Why Insurers must adopt Multi-Factor Authentication
With heightened cyber security risks, the need for extra layers of security is paramount. Cybercriminals are looking to steal customer, employee and financial information through many industries. Insurance companies are a key target. A successful cyber hack is not only costly and frustrating for the customer, but has significant impacts on the insurance business also. Attacks can bring down core service offerings. Loss of data via a breach leaves insurers' businesses at a high risk of reputational damage, financial and investment loss, and potentially financial penalties if a company has not complied with the Australian Privacy Principles (APPs). Investment in multi-factor authentication is one of the most effective control measures and is worth every cent when it comes to protection against cyber attacks.
What is Multi-factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is a method that requires users to verify their identity, by using multiple validating factors. The first factor is something you know i.e. your username and password. The second, or multi-factor, is something you have i.e. an application, SMS or token.
A username and password can be easily stolen however when users are required to enter additional credentials such as through a code via SMS, authenticator application or software token, the security of their credentials is tightened. The likelihood of more than one of these factors being compromised is extremely low.
The most commonly used multi-factor is a Time-Based-One-Time Password (TOTP). After inputting a username and password, the user is then prompted to input a TOTP into another login interface as proof that they should have access. A TOTP can be received as an SMS, although more common now is to obtain the TOTP through an authenticator application by scanning a QR image. Codes generally expire after 30 or 60 seconds.
Why do insurance companies need MFA and TOTP?
Use of MFA and in particular TOTP, provides an extra layer of security for customers and businesses alike. Insurance companies hold highly sensitive and valuable information, which if accessed unlawfully can open up a world of pain - once customer information is in the hands of the wrong people, there is no going back.
Ransomware attacks are increasing in severity and are targeting a more broad range of company devices. Where previously attackers would target a company’s central database, staff mobile devices are now an easier and more common access point to create havoc and make ransom demands. Identity theft is often started by a ransomware attack. MFA offers additional protection by adding a layer of security that has been shown to block 99.9 per cent of attacks. Whilst it may make the task of logging into a device more complex and time consuming for staff, the benefits delivered by MFA significantly outweigh any inconveniences it causes.
When partnering with EstImage as your insurtech provider, you can be rest assured that EstImage Property and EstImage Motor come with MFA as standard. Stelvio has been working as a trusted and secure partner providing cloud-based technology and insurtech solutions to Australian general insurers for the past two decades. The EstImage product suite, powered by Stelvio, complies with local privacy legislation, APRA information security and business continuity policies, and is American Institute of Certified Public Accountants (AICPA) – SOC 2 Type II cloud data safeguard compliant.
For more information on how Stelvio can help protect your business and customers, contact the team today.