Across the state of Indiana and others around the country, a new cybersecurity standard is being enforced: the National Insurance Data Security Law. The new state-wide security laws are coming into force on April 15. Every insurance business must be able to comply with these laws and become certified by this date, otherwise, action will be taken for them to stop trading.
These new laws are coming into effect in part due to the high number of instances of employees being hacked while working from home since the pandemic began last year.
Here’s what you need to know and do to prepare for the upcoming deadline.
Train Employees on Security
Employees are the main area of concern and attention because most issues arise from not changing passwords frequently, leaving machines alone while logged in, and opening malicious emails that should be left alone or deleted.
The new state laws require for employees to be trained in cybersecurity, especially for those in insurance data. They will also need to be trained in HIPAA data protection, so customers’ private health information is not leaked or shared.
Create an Incident Response Plan
To be compliant with the upcoming certification, you will need to write up an incident response plan and issue it to every employee. This can be done via email or in a written hard copy. This will be your action plan for when something cybersecurity-related occurs. You will also be showing regulators that you have a plan that can be enacted in case data breaches occur.
Maintain Strong Network Security
The new laws will also require that every business owner implements a strong IT network in which all data can be safely stored.
One Indianapolis IT solutions company recommends a mix of software solutions, hardware solutions, security training for employees, and business policies all working together in order to maintain the very best network security. A holistic approach can give you a data protection system that operates 24/7 and can alert employees of suspicious activity.
The Cybersecurity Certification Deadline Approaches
All Indiana businesses need to be certified by April 15 to remain compliant with the state’s cybersecurity regulations. Insurance companies need to be trained and fully pass in the program that is set out. They can, however, also improve their own policies after they have been certified, to further strengthen their enterprises. Numerous other states like New Hampshire, Virginia and Alabama are all doing the same in hopes of creating a more secure business environment throughout the country.