Tamara E. Holmes
If you pay your insurance premium online, you may want to take a second look at your insurance company’s online security practices.
While banks and other financial institutions have clamped down on online security threats in recent years, insurers have lagged in protecting policyholders’ data that is stored online, a new report says. When it comes to online security among home and auto insurance providers, “there’s a lot of room for improvement,” says Lauren Wistrom, a senior analyst with Corporate Insight, a market research and consulting company in New York.
In a recent report, Corporate Insight analyzed how well insurers protect the personal information of their customers and how well they communicate the importance of online security.
While policyholders typically don’t access sensitive financial information from their home and auto insurance provider’s website as they might with their bank or credit card company, you still provide your insurer with information you wouldn’t want to fall into the wrong hands. For example, an online account with your home insurance provider could include your address, as well as insight into the valuable possessions stored in your home such as jewelry or art – information that could prompt a thief to target your home.
Assessing the insurers
The report identified effective online security procedures and indicated which home and auto insurance providers had carried them out. One of the best security features an insurer can offer is two-factor authentication, which means having policyholders enter identifying information on two different pages of an insurer’s website. Amica Mutual, for example, has policyholders enter user name and password information on one page and identify a unique security image on another page. USAA requires policyholders to enter their user name and password on one page and a PIN on another page.
Another good security practice is requiring policyholders to provide specific information about their policies before they can access their account. Such a practice makes it more difficult for someone other than the policyholder to obtain account information. GEICO, The Hartford, MetLife and Nationwide all require policyholders to identify the type of policy they have with the company before they can access their account data or make transactions.
Another effective security practice is reminding policyholders to close their browsers after they log out, an extra measure that lessens the chance that someone using the same computer can call up information recently accessed by the browser. The Hartford, Nationwide, Progressive and Travelers all advise their customers to close their browsers after logging on to their accounts.
While security features are important, it’s also important that companies communicate with their customers about security practices, Wistrom says. For example, State Farm, USAA, GEICO, Liberty Mutual and Progressive all cite the use of Secure Sockets Layer (SSL) encryption techniques – a technology that protects Internet data.
While none of the insurers mentioned in the report wanted to comment directly on the study’s findings, “insurers increasingly depend on electronic data and computer networks to conduct their daily operations, and recognize the need to protect their policyholders’ personal and financial information,” says Michael Barry, a spokesman for the industry-backed Insurance Information Institute. “Insurers have made great strides in recent years to protect their computer systems against data security breaches, and the Corporate Insight report documented a number of them.”
The policyholder’s role
While insurance companies have an obligation to protect their clients’ information, consumers can take certain steps of their own to protect their data. The U.S. Computer Emergency Readiness Team, which leads the country’s cybersecurity efforts, offers these suggestions for keeping data safe:
- Be wary of emails sent by your insurer or any other organization that requests personal information or includes a link for you to click. Such emails could be “phishing attacks,” in which a criminal poses as a trusted company to snatch your personal data. Never respond directly by email; rather, open a browser and log on to your account to see whether the message is legitimate.
- Install and update antivirus and firewall software. These can often identify digital threats.
- Never provide sensitive information such as financial data via email. Instead, ensure that a site will encrypt your data – or scramble it, making it unreadable – before you submit your information. If a website’s address begins with “https” rather than “http,” that means the information will be encrypted. Another sign to look for is a lock icon that may appear in the bottom right corner of your computer screen or on the left or right of the website address field, depending on your browser.
- Use only one credit card for all online payments. If you pay your premium online, designate one credit card with a limited credit line for all online purchases. This ensures that a thief would have limited access to your financial information.
- Never store your password. Some browsers or websites might give you the option of storing your password so you don’t have to re-enter it whenever you log on. While such an option might save time, it can leave your data vulnerable, as someone who accesses your computer can easily tap into your account.