Cyber-Security and Secure eMail
Cybersecurity, secure email, protecting personal health information, and privacy should be the number one priority in Insurtech. Meeting all compliance standards are without question or debate a foundation of every aspect of all life insurance and retirement product launches including internal and external processes, front office and back office systems, data and document exchange, and all forms of communication. – Ken Leibow
eM4 Compliant Email
Email encryption is a reality today, so why not use the most compliant service that doesn’t require logins or passwords. eM4 B2B model requires no user training, in fact, they don’t even know they’re using it. B2C model does not require authentication and when you need to identify the receiver, using PaperClip’s Wallet Authentication is both friendly and provides that “Proof of Delivery”.
Security Awareness for the Modern Life Insurance Firm
Over the last decade we’ve seen a huge shift in the way that technology creates efficiencies and interacts in our everyday life. We went from a world where caller ID was the biggest innovation to present-day, with Uber providing personal drivers at a click of a button, groceries delivered to your door and bank deposits made by using your mobile device to take the picture of a check. The information that used to be held close is now communicated across the internet. These conveniences also increase your cyber security risk. The Life Brokerage Technology Committee (LBTC) hosted a great Webinar presented by Mark Grosvenor, CTO and Executive Vice President of NFP. Click below:
TLS Secure Email
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients.
Transport Layer Security (TLS) is a security protocol that encrypts email to protect its privacy. TLS is the successor to Secure Sockets Layer (SSL).
Opportunistic TLS: Many consumer ISPs and mailbox providers, including Comcast, Google, Microsoft, and Yahoo, use TLS by default, but when a secure connection isn’t available (both sender and recipient need to use TLS to create a secure connection), the provider will deliver messages over non-secure connections.
Forced / Enforced TLS: You can configure your TLS setting to require a secure connection for email to (or from) specific domains or email addresses that you list. This requires TLS for inbound and outgoing connections and returns a non-delivery report to the sender if the recipient does not support TLS. It is not practical to turn on Forced TLS for all connections, as not every mail server supports TLS.
What happens to email to (or from) domains that don’t use TLS?
· Outgoing Mail: Mail won’t be delivered and will bounce. You’ll get a non-delivery report (NDR). Only one send attempt is made (no retries).
· Incoming Mail: Mail is rejected without any notification to you, although the sender will receive an NDR.
Key features of TLS include:
· Encrypted messages: TLS uses Public Key Infrastructure (PKI) to encrypt messages from mail server to mail server. This encryption makes it more difficult for hackers to intercept and read messages.
· Authentication: TLS supports the use of digital certificates to authenticate the receiving servers. Authentication of sending servers is optional. This process verifies that the receivers (or senders) are who they say they are, which helps to prevent spoofing.
Best Practice is to have both parties work together to establish a Forced TLS connection between their respective email domains. This ensures that all emails between both parties are sent secure. While this is a one-to-one connection, and takes additional time to configure, there is no ongoing cost or transactional cost to consider.
Managing Cyber Risk
Business and Technology play a key role in managing cyber risk. Regardless of what type of business you have, you need to implement a plan for protection because today’s cyber attacks are becoming more sophisticated and more dangerous. Cybersecurity needs to becoming part of the every day operation of your business in order to keep it healthy. Today’s top issue is cybersecurity and privacy. PWC has critical information you can use to apply to protecting your business.
An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small businesses up to the Fortune 100 level. Nick founded Windy City Networks, Inc in 1998 at age 19 and was acquired by BSSi2 LLC in 2013 where he is their CIO. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations, was launched.