The insurance sector may be a little slow on the uptake of new technology at times but as with all other businesses in the UK there’s been a distinct move to mobile platforms over the last few years. However, as with all technology implementations there’s a risk to the business and it’s possible that these platform agnostic devices haven’t received the level of attention that’s needed to protect insurance brokers when they’re in use.
Areas to Concentrate On
Smartphone Usage Policies
Many brokers will already have wrapped up their smartphone use into their general internet and computer use policies. It’s important to define what is and isn’t acceptable use of a company supplied or sponsored smartphone. Phones often feel to the user more like a personal device even when their company is picking up the tab for their use. That means they may be tempted to view material which could leave you exposed to a lawsuit that they wouldn’t even dream of accessing on a desktop or laptop supplied by their work.
Smartphone Usage Enforcement
Content filtering applications have become a common feature of corporate networks. They prevent the user from accessing offensive, obscene, illegal or dangerous material by filtering a range of web addresses that are pre-configured by the network administrators. This prevents accidental access of material which could expose the brokerage to liability and from accessing websites that contain viruses, malware, etc.
It is a commonly held belief that Apple products don’t get viruses. It’s not true and as Apple’s market share increases handsets, tablets and even desktops and laptops will become more and more attractive to writers of viruses and malware. Content filtering combined with a strong anti-virus solution can ensure that mobile devices don’t become an easy backdoor to your corporate network.
Phones are much more easily lost than laptops. What precautions have you taken to ensure that these devices are not accessible in the event of loss? A single login should not give the user access to all of your key mobile applications. Your customer and corporate data should remain secure in these events. Otherwise your ability to trade may be compromised and worse you may be liable for any lost data.
You should also be looking at upgrade cycles of mobile applications. Security patches etc. need installing on a regular basis to ensure that there’s a minimal risk of exploitation from hackers. To manage this effectively you’ll want to have a policy in place enabling users to cooperate with upgrade releases.
If your people are viewing confidential company data on their smartphones then you need a destruction policy for the handsets. You wouldn’t dream of leaving old PC’s out for rubbish collection without wiping their hard-drives and memory. You should have an equally tough policy in place for smartphones most of which contain hard drives which could be accessed by hackers following their disposal.