Doing Business with Mobile Devices

October 22, 2012 by

Need for Risk Mitigation Grows Along With Wider Adoption

Insurance agencies are in the business of managing risk for clients. But as mobile becomes mainstream, they’re facing new risks of their own. Agencies see mobile use as an essential competitive advantage, and they’re responding to producer and customer demands for more access and options. As more agencies utilize the benefits of mobile, they also need to manage the risks of their new technology capabilities.

The marketplace of mobile-based tools is quickly expanding. Agents can use mobile capabilities to streamline application fulfillment, collect data, issue policies, handle claims, and communicate with clients and carriers, among other tasks. For producers and agencies, mobile has the potential to boost efficiency and productivity.

Many agencies are on a steep learning curve as they strike the right balance between benefits and risks. Mobile devices designed for consumer use don’t have professional security protections in place, but they’re increasingly used like personal computers. For professional use, they require the same security now standard in PCs, such as antivirus protection and encryption, but the security protections are meager.

The problem is compounded by the fact that many people use the same devices in their professional and personal lives, mingling email, social media, data gathering, document creation and storage, web browsing, ecommerce and gaming, among other uses. Juniper Research predicts that 350 million workers worldwide will use personal mobile devices at work by 2014, more than double today’s figures.

In some cases, agencies are struggling to get ahead of the trend, contributing to a high incidence of BYOD — Bring Your Own Device to work. Malware is an issue for mobile devices that aren’t regulated, as well as loss and theft.

A weakness in an agency’s security could have severe consequences. Among the possible pitfalls are data breaches, which may lead to identity theft, legal liability and damaged customer relationships. Data breaches also carry heavy financial and reputational penalties, and high costs. Clients expect sensitive personal or corporate data, credit card accounts and other information to remain private, and to be safe from being hacked, stolen or inadvertently revealed.

Following are some guidelines that can help agencies capture mobile’s benefits while managing the risks.

Centralize Information and Policies

Ideally, every employee would be equipped with the same mobile devices from the same manufacturer. But BYOD is already widespread, and employees may not like having separate smartphones and tablets for work and personal use. Whether everyone has the same or different devices, an agency should have standard policies and procedures to secure client and agency data, and set parameters for mobile use.

Every device should be inventoried and password-protected. Employees should be required to change passwords frequently and choose passwords that don’t mimic ones used elsewhere.

Agencies should establish policies for using social media; adding apps and software; taking care of maintenance, patches and updates; and using wireless networks. It’s also helpful to have a reporting and action protocol if a device is lost, stolen or infected with malware.

These requirements need to be taken seriously. A 2011 report by McAfee and Carnegie Mellon CyLab found that four out of 10 organizations have had mobile devices lost or stolen, and half of those devices contained business-critical data. More than a third of mobile device losses have had a financial impact on the organization, according to the report, which surveyed 1,500 respondents in 14 countries.

Employ Security Technology

Security measures have expanded along with the development of mobile devices, apps and software. Some useful technology is mature and readily accessible, such as antivirus and malware protection, as well as GPS tracking capabilities that can be used to locate lost or stolen devices.

Technology also enables users to remotely wipe data if needed, providing protection from hackers and ensuring the data won’t be available to a new user if a stolen phone or tablet is resold. Yet if the criminal finds the phone or tablet before it’s wiped, it’s still possible to hack into the data.

Encryption is critical for client privacy. It is also essential for compliance regulations such as HIPAA, and an agency’s internal se-curity policies. Email, files, folders, calendars and other data should be encrypted.

Another potential safeguard is app wrapping, which gives managers the ability to add layers of security to an app, including who can access it. The app wrap might require user authentication to access the app, control where data can be stored or limit actions, such as file sharing. Note that app wrapping doesn’t affect the performance of the underlying app.

Vet Vendors

As tens of thousands of agencies adopt custom-designed insurance software for mobile devices, the number of companies that are in the business of supplying them has grown. Some, but not all, have experience and a track record of building robust security measures into their products.

When selecting a software vendor, do extensive due diligence on the company and the security it claims to provide for its software and services. Agencies looking to add software or apps should involve representatives from IT and legal, producers and agency management early in the process.

Purchase Data Breach Insurance

Agencies are familiar with the need for insurance, but not all have extensive experience with data breach coverage. Data breaches do occur, and personal information can be disclosed through a criminal act, carelessness, software security gaps or other factors. Nearly all of the 50 states have laws mandating customer notification if a breach occurs, and costs can add up if large numbers of records are compromised. Data breaches can also result in litigation.

Data breach policies can cover notification costs, forensic services, credit monitoring, legal assistance, identity restoration and public relations services. They can also cover specific exposures, such as personal health data breaches.

Mobile technology has become indispensable for many businesses, including insurance agencies. By taking precautions, agencies can use mobile to better serve their clients and run more efficiently, while minimizing the possibility of security problems. An industry that focuses on risk needs to protect itself as well as it protects its clients.