Since the onset of the COVID-19 pandemic, the FBI has reported a 400% spike in cybercrimes.[1] With employees, business leaders and even claims administrators working from home, there’s an increased risk of cybercrimes against both individuals and their employers.
With increased crime comes increased risk: risk that your data has been compromised in some way, whether stolen, altered or deleted. On a personal level, this may include identity theft or credit card theft. When it comes to your business, though, the implications can be far more significant.
That’s why data integrity, or the trustworthiness or accuracy of the data, is critical. Your business relies on data to make strategic decisions. But if your data is incomplete or inaccurate, these decisions may be counterproductive to your goals or needs. Data that has been tampered with – whether altered, added to or removed – is not only unreliable, but also becomes essentially useless when it comes to analyzing trends or making informed decisions.
Risk managers need to be vigilant. Data must remain accurate, complete and accessible. Ensuring data integrity involves following best practices for protecting data within your organization, as well as selecting a software partner carefully.
Maintaining data integrity when handling claims
The first step to protecting the integrity of your data is to take appropriate steps toward protecting the data itself. Minimizing the threats from inside is a good starting point. It sets expectations of behavior and minimum requirements among employees, as well as leadership, that reliable data is a priority.
For claims handlers interested in improving data integrity, consider these best practices for both inside and outside your organization:
- Limit access to information. Not everyone in the organization needs access to everything. Create policies restricting access to individuals based on roles within the organization. Who needs access to the data in order to do their job? Any elevated access requires managerial approval and security review, and access must be reviewed regularly. Make sure you remember this when terminating an employee or moving the employee to a different department.
- Introduce a tiered approval process. With tiered approval required, at least two employees (often a direct manager and an executive) need to approve an action. You may prefer a progressive approval process that tracks up to five approval levels up the chain of command. The main goal is to ensure that no one – or at least a limited number of people – has access to all the data. In addition, at each stage of approval, there’s an opportunity to question the action to determine whether it’s appropriate or necessary.
- Require vendors to be covered. Working with a vendor is a potential risk. It means letting someone else have access to your clients’ personal information. Selecting vendors who already have a certificate of insurance (COI), including cyber coverage, is one way to mitigate that risk. When vendors are already taking steps to maintain their data integrity, including doing their own due diligence, they are more likely to be a safe bet.
- Adhere to regulations. Use well-known regulations as a yardstick for determining the best course of action. California and New York are well-known leaders in privacy and cyber regulation, but it’s important to review all local regulations for every place your customers live. If you do business in Europe or have European customers, their data will fall under the General Data Protection Regulation (GDPR), the EU’s regulation on cyber security. Consider reviewing GDPR whether you have European customers or not, as it’s currently regarded as the strictest in the world and is a gold standard for all municipalities and governments looking to create a cyber security standard. More and more entities will be moving toward the GDPR standard in the future.
Choosing the right tech partner
Maintaining data integrity is a big job, but it can be made easier with the right digital solution. As when choosing any vendor, it’s a good idea to make sure your software provider is following best practices for data integrity. Make sure your tech partners:
- Maintain their own data. A software provider that outsources data storage is allowing additional organizations access to your data. You want a provider that is aware of the risks and maintains data integrity by having their own proprietary infrastructure and data center facility. Choose a provider that undergoes annual security audits and certifications for their facilities as well.
- Offer fully embedded analytics. It’s also important to look for a provider that does not rely on a third-party vendor for your desired functionality, like Artificial Intelligence (AI) and analytics. Many companies claim to provide these services out of the box, when they actually must send and retrieve your data to and from external vendors for analysis. By choosing a provider with fully embedded AI and analytics, you can eliminate potential security risks, the possibility of data theft and failure points while reducing the complexity of the process.
- Utilize automation. Software providers usually rely on automation to gather and process data. The information is less vulnerable when no one has to manually transfer information from paper or email to the database. Not only does this mean fewer people have access to the information, but it also ensures your data remains unchanged, accurate and valid. Choose a provider that has experience developing custom data feeds and also offers API capabilities.
- Offer the ability to delete data. Although deletion sounds scary, it is appropriate and even necessary at times. Deleting old files or those your business is no longer required to retain is important and must be done with the right safeguards in place. Working with a trusted software partner will help you know that when a piece of information has been deleted, it is really gone and no longer a liability for your business.
- Guarantee an audit trail. One way to ensure data is accurate and reliable is to know where it comes from. An audit trail traces a single piece of information back to its origin. If your software provider offers the ability to see changes made to any element of data, from any point in time, you have the confidence of knowing your software provider is protecting data the way they should be.
Next Steps
Now is the time to explore how to effectively maintain data integrity across your organization. Whether addressing security challenges from inside your organization or selecting the right vendors to help you achieve a level of efficiency and reliability, it’s a good idea to face the obstacles head on — today. For more information on this topic please contact John Irving.
[1]Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic (prnewswire.com)
