Three Layers of Data Security: Our Guarantee that Your Data is Safe with UsOctober 16, 2017
At Generali Global Assistance (GGA), our expertise spans multiple industries, but the concept is consistent and simple: protection. We offer a suite of protection services with compassionate care and assistance at the heart of each one. Our lines of business – Identity Protection, Beneficiary Companion, Travel Insurance, Travel Assistance, and Travel Risk Management – are varied, each requiring we meet and abide by a different set of data regulations and guidelines for the different types of data we’re handling. This, in turn, has provided us a unique perspective that most other companies cannot claim.
Moreover, as a company with nearly 15 years of experience protecting people and their data, we are well-versed in the tactics hackers use to steal data. And because an important piece of any protection program is education, data security best practices are a familiar and perpetual conversation at GGA.
We’ve all seen the headlines claiming that employees are the weakest link in organizations. Most recently, EY’s 19th Global Information Security Survey 2016-17 revealed that careless or unaware employees are now the most likely source of a cyberattack. That’s why, here at GGA, they’re actually a key part of our three-pronged framework of data security, protecting our clients’ and customers’ data from the inside out.
Ensuring our Data Security
We take robust measures to vet all of our employees, utilizing stringent background checks so that we can be confident in knowing that we’re hiring only the most qualified of applicants. Rigorous background checks are shown to reduce employee turnover, improve regulatory compliance, and increase safety and security.
On the Resolution Center floor, our expert Resolution Specialists are both FCRA- and CITRMS-certified – two accreditations that provide training with a heavy emphasis on sensitive data handling. Additionally, we conduct our own internal security training, which is ongoing as our security procedures our always evolving to reflect best practices.
Our cellphone-free, paperless Resolution Center undergoes weekly workstation inspections, as well as random audits to ensure compliance. Access to the Resolution Center is restricted so that only certified employees who have gone through comprehensive background checks and training are able to enter. Throughout our physical facilities, we maintain multiple, redundant security measures to protect against the loss, misuse, or alteration of information that we have collected from you at our site. Furthermore, critical infrastructure components have surveillance cameras and only IT staff and a few senior managers have access to server rooms.
Our Data Center
GGA is both PCI certified and HIPPA compliant, as is our offsite U.S. data center. All data is encrypted using AES256 and TLS encryption, whether in transmission or at rest. Multifactor authentication systems, 24/7 armed security guards, and biometric iris and vascular security scanners protect your data from the outside; and network intrusion and monitoring systems protect it from the inside.
At GGA, we strive to always put people first by keeping the person behind the data at the heart of what we do. We recognize that the data we’re trusted to protect represents our employees, clients, and customers – and that drives us to take safeguarding it that much more seriously. Learn more about GGA’s three layers of data security to discover how our technology and team members put people first.