proactive System Management. It includes:
    1. Security and vulnerability patch management
    2. 24-hour system and network monitoring
    3. Data backup and continuous monitoring and maintenance
    4. Network penetration testing
    5. Helpdesk complete with system and network support
  3. Educate and prepare your team to spot cyberattacks with Information Security Training and Verification:
    1. Cyber awareness training for users
    2. Training and testing for email phishing scams
  4. Stratti can also generate documentation of your policies and incidents, including:
    1. Backup and Disaster Recovery (BDR) plans
    2. Risk assessment reports
    3. Asset summary reports
    4. Network penetration reports
    5. Vulnerabilities reports

You can’t get in compliance overnight, so we recommend getting started as soon as possible. Your clients and your business will be more secure as soon as you do. 

Ready to get started? We offer a FREE, no obligation, 15-minute cybersecurity assessment to identify areas of vulnerability and get you on the path to compliance.

Call us at (530) 342-8999, email, or fill out the form below.