Estimated Reading Time: 3 Minutes
At Generali Global Assistance (GGA), our expertise spans multiple industries and service types. The driving force behind each of these, however, is simple and consistent: care. We offer a suite of care services with compassionate assistance and protection at the heart of each one. Our services – Identity Protection, Scam Assistance, Eldercare Management, Beneficiary Companion, Travel Insurance, and Travel Assistance – are varied, each requiring we meet and abide by a different set of data regulations and guidelines for the different types of data we’re handling. This, in turn, has provided us a unique perspective that most other companies cannot claim.
Moreover, as a company with over 15 years of experience protecting people and their data, we are well-versed in the tactics hackers use to steal data. And because an important piece of any protection program is education, data security best practices are a familiar and perpetual conversation at GGA.
We’ve all seen the headlines claiming that employees are the weakest link in organizations. Most recently, EY’s 21st Global Information Security Survey 2018-19 revealed that careless or unaware employees are now the most likely source of a cyberattack. That’s why, here at GGA, they’re actually a key part of our three-pronged framework of data security, protecting our clients’ and customers’ data from the inside out.
Ensuring our Data Security
We take robust measures to vet all of our employees, utilizing stringent background checks so that we can be confident in knowing that we’re hiring only the most qualified of applicants. Rigorous background checks are shown to reduce employee turnover, improve regulatory compliance, and increase safety and security.
On the Resolution Center floor, our expert Resolution Specialists are FCRA-, CIPA-, and CITRMS-certified – three accreditations that provide training with a heavy emphasis on sensitive data handling. Additionally, we conduct our own internal security training, which is ongoing as our security procedures are always evolving to reflect best practices.
Our cell phone-free, paperless Resolution Center undergoes weekly workstation inspections, as well as random audits to ensure compliance. Access to the Resolution Center is restricted so that only certified employees who have gone through comprehensive background checks and training are able to enter. Throughout our physical facilities, we maintain multiple, redundant security measures to protect against the loss, misuse, or alteration of information that we have collected from you at our site. Furthermore, critical infrastructure components have surveillance cameras and only IT staff and a few senior managers have access to server rooms.
Our Data Center
All our infrastructure is cloud-based and access is guarded by Multifactor authentication process. All incoming traffic to our networks is encrypted from browsers to our Application Load Balancer (ALB) via HTTP/TLS. Our data within our database is encrypted at rest. Our IDP portal is the only public component of our infrastructure and is guarded by a web application firewall that can detect and prevent network intrusion / XSS Attacks /DDoS attacks.
At GGA, we strive to always put people first by keeping the person behind the data at the heart of what we do. We recognize that the data we’re trusted to protect represents our employees, clients, and customers – and that drives us to take safeguarding it that much more seriously. Learn more about GGA’s three layers of data security to discover how our technology and team members put people first.
And to learn about strengthening data protection within your company, download our white paper Data Protection: Employer Obligations and Motivations.