Security Features You Need in an eSignature Platform

Security Features You Need in an eSignature Platform

Your organization has decided to start using eSignatures and you have been tasked with researching the different options available in the marketplace. The first thing you have to do is research the basic security features you need in an eSignature platform.  Then you can move on to the obvious, Price, Ease of use, Scalability, Reviews, and Features.

Why?  Because you need to ensure all your documents and data is protected. You also have to ensure the signatures can be verified.

In order to ensure the integrity and veracity of the final document and signatures you need to be able to:

  1. Secure the document and signatures
  2. Verify the signer’s identities
  3. Protect any confidential information entered
  4. Track the document and signatories
  5. Restrict access

Here are the basic security features you need in an eSignature platform:

  1. Digital Signatures
  2. Masked Text
  3. Signer Identity Verification
  4. Multi-Factor Authentication (MFA) and Single Sign On (SSO)
  5. Audit Trail
  6. Team Account Roles & Permissions

The first security feature you need is a Digital Signature.  Wait… what?  I thought eSignatures are Digital Signatures.  Aren’t they the same thing?

No, that is a common mistake many people make. And it is one that will determine the security of the document and signatures. Here are the definitions as quoted from the post eSignatures vs Digital Signatures

“An electronic signature is information in electronic form (can be sound, symbol, process, etc.) that is associated or attached to a document. This means that so long as we can demonstrate that the signature is associated with a person and that there was intent to sign, everything is legally binding and accepted (all of this can be seen in Signority’s audit trail).

 

A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is. It also ensures that the document cannot be tampered with, as the signature becomes invalid if the document is changed after signing. This helps prevent repudiation by the signer, making it almost impossible to deny having signed the signature. Essentially, these issues are some of the biggest challenges to electronic signatures, and digital signatures are able to help overcome these issues.”

For a much more comprehensive explanation from a cybersecurity perspective read this post about digital signatures on TechTarget.com.

Next is the Masked Tag.  This tag allows you to protect your signatory’s personally identifiable information (PII) and other confidential information. If you work in the healthcare field for example, you may ask someone for their insurance information.  You want to make sure that no one else sees this information.

Using a masked text tag will allow your signer to securely enter PII into the form where you request it.  The masked tag will conceal and encrypt the information entered once the signer has filled it out.  This means anyone who receives the document for signing after this signer will only see the title of the tag you entered, i.e.: Health Card.

Because the information is encrypted, the person who needs that information, the document sender, will have to follow very specific steps to retrieve that information securely and confidentially.

To help ensure the integrity of a signature you need a Signer Identity Verification feature. This feature will send a one-time use PIN code to the signer either by email or SMS (text message). They will need to have this code in order to access the document.  Once they have used the PIN code to access the document an action will be logged. Using this code verifies the signer received it on an account that can be traced back to them. The log, or audit trail, will document that the signer’s identity has been verified and how it was verified.

And now that you have verified your signers identity, let’s look a little closer to home.  You need to secure access to the eSignature platform. You don’t want just anyone having access to your clients, partners, and company’s information. To do this your organization can either set up Single Sign On (SSO) or a Multi-Factor Authentication (MFA) Login. These sign in methods help restrict access and lower instances of phishing and make it much more difficult for hackers.

As stated in this great explanation of SSO by TechTarget.com, “Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials — for example, a name and password — to access multiple applications.” This ensures that unless someone can be verified through your companies main system, they cannot get in. The referenced article does a great job of explaining it.

If your company cannot use SSO then the application you select should, at the very least, offer MFA.  As stated at precisely.com, “Multiple factor authentication verifies a user’s identity by combining two or more of the following independent credentials:

  • Something the user knows (e.g.: password, PIN, passphrase)
  • Something the user possesses (e.g.: email account, smartphone, code-generating device)
  • Something inherent to the user (e.g.: fingerprint, iris scan, voice recognition)”

The Audit Trail is the next security feature we will review.  The Audit Trail is a document that comes with your final copy of the signed document. It can be a part of the final document or arrive as a separate document. It has three main components: the meta data, the Signers, and the History. The audit trail will show you who did what action (signing the document), the timestamp associated with the action, their IP Address, and if required any notes. A note can include the ID Authentication method and include a partial email address or phone number. An example confirming SMS ID Authentication in an Audit Trail can be seen in the image below.

 

ID Authentication Audit Trail log

Finally, you need to have the ability to set up team account roles and permissions. The ability to assign roles and permissions helps you keep your documents secure by restricting who has access to what and when. For a clearer understanding of how roles and permissions may be set up you can review the roles available in Signority. You don’t want everyone in your organization being able to view the documents sent by legal or finance, do you?

Here is a bonus feature. The Retention feature. Depending on the industry you work in your organization may be required to have a retention policy. If you are unsure whether you need a retention policy I strongly encourage you to do some research to find out.  Interdyn has a great article called Data Retention Policy 101 that reviews what a retention policy is, the questions you need to ask, and how to set one up.  I highly recommend you read this if you do not have a policy in place.

A retention feature allows you to apply your retention policy to all the documents that have been signed digitally. And a good one will allow give you ways to automate the whole process. This post gives a good overview of a retention feature and the options available within one. You will see it is easy to set up and helps you ensure compliance.

And those are the basic security features you need in an eSignature platform.

Look out for next weeks edition where I will review the differences between Adobe Signature and Signority eSignatures in the post, “Adobe vs Signority“.

Until then, have a great week and stay safe.

Security Features You Need in an eSignature Platform

Your organization has decided to start using eSignatures and you have been tasked with researching the different options available in the marketplace. The first thing you have to do is research the basic security features you need in an eSignature platform.  Then you can move on to the obvious, Price, Ease of use, Scalability, Reviews, and Features.

Why?  Because you need to ensure all your documents and data is protected. You also have to ensure the signatures can be verified.

In order to ensure the integrity and veracity of the final document and signatures you need to be able to:

  1. Secure the document and signatures
  2. Verify the signer’s identities
  3. Protect any confidential information entered
  4. Track the document and signatories
  5. Restrict access

Here are the basic security features you need in an eSignature platform:

  1. Digital Signatures
  2. Masked Text
  3. Signer Identity Verification
  4. Multi-Factor Authentication (MFA) and Single Sign On (SSO)
  5. Audit Trail
  6. Team Account Roles & Permissions

The first security feature you need is a Digital Signature.  Wait… what?  I thought eSignatures are Digital Signatures.  Aren’t they the same thing?

No, that is a common mistake many people make. And it is one that will determine the security of the document and signatures. Here are the definitions as quoted from the post eSignatures vs Digital Signatures

“An electronic signature is information in electronic form (can be sound, symbol, process, etc.) that is associated or attached to a document. This means that so long as we can demonstrate that the signature is associated with a person and that there was intent to sign, everything is legally binding and accepted (all of this can be seen in Signority’s audit trail).

 

A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is. It also ensures that the document cannot be tampered with, as the signature becomes invalid if the document is changed after signing. This helps prevent repudiation by the signer, making it almost impossible to deny having signed the signature. Essentially, these issues are some of the biggest challenges to electronic signatures, and digital signatures are able to help overcome these issues.”

For a much more comprehensive explanation from a cybersecurity perspective read this post about digital signatures on TechTarget.com.

Next is the Masked Tag.  This tag allows you to protect your signatory’s personally identifiable information (PII) and other confidential information. If you work in the healthcare field for example, you may ask someone for their insurance information.  You want to make sure that no one else sees this information.

Using a masked text tag will allow your signer to securely enter PII into the form where you request it.  The masked tag will conceal and encrypt the information entered once the signer has filled it out.  This means anyone who receives the document for signing after this signer will only see the title of the tag you entered, i.e.: Health Card.

Because the information is encrypted, the person who needs that information, the document sender, will have to follow very specific steps to retrieve that information securely and confidentially.

To help ensure the integrity of a signature you need a Signer Identity Verification feature. This feature will send a one-time use PIN code to the signer either by email or SMS (text message). They will need to have this code in order to access the document.  Once they have used the PIN code to access the document an action will be logged. Using this code verifies the signer received it on an account that can be traced back to them. The log, or audit trail, will document that the signer’s identity has been verified and how it was verified.

And now that you have verified your signers identity, let’s look a little closer to home.  You need to secure access to the eSignature platform. You don’t want just anyone having access to your clients, partners, and company’s information. To do this your organization can either set up Single Sign On (SSO) or a Multi-Factor Authentication (MFA) Login. These sign in methods help restrict access and lower instances of phishing and make it much more difficult for hackers.

As stated in this great explanation of SSO by TechTarget.com, “Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials — for example, a name and password — to access multiple applications.” This ensures that unless someone can be verified through your companies main system, they cannot get in. The referenced article does a great job of explaining it.

If your company cannot use SSO then the application you select should, at the very least, offer MFA.  As stated at precisely.com, “Multiple factor authentication verifies a user’s identity by combining two or more of the following independent credentials:

  • Something the user knows (e.g.: password, PIN, passphrase)
  • Something the user possesses (e.g.: email account, smartphone, code-generating device)
  • Something inherent to the user (e.g.: fingerprint, iris scan, voice recognition)”

The Audit Trail is the next security feature we will review.  The Audit Trail is a document that comes with your final copy of the signed document. It can be a part of the final document or arrive as a separate document. It has three main components: the meta data, the Signers, and the History. The audit trail will show you who did what action (signing the document), the timestamp associated with the action, their IP Address, and if required any notes. A note can include the ID Authentication method and include a partial email address or phone number. An example confirming SMS ID Authentication in an Audit Trail can be seen in the image below.

 

ID Authentication Audit Trail log

Finally, you need to have the ability to set up team account roles and permissions. The ability to assign roles and permissions helps you keep your documents secure by restricting who has access to what and when. For a clearer understanding of how roles and permissions may be set up you can review the roles available in Signority. You don’t want everyone in your organization being able to view the documents sent by legal or finance, do you?

Here is a bonus feature. The Retention feature. Depending on the industry you work in your organization may be required to have a retention policy. If you are unsure whether you need a retention policy I strongly encourage you to do some research to find out.  Interdyn has a great article called Data Retention Policy 101 that reviews what a retention policy is, the questions you need to ask, and how to set one up.  I highly recommend you read this if you do not have a policy in place.

A retention feature allows you to apply your retention policy to all the documents that have been signed digitally. And a good one will allow give you ways to automate the whole process. This post gives a good overview of a retention feature and the options available within one. You will see it is easy to set up and helps you ensure compliance.

And those are the basic security features you need in an eSignature platform.

Look out for next weeks edition where I will review the differences between Adobe Signature and Signority eSignatures in the post, “Adobe vs Signority“.

Until then, have a great week and stay safe.

Security Features You Need in an eSignature Platform

Your organization has decided to start using eSignatures and you have been tasked with researching the different options available in the marketplace. The first thing you have to do is research the basic security features you need in an eSignature platform.  Then you can move on to the obvious, Price, Ease of use, Scalability, Reviews, and Features.

Why?  Because you need to ensure all your documents and data is protected. You also have to ensure the signatures can be verified.

In order to ensure the integrity and veracity of the final document and signatures you need to be able to:

  1. Secure the document and signatures
  2. Verify the signer’s identities
  3. Protect any confidential information entered
  4. Track the document and signatories
  5. Restrict access

Here are the basic security features you need in an eSignature platform:

  1. Digital Signatures
  2. Masked Text
  3. Signer Identity Verification
  4. Multi-Factor Authentication (MFA) and Single Sign On (SSO)
  5. Audit Trail
  6. Team Account Roles & Permissions

The first security feature you need is a Digital Signature.  Wait… what?  I thought eSignatures are Digital Signatures.  Aren’t they the same thing?

No, that is a common mistake many people make. And it is one that will determine the security of the document and signatures. Here are the definitions as quoted from the post eSignatures vs Digital Signatures

“An electronic signature is information in electronic form (can be sound, symbol, process, etc.) that is associated or attached to a document. This means that so long as we can demonstrate that the signature is associated with a person and that there was intent to sign, everything is legally binding and accepted (all of this can be seen in Signority’s audit trail).

 

A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is. It also ensures that the document cannot be tampered with, as the signature becomes invalid if the document is changed after signing. This helps prevent repudiation by the signer, making it almost impossible to deny having signed the signature. Essentially, these issues are some of the biggest challenges to electronic signatures, and digital signatures are able to help overcome these issues.”

For a much more comprehensive explanation from a cybersecurity perspective read this post about digital signatures on TechTarget.com.

Next is the Masked Tag.  This tag allows you to protect your signatory’s personally identifiable information (PII) and other confidential information. If you work in the healthcare field for example, you may ask someone for their insurance information.  You want to make sure that no one else sees this information.

Using a masked text tag will allow your signer to securely enter PII into the form where you request it.  The masked tag will conceal and encrypt the information entered once the signer has filled it out.  This means anyone who receives the document for signing after this signer will only see the title of the tag you entered, i.e.: Health Card.

Because the information is encrypted, the person who needs that information, the document sender, will have to follow very specific steps to retrieve that information securely and confidentially.

To help ensure the integrity of a signature you need a Signer Identity Verification feature. This feature will send a one-time use PIN code to the signer either by email or SMS (text message). They will need to have this code in order to access the document.  Once they have used the PIN code to access the document an action will be logged. Using this code verifies the signer received it on an account that can be traced back to them. The log, or audit trail, will document that the signer’s identity has been verified and how it was verified.

And now that you have verified your signers identity, let’s look a little closer to home.  You need to secure access to the eSignature platform. You don’t want just anyone having access to your clients, partners, and company’s information. To do this your organization can either set up Single Sign On (SSO) or a Multi-Factor Authentication (MFA) Login. These sign in methods help restrict access and lower instances of phishing and make it much more difficult for hackers.

As stated in this great explanation of SSO by TechTarget.com, “Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials — for example, a name and password — to access multiple applications.” This ensures that unless someone can be verified through your companies main system, they cannot get in. The referenced article does a great job of explaining it.

If your company cannot use SSO then the application you select should, at the very least, offer MFA.  As stated at precisely.com, “Multiple factor authentication verifies a user’s identity by combining two or more of the following independent credentials:

  • Something the user knows (e.g.: password, PIN, passphrase)
  • Something the user possesses (e.g.: email account, smartphone, code-generating device)
  • Something inherent to the user (e.g.: fingerprint, iris scan, voice recognition)”

The Audit Trail is the next security feature we will review.  The Audit Trail is a document that comes with your final copy of the signed document. It can be a part of the final document or arrive as a separate document. It has three main components: the meta data, the Signers, and the History. The audit trail will show you who did what action (signing the document), the timestamp associated with the action, their IP Address, and if required any notes. A note can include the ID Authentication method and include a partial email address or phone number. An example confirming SMS ID Authentication in an Audit Trail can be seen in the image below.

 

ID Authentication Audit Trail log

Finally, you need to have the ability to set up team account roles and permissions. The ability to assign roles and permissions helps you keep your documents secure by restricting who has access to what and when. For a clearer understanding of how roles and permissions may be set up you can review the roles available in Signority. You don’t want everyone in your organization being able to view the documents sent by legal or finance, do you?

Here is a bonus feature. The Retention feature. Depending on the industry you work in your organization may be required to have a retention policy. If you are unsure whether you need a retention policy I strongly encourage you to do some research to find out.  Interdyn has a great article called Data Retention Policy 101 that reviews what a retention policy is, the questions you need to ask, and how to set one up.  I highly recommend you read this if you do not have a policy in place.

A retention feature allows you to apply your retention policy to all the documents that have been signed digitally. And a good one will allow give you ways to automate the whole process. This post gives a good overview of a retention feature and the options available within one. You will see it is easy to set up and helps you ensure compliance.

And those are the basic security features you need in an eSignature platform.

Look out for next weeks edition where I will review the differences between Adobe Signature and Signority eSignatures in the post, “Adobe vs Signority“.

Until then, have a great week and stay safe.

Wet Signatures vs. eSignatures | Which is more secure?

eSignatures have been around for over two decades, but many businesses have yet to make the switch from paper signatures to electronic ones. One of the main concerns is that eSignatures lack the security necessary to ensure that the document’s contents are kept confidential and the signatures coming back are legally valid. Let’s see if this is true by doing a side-by-side comparison of paper signatures and electronic signatures.

Wet Signatures

Physical or “wet” signatures are the traditional pen-and-paper signatures that are physically applied to a document. For these types of signature, the document to be signed may be sent to the signer via mail or other method to be signed privately. At other times, the document is signed in the presence of one or more other people. Paper signatures are a physical representation of a person’s identity and serve as proof of their consent to and acknowledgement of the contents laid out in the document. More often than not, a paper signature’s validity is based on trust. As the person who requested the signature, you must trust that the person who signed the document is who they say they are. As a signer, you must trust that your signature is not being forged to sign documents without your consent. Since wet signatures don’t come with a report that tells you what happened to a document prior and during signing, there is no way to directly trace the signature back to where and by whom it was signed.

In addition, with wet signatures, if the documents are not scanned and uploaded to the cloud, there is a risk of a natural disaster occurring and destroying the contents. This is another risk that businesses must face if they opt to continue to sign papers using paper.

eSignatures

An eSignature is an electronic piece of data that is created by an individual. The application of this piece of data to a document represents the signer’s identity and consent to and acknowledgement of the contents in the document. It serves the same function as a wet signature. However, since all the signing activity is done in the cloud, eSignature applications can track and observe a signer’s actions during signing. Signority’s eSignature solution tracks the name,  email address, IP address, and time of date of every action performed by the signer during signing. This allows document senders to have a full traceability report for each of the documents they get signed. Compared to wet signatures, this makes verifying a signer much easier, and can save businesses legal headaches down the line. For a signer, as long as you have full ownership over your email address, only you will have access to the documents you should be signing. If someone does try to impersonate you and eSigns a document without your consent, all their activity will be logged through the document’s audit trail. This information can be used to show who really signed the document. Furthermore, the use of SMS 2-factor authentication, and other authentication methods helps ensure the identity of the signer.

In terms of document storage, digitally stored documents are backed up in the cloud, so in case of a disaster, you won’t lose your documents. In addition, almost all eSignature providers have industry best-practice security certifications such as SOC I and SOC II certification and ISO 27001:2013 certification. These certifications verify that the company handles their customer data securely, protecting it from outside attackers, and can effectively recover from incidents that would otherwise lead to loss of data.

Finally, documents signed with eSignatures often come with a digital signature applied to the document by the eSignature provider. This digital signature can act as a type of tamper-proofing mechanism to detect whether or not a document has been tampered with. You can learn more about what digital signatures are here.

With all this information, it’s clear that eSignatures are a good choice for many companies. They provide superior security and traceability for signed documents. Not to mention they also cut down on the time you spend on each document that needs to be signed!

What is Data Residency & Why is it Important?

Have you ever asked yourself, “how important is my personal information, and where is this kind of data being stored?”  These are the kinds of questions that are asked when discussing data residency. Before diving deep into what data residency is, and its importance, let’s first break down what personal information is and its different types.

What is Personal Information?

The Office of the Privacy Commissioner of Canada (OPCC) states that, according to The Personal Information Protection and Electronic Documents Act (PIPEDA), personally identifiable information (PII) is classified as “any factual or subjective information, recorded or not, about an identifiable individual.” According to the OPCC website, PII includes: 

  • Name, age, ID numbers (SIN), income.
  • Social status, evaluations, opinions, disciplinary actions.
  • employee files, credit score, employee files, loan records

Other types of information include Personal Health Information (PHI) which, according to the Information and Privacy Commissioner of Ontario’s Guide, 

  • Relates to the individual’s physical or mental condition, including family medical history; or
  • Relates to the provision of health care to the individual; or
  • Is a plan of service for the individual; or
  • Relates to payments, or eligibility for health care or for coverage for health care; or
  • Relates to the donation of any body part or bodily substance, or is derived from the testing or examination of any such body part or bodily substance; or
  • Is the individual’s health number; or 
  • Identifies a health care provider or substitute decision-maker for the individual

Data Residency

Data residency, otherwise known as data localization, refers to the legal and administrative prerequisites forced on the geographic or physical location of an individual’s or organization’s data.  In addition to addressing data storage, data residency also highlights how data is processed and creates conversation among legislators and citizens regarding data management and the safety of citizens’ data. When sensitive data is being managed, it’s vital that an organization’s data stays secure and locally stored. Companies and organizations could also qualify for various tax benefits based on what kind of data is being stored and where it resides. More importantly, the data being stored would be subjected to the laws and regulations of the country that stores it. While the Government of Canada does not have severe laws prohibiting companies or organizations from storing their data outside the country, numerous provinces have put up guidelines and regulations regarding the protection and handling of their resident’s data.

How Signority Can Help Secure Your Data?

Signority takes great pride in being the largest Canadian eSignature provider whose data centers are located in Canada. Signority’s main servers are in Montreal and we have ensured that our back servers are also located in Canada. This ensures two things. First, if one server location is affected by an outage, your documents will remain safe, secure, and accessible. Secondly, this ensures all our customer’s personal and private information is securely stored within Canadian borders, a key requirement ensuring our compliance with the PIPEDA and HIPAA acts, as well as the SOCIII, ISO270001, and PCI certificates. In addition to complying with Canada’s data residency laws, Signority follows strict security protocols when handling customer data. 

On top of the many security features, Signority also offers products and services at a low price without compromising the quality of our customer service received or our product itself. 

Now, ask yourself again, “how important is me and my client’s personal information, and where is this kind of data being stored?” 

Ready to send secure eSignatures with Signority? Sign up for a 14-day free trial today!

Will InsurTech Be The New Normal?

InsurTech as the new norm

Examining the powerful forces driving massive change within the insurance marketplace

This is an excerpt from our most recent guide “What is Insurtech? And Why The Insurance Industry Should Take Immediate Notice

When compared to other sectors of “big business,” the insurance industry has—at least historically speaking—been left to operate uninterrupted, out of reach from the aggressive startup movement that has radically transformed and reshaped so many other industries.
This simply isn’t the case any longer.
Over the last three years, in particular, startup funding has increased dramatically. In fact, according to a recent PWC report released last year, 90 percent of insurers say that they fear they will lose business to startups as investments in InsurTech has increased five-fold.
To understand why the InsurTech marketplace has seen such explosive growth over the past few years, we need to understand the competitive forces that are most significantly impacting the insurance sector as a whole.
For the purposes of this post, let’s go over the five, key forces we need to understand:

  1. Incumbent carriers are feeling the heat from more nimble, tech-focused startups – Historically flat IT budgets and outdated legacy systems have made it more difficult for large, incumbent organizations to adapt to a new, modern marketplace. More importantly, InsurTech startups have shown the ability to quickly fill gaps in the marketplace, creating entirely new products and service offerings specifically tailored to tech-centric Millennials — the largest living generation of American consumers.
  2. The legislation simply cannot keep pace, leaving startups to quickly fill the gaps – The rise of the peer-to-peer (P2P) sharing economy (think Uber and Airbnb, among others) highlighted an important fact; legislation, as a general rule nowadays, simply cannot keep up with the pace of change. Lawmakers and startups could not be more polar opposites of each other—one group moves begrudgingly slow and the other lightning quick. This divergent movement creates gaps and loopholes (not to mention regulatory nightmares), allowing nimble startups to introduce never-before-seen products and services that often threaten the very existence of larger, more traditional insurers. While usually good for customers, it can spell doom for big business.
  3. Big data continues to confound traditional insurers, empower new entrants – Insurance is a data-driven business, and big data is BIG business. The rapid increase in available software, specifically cloud-based computing, connected devices and telematics, has made data more accessible than ever. Still, most traditional insurance companies, burdened by rigid, antiquated systems, have yet to capitalize. Instead, smaller, more agile, InsurTech startups have stepped in to fill the void. Big data remains one of the most difficult challenges for large, incumbent insurers.
  4. New entrants are joining forces to solve the cyber security puzzle – Cyber crime costs are projected to reach $2 trillion by 2019, which makes cyber security a puzzle that’s obviously worth solving. Yet, as the free flow of data (specifically, Cloud data) becomes more accessible, insurers—not unlike other big businesses—face mounting security challenges. To solve some of these challenges, there are new entrants like Cyence, a startup that provides a first-of-its-kind cyber risk analysis for insurers. According to Cyence, the economic cyber risk modelling platform “helps companies when they’re the target of cyber-attacks.” Many of these companies have joined forces with FinTech (yes, that would be “Financial Tech”) startups who are solving similar challengesUpdate, Cyence has been acquired by Guidewire.
  5. Traditional insurers, in an effort to close the gap, continue to gobble up talent – Talent tends to follow funding. As a result, there has been an influx of skilled software talent. Traditional insurers, too, have joined the hunt for top-notch tech talent — albeit in a slightly different way. According to Gartner, the global insurance industry (North America, in particular) is investing heavily in insurance technology start-ups. In fact, Gartner reports that 80 percent of life, property and casualty insurers worldwide will “partner with or acquire InsurTechs to secure their competitive positions by the end of 2018.”

Needless to say, traditional insurance companies are at a crossroads. And judging by the number above, most have made their decision.
But, who are these InsurTech startups?
Let’s take a look.

InsurTech Startups: the most disruptive, well-funded startups currently reshaping the insurance marketplace

There is an ever-growing laundry list of startups currently taking aim the insurance sector and that doesn’t even count other FinTech startups who are attempting to do the same thing!
Some are taking aim at auto insurance, exclusively.
Not to be outdone, here are eight more hoping to disrupt the life insurance market.
You get the idea.
Yet, there are a handful of startups, in particular, that are making waves early in 2017:

  1. Lemonade: Lemonade offers fast and low-coverage homeowners and renters insurance “powered by technology.” It sells rental insurance policies for as low as $5 and home insurance for as little as $35. The company has raised more than $90 million, including $34 million Series B in late 2016.
  2. Metromile: Metromile offers pay-per-mile car insurance powered by a proprietary device, Metromile Pulse, a free wireless device that plugs into your car. Once the device is installed, it calculates your monthly mileage to determine your bill. The company claims its customers save an average of $500 annually. To date, Metromile has raised more than $200 million in funding!
  3. Trov: Trov calls itself “on-demand insurance for the things you love.” Essentially, Trov lets you purchase low-cost, accidental theft, damage, and loss policies on everyday items—with just a few text messages. That’s right. The entire experience can be handled safely and securely from a smartphone. The Australia-based company has raised more than $46 million to date and plans to launch in the U.S. later this year.
  4. Clover Health: Clover is a full-service insurance company that “implements metrics to figure out the best protocol for a patient who is at risk for health problems. It aggregates reports from a patient’s various medical services to generate a comprehensive profile of the person’s health” (source). Clover is currently available in New Jersey only, though it has plans to expand elsewhere in the near future. And get this—Clover has raised nearly $300 million in funding!

Obviously, this is but a small sampling of the types of startups who are benefitting from an influx As you may already know, of investment dollars (and clearly for good reason). If you want to learn more about insurTech, you can download the full guide for free here: “What is InsurTech? And Why The Insurance Industry Should Take Immediate Notice”.
Sources: http://insights.instech.london/post/102d2yk/24-companies-shaping-instech-globally

 

Ready to take your business paperless? Sign up to get a 14-day free trial on a Signority eSignature Plan!

 

 

The Insurance Risks of Cyber Attacks

The Insurance Risks of Cyber Attacks

As the use of technology is becoming more prevalent in everyday business, insurance included, there are aspects that are prone to high levels of risk, and require ramping up on security. While it may look like a mundane issue at first, it can have severe consequences for your company. As more insurance companies, in particular, are migrating towards digital channels in order to create tighter relationships with their customers, they also are trusted with sensitive personal information for each client such as Social Security Numbers, credit card data, and so much more. In case —  but, hopefully not — you are a victim of a cyber attack, what does this mean for you? Let’s take a look at some of the insurance risks to consider when looking at cyber attacks!

Lost Sales

Cyber attacks are not always orchestrated by large-scale, highly qualified hackers, but even small DOS (denial of service) attacks can pose a great risk and affect your company severely if they catch you unprepared. Seeing as insurance companies collect data from their customers that range from personal information such as addresses, passport numbers, Social Security Numbers (SSN) or EIN, to financial info including, but not limited to credit card numbers, PINs, anything really, it is understandable for your customers to be wary, in case you have had to deal with a cyber attack previously. Studies say that 60% of SMEs who have been a victim of such attacks go out of business within three months.
Another type of cyber attacks that can cost your company quite a lot is called ‘Social cyber attack’. The most clear-cut example was the group of protesters who collectively attacked PayPal for not allowing payments to WikiLeaks. While it didn’t go down entirely, the lost sales were tremendous.

Protection Costs

According to a recent article published in Forbes magazine, cyber crime costs are projected to reach $2 Trillion by 2019. Which means that businesses need to be extra-vigilant when it comes to protecting their data.
Doing business online comes with a great number of rewards, but also with a risk or two. If you do insurance online, then you have to be aware of the cyber attacks at all times. For this, you have to prepare and protect yourself before hackers even try to get to you, and this preparation has to be thorough.
To avoid the risk of getting hacked and losing critical data, you have to hire qualified and capable people who can take care of the cyber-security section of your digital business. If you want your help to be highly professional, then you will have to spend a good amount of money for supporting it, both in terms of hiring competent IT staff and for other overheads required for smooth operations.

Changing your business model

Financial costs are not the only thing insurance companies have to worry about when dealing with cyber-crime. They have to remodel the way information is collected, stored and handled, so as to ensure that sensitive information is safe and non-vulnerable to these kinds of attacks. Many businesses have elected to altogether stop storing their customers’ financial and personal information, some others have shut down their online presence, at least online stores, if not all. This is all done when they cannot protect themselves properly, as the implications such attack can have on them, can be fatal.
Lately, customers also are being more proactive in educating themselves on online security and request to be informed on how their insurance company of choice handles security issues. You may have noticed that clients are more likely to choose businesses that are upfront and sincere about their methods — we noticed this soon after we launched our post on transparent pricing!
Making these changes to prepare and protect you and your company from these cyber risk are integral and can be daunting, but minor changes in the way you conduct business, the infrastructure, and various technological advancements can all be used to help mitigate much of the risks and improve your company.
Begin looking into cheap and secure methods to improve small processes of your work before ramping up to bigger, more complex security issues. Try looking into things like eSignature solutions, that can provide extra layers of security to already existing workflows and processes! Learn more by checking out our website or feel free to contact us directly with more questions!
Looking to take your business paperless? Sign-up now and get a 14-day free trial to a Signority eSignature Plan.