by Dillon Fornaro, Security Engineer, Kite Technology Group
Meeting compliance is often burdensome for insurance agencies. Requirements constantly change, and many are technical – like making alterations to ensure your server and configurations are up to standard. The process is taxing, even for agencies with internal IT.
When you work with a managed service provider, you access a team with a breadth of IT specializations. At Kite Technology, many team members have insurance backgrounds. We are familiar with the industry and well positioned to research new requirements, follow the latest trends and enact solutions to keep your agency compliant.
Your Specific Compliance Requirements Are the Starting Point
In a meeting, we’ll discuss which regulations apply to your business. We’ll pair your requirements with security best practices to maintain compliance and protect your network. To comply with the New York Department of Financial Services (NYDFS) 23 NYCRR 500 you need a comprehensive cybersecurity program. We will then be able to design a compliant environment through risk assessments, vulnerability scans, and the enforcement of compliant password policies.
From there, we’ll tailor your plan, depending on your compliance needs.
Based on your requirements, we might add controls like a USB lockdown where we prevent removable storage from being accessed on devices. Or, implementing multifactor authentication on your devices and accounts.
For example, one of our newer clients wanted stringent security solutions in place. First, we set up continuous network scanning to ensure no gaps exist. Then, we created a policy outlining controls, firewall settings and user access settings. We documented action items, clarifying how we’ll maintain compliance for our client.
We Audit Our Work
After we’ve implemented vulnerability scanning, our team runs audits. Many of our engineers have insurance backgrounds. As they assess your system, they ensure you’re up to date with the latest regulations insurance agencies need to follow and that security gaps are closed.
Your clients and partners have proof you’re actively securing their data.
Our documents and processes can be reviewed by third parties you work with, providing assurance to your partners that your network and data are secured. Or, if a client or third party presents you with a questionnaire, we’ll work with you to answer the questions.
New Regulations Are Carefully Monitored
To keep your network up to date, we carefully read updates on regulations as they emerge. Plus, because our team constantly conducts risk assessments, completes compliance questionnaire and provides general assistance to insurance agencies, we’re alerted to the latest needs and requirements.
A Partnership That Works for You
Some of our clients want to hand off IT completely. Others want their in-house IT to be involved. We’d be happy to serve as your in-house IT or partner with your internal team.
Serving as your IT
If you don’t have an IT team, or want us to fully manage your IT, we’ll work with a site contact. Any updates will be sent to this person. If a process affects workflows, we’ll contact you in advance, explain what will happen and schedule a time for the changes to take place.
Collaborating with your team
If your team wants to be involved, we’ll work together to find the right roles and responsibilities for both parties. This could involve actions related to the audit or explaining changes to your users. Either way, your team stays fully informed. We send regular updates and schedule calls to discuss what’s happening.
When we started working with one client, the controller had a list of passwords she reset biannually. When passwords were updated, she checked each one to ensure it met standards. We implemented an automated solution with logical controls and requirements. Now, the controller doesn’t have to check passwords twice a year and the agency has strong credentials.
You Don’t Have to Manage Compliance Alone
Compliance doesn’t have to mean another task is given to an overworked team. We can comprehensively manage your requirements. Contact us today to discuss your needs and how we can help: 855-290-5483.