Estimated Reading Time: 5 Minutes
You probably have gotten the idea that we do things a little different at Iris Powered by Generali. As we move into the fall, we thought it would be the perfect time to explore another area of the company as a part of this blog series. This time around, we are taking a closer look at our approach to security!
This time, we sat down with our Chief Technology and Product Officer, Erik Nienaber, and Security Architect, Ameer Mashkour, so they could give us the inside scoop on what role security plays in our work here at Iris! So, grab your favorite pumpkin spiced drink or treat and have a listen (and a read)!
We are so excited to share how security is used in our work and there is so much more we can talk about when it comes to mitigating the risk of identity theft and fraud, we decided to share even more details about security here at Iris. Read below as our resident experts discussed how they implement security to our end-users and more.
How do we help ensure we protect the privacy of our end-users?
Erik Nienaber – Chief Technology and Product Officer: Data privacy is a key aspect of our business. We ask clients to trust us, and they will convey to us securely. They provide us with information such as home address, email address, phone number, social security number, and bank account numbers. On that note, we need to give them clear terms on what we do, how we are doing it, and how we help protect that information.
We don't have third parties that are a part of the identity-theft platform. We don't share or distribute the information in any way other than specifically monitoring identity information. There is a strict adherence we have here to privacy regulations in a way that many other companies don't. For instance, standards like GDPR, the EU's response to data privacy, we observe that globally.
We make sure that the information that we collect is anonymized in appropriate ways. So that information if it is sent to us, it's not stored in whole. What we're good at is, within our systems and outside with our vendors, are transit and storage policies. So, when that data is being conveyed and processed, it’s secure as it possibly can whether that includes more advanced elements such as caching or encryption and within that we ensure a privilege principle.
Finally, we have risk assessment. Our goal is to continuously assess how we're doing, how our vendors are doing and really be observant of the entire system so that's how we approach it.
How does Iris defend against breaches?
Ameer Mashkour – Security Architect: Breaching is a focus of security as well as any confidentiality of data. The systems that host that data, the way we protect our customer data against breaches is by following the layer approach to make sure that the data and the systems that host them are secure throughout the data lifecycle of the customer’s information that we collect. We have multiple network security controls in place such as data security and asset management. This ensures that you know what information to collect, where it’s stored, and how it's utilized.
We have application security programs to make sure that the applications that handle data follow the industry’s best practices when it comes to secure coding, patching, the user’s import, and data overall. We also handle internal security controls like background checks in all end-users, and everyone that is part of the Iris team undergoes those access controls. We also provide security training for everyone at the company and specialized application security training for our developers and engineers.
What are some of the most common identity monitoring alerts our end-users are receiving?
Nienaber: The most common alerts are really based upon two key components of our product. One is when you sign up, we take the information that you gave us, and we start immediately monitoring. We then take that information and create a set of triggering fields that combine your address with your name and other elements.
We then go out and search and try to find things that could be improperly used on the internet. The stuff that are impactful for our end-users is when they provide information that are sensitive to them such as bank account numbers, credit card numbers, and other financial components that they have a sense of security to it. The second element is media monitoring handles. These are very important to folks since reputation is critical when it comes to social media.
Once someone puts in their information and we’ve gained their trust, then the things that really allow someone to take that information and take over some aspects of that person's life allows our end-users to be rewarded for it financially. These are the elements that are the most sensitive. Any financial and reputation-related components are top of the line. So, those are the most common types of alerts that we will see.
Choose a Trusted Team Who Will Help Bring Security to Your Customers!
Iris Powered by Generali has been in the business of helping people since 1982. Bringing customers from distress to relief – anytime, anywhere is our mission and this includes not only our partners and their customers, but our employees as well.
Interested in learning more? Stay tuned for part 2 as Erik and Ameer share more insights about security and privacy to our end-users. Contact us today to learn how partnering with Iris can provide your company peace of mind with award-winning customer service as well as your customers with full-circle security!