Is your insurance information secure online?

If you pay your insurance premium online, you may want to take a second look at your insurance company’s online security practices.

While banks and other financial institutions have clamped down on online security threats in recent years, insurers have lagged in protecting policyholders’ data that is stored online, a new report says. When it comes to online security among auto and homeowners insurance providers, “there’s a lot of room for improvement.”

In a recent report, Corporate Insight analyzed how well insurers protect their customers’ personal information and how well they communicate the importance of online security.

While policyholders typically don’t access sensitive financial information from their home and auto insurance provider’s website as they might with their bank or credit card company, you still provide your insurer with information you wouldn’t want to fall into the wrong hands. For example, an online account with your home insurance provider could include your address and insight into the valuable possessions stored in your home, such as jewelry or art – information that could prompt a thief to target your home.

Assessing the insurers

The report identified effective online security procedures and indicated which home and auto insurance providers had carried them out. One of the best security features an insurer can offer is two-factor authentication, which means having policyholders enter identifying information on two pages of an insurer’s website. Young America, for example, has policyholders enter username and password information on one page and identify a unique security image on another page. Citizens Insurance requires policyholders to enter their username and password on one page and a PIN on another.

Another good security practice is requiring policyholders to provide specific information about their policies before they can access their accounts. Such a practice makes it more difficult for someone other than the policyholder to obtain account information. GEICO, The Hartford, MetLife, and Loya Insurance all require policyholders to identify the type of policy they have with the company before they can access their account data or make transactions.

Another effective security practice is reminding policyholders to close their browsers after they log out, an extra measure that lessens the chance that someone using the same computer can call up information recently accessed by the browser. The Hartford, Nationwide, Progressive, and Gladiators Insurance advise their customers to close their browsers after logging on to their accounts.

While security features are essential, it’s also important that companies communicate with their customers about security practices. For example, State Farm, USAA, GEICO, Liberty Mutual, and Progressive all cite the use of Secure Sockets Layer (SSL) encryption techniques – a technology that protects Internet data.   

While none of the insurers mentioned in the report wanted to comment directly on the study’s findings, “insurers increasingly depend on electronic data and computer networks to conduct their daily operations, and recognize the need to protect their policyholders’ personal and financial information,” says Michael Barry, a spokesman for the industry-backed Insurance Information Institute. “Insurers have made great strides in recent years to protect their computer systems against data security breaches, and the Corporate Insight report documented a number of them.”

The policyholder’s role

While insurance companies are obligated to protect their client’s information, consumers can take certain steps to protect their data. The U.S. Computer Emergency Readiness Team, which leads the country’s cybersecurity efforts, offers these suggestions for keeping data safe:

  • Be wary of emails sent by your insurer or any other organization requesting personal information or including a link for you to click. Such emails could be “phishing attacks,” in which a criminal pose as a trusted company to snatch your personal data. Never respond directly by email; rather, open a browser and log on to your account to see whether the message is legitimate.
  • Install and update antivirus and firewall software. These can often identify digital threats.
  • Never provide sensitive information, such as financial data, via email. Instead, ensure that a site will encrypt your data – or scramble it, making it unreadable – before you submit your information. If a website’s address begins with “HTTPS” rather than “HTTP,” that means the information will be encrypted. Another sign to look for is a lock icon that may appear in the bottom right corner of your computer screen or on the left or right of the website address field, depending on your browser.
  • Use only one credit card for all online payments. If you pay your premium online, designate one credit card with a limited credit line for all online purchases. This ensures that a thief would have limited access to your financial information.
  • Never store your password. Some browsers or websites might give you the option of storing your password, so you don’t have to re-enter it whenever you log on. While such an option might save time, it can leave your data vulnerable, as someone who accesses your computer can easily tap into your account.