Did you know that you could be putting your business, and your clients' data at risk just by sending policy documentation by email?
Crazy right? However, the simple statement of "We have always used email." no longer suffices.
The reality of today's business practices is that we must contend with cybercriminals projected to steal an estimated 33 billion records by 2023 - that's up from 12 billion records swiped last year.(1) In the United States, an estimated 1,579 data breaches including 179 million record were exposed.(2) In the United Kingdom, The Department for Digital, Culture, Media and Sport commissioned the Cyber Security Breaches Survey 2019 (3) survey along with Ipsos MRI Social Research Institute and University of Portsmouth where they reported the annual cost for medium and large businesses affected by a breach costs between £9,270 - £22,700 (see below) - and that's likely not including any GDPR fines if the breach contained identifiable personal data.
At Clinked, this motivates us to ensure you protect yourself and clients using secure methods.
In this article, we will highlight 6 key records commonly used by insurance brokers that shouldn’t be distributed via email, the reasons why they shouldn’t, and the solutions out there that you can use in order to share these sensitive files securely.
After reading you will have a stronger understanding of how careful you need to be when dealing with documents containing personally identifiable information and what to do in order to avoid the risk of data breaches. On with the show!
6 key records not to share via email
- Policy Documents: The schedule of insurance identifies the policyholder and gives details of the coverage, conditions and exclusions. The schedule can contain sensitive data about your client be they an individual, family or business covered by the policy. If this data was breached it could have a significant impact on your client and your reputation.
- Terms of Business Agreement: Written agreements enforceable by law, agreeing a deal between two or more people/organisations, provide specific details that can compromise companies and individuals. TOBAs are used all the time between insurers, brokers, sub-brokers and their clients. Despite the importance of TOBAs, they should never be sent via email due to the information that they might contain.
- Market Presentations: These documents present your client’s details to underwriters or wholesale brokers in the insurance market. Depending on the client and class of business these details may be distributed to several markets. Can you be sure your client’s data remains secure using email?
- Invoices: Invoices give the details of a payment request from the seller to the purchaser of goods or services. It contains both the buyer and seller’s name and address, details regarding what is being purchased, the total amount due for payment, taxes, invoice number etc. This is personally identifiable data and therefore cannot be sent or received by email.
- Payment Schedules: details of your clients’ future policy payments. These can change over time as risks grow, with multiple payment schedules sent out during the policy period.
- Risk Information: Documents such as surveys, valuations and loss adjusters' reports contain specific details relating to your clients’ business or personal assets.
Why can’t you send these files via email?
Globally, data security and cyber attacks have been hot topics. The impact may not have reached your organisation or client base, but you will likely know other organisations or individuals impacted.
Often the culprits of these breaches are emails intercepted on either the sender or receiver's side. By offering a solution to sending files via email to your clients; who may be using email without security protocols; the service offered ensures your data is also not compromised. Human error can come into sending emails as checking email addresses to ensure the correct contact is an added risk with files containing personal data.
If you are based in the UK & Europe or work with European clients, the GDPR regulations that came into law as of 25 May 2018 were implemented for businesses to comply with a strict set of guidelines in order to protect individual’s personal data. Non-compliance can result in a hefty fine up to 4% of global turnover.
How can you send sensitive files?
We know that this can be difficult for brokers seeing as you need to send files containing personal data to your customers within your day-to-day work life. However, we are happy to share a few solutions, including one if email is absolutely necessary for these file types.
The the three main options for secure file sharing are:
Using end-to-end encryption (E2EE) will keep your client’s data secure and ensure you’re not at risk of any GDPR data breaches. E2EE works by encoding data sent back and forth within emails between you and your clients, so that only the sender and receiver can view the contents of the message by decrypting it.
Nobody else, whether an email service provider, other third-party application service providers, or hackers, will be able to access the data. However, end-to-end encryption isn’t just a straightforward method of securely sharing important information with your clients, it also has its difficulties and can be a painful process to set up.
One of the biggest pain points of end-to-end encryption is that software needs to be implemented on both ends, the sender and the receiver of information. Meaning that each one of your clients need to ensure that they have end-to-end encryption set up before you can share any private documents with them via email, which as you can imagine can be very time consuming.
Please keep in mind this is protection for your organization sending file. It would also be required in your client's email system for full cycle protection.
Cloud storage is a form of online document storage where instead of keeping files on your computer hard drive, your files will be stored online within the cloud. There are many popular services for cloud file storage such as Dropbox and Google Drive.
The way that cloud document storage works is by storing your data within servers rather than on your computer, so that you can access it anywhere from any device simply by logging in to whichever cloud service you may be using.
Cloud storage has many advantages; it’s very simple to use, it’s GDPR compliant, it defeats all the risks of losing your files if something happens to your computer and it’s also ideal for collaborating on files with clients, seeing as multiple people can access a live version of a document from different locations.
A disadvantage is that cloud storage relies on being connected to the internet, so you won’t be able to access your data offline.
The final option is a Client Portal, this is a centralised area that is bank grade secure and completely white-label, where you can share important documents with your clients in your own professional, branded environment.
Using a client portal tool allows your clients to login to an area where they can communicate with your team, view any documents such as reports, invoices etc and even review and sign contracts.
Overall, a client portal is a great solution for Insurance Brokers. It results in a much more effective and reliable method of communicating, sharing and collaborating on documents with your clients - as an alternative to email. It provides with a professional, branded environment for your clients, helping you build trustworthy relationships with them.
Not all client portal allow for two way interaction. As such, check the offering to ensure your clients will be able to submit any sensitive files via the system rather than just viewing.
If you think that using a client portal may suit, why not check out our Clinked white-label client portal? The benefits to your business begin with providing a secure platform to share documentations with your clients, but doesn't end there.
Learn more by booking a demo with one of our product specialists.