deliver the ‘right’ customer experience without compromising data security

Unlock Customer Engagement Potential

Without Compromising Data Security

.

Welcome!

Holding a Bachelor of Technology degree fromRyerson University, Chelsea leverages 5+ yearsexperience of marketing, as well as improvingcustomer loyalty and advocacy.

Marketing Specialist

SPLICE Software Inc.

The top cyber threats & the actionable ways to defend against them

Questions to ask vendors to ensure they keep your data safe

Methods for improving & securing customer experiences

You will walk away with…

House Keeping• Please submit questions through Q&A sidebar

• Time allotted for Q&A at the end of the presentation

• Winner announcement for the prize draw tomorrow

• Webinar is being recorded and will be sent to all registrants

THE MVP SUCCESS FACTOR

Accelerating your ability

to consult with the best of the insurance industry

Senior Executives

Sustainable solutions – not projects

Perpetuation of the strategy for every engagement

We look at everything through a business lens…so you can be sure that client decisions are notmade in a technology vacuum

Clear plans of action

No consultant speak

Relationships you can Trust!

What Makes MVP Different?

www.mvpadvisorygroup.com | Copyright @2015 mvp

Who Is Laszlo Gonc

. Laszlo is a recognized senior executive with over 20+ years of progressive experience in business and information technology.

He leads the IT Risk, Security and Compliance practice area for MVP Advisory Group. He is responsible for helping organizations navigate the new digital frontier, advising on cyber security issues, mitigate organizational IT risk and build cyber strategies that protect business assets.

Laszlo is an invited speaker at universities and conferences, local and national, providing thought leadership on the state of cyber security, technology risk management, digital careers of the future and project management leadership.

Partner, CISSP

MVP Advisory Group

Who Is SPLICE Software Inc.

Privately owned Canadian company founded in 2006.

Headquartered in Canada with offices located in the United

States & Germany.

Using data-driven human voiced messaging, we improve customer

experiences and engagement. SPLICE voice experiences are linguistically

optimized, easily automated, and sent to preferred channels.

Some Recent Accolades…

.

Who Is Andrew Hamill

Andrew is the Founder of PAU Audio, holds aBachelor of Applied Science in ElectricalEngineering, and is the Solutions Architect atSPLICE Software.

As a professional engineer with over 13 yearsof experience, Andrew specializes in datastorage, communication, and workflows.Having worked in the capacity of data andsystems, Andrew Hamill brings together hisunique passion for audio and solvingbusiness problems to create customerengagement and data security solutions.

Solutions Architect

SPLICE Software Inc.

Looking Ahead

Source: McAfee Labs 2016 Threats Predictions

Why Insurers?In addition to the banking, financial and healthcaresectors, insurers are increasingly attractive targets forcybercriminals because of:

the richness of credit card, banking, medical, underwriting andother sensitive customer information,

the large volumes of data housed in legacy systems andapplications lacking sophisticated encryption and access control,

the larger attack surface as a result of increased data sharingwith business associates, third-party carriers and vendors,

the ease of social engineering.

Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

23% of recipients now open

phishing messages and

11% click on attachments*

Top Cyber Threats1. Denial-of-Service, Ransomware and Malware

2. Spear Phishing and Social Engineering

3. Infrastructure Vulnerabilities

4. Laptops, Mobile Devices and Smartphones

5. Physical and Facility Security

Source: Verizon 2015 PCI Compliance Report*

More Cyber Threats6. Payment Systems

7. Attacks through Employee Systems

8. Integrity Attacks

9. Insider Threats

10. Cloud Services.

Source: 2015 Global Megatrends in Cybersecurity, Raytheon & Ponemon Institute, February 2015

78% said their boards had not been

briefed even once on their cybersecurity

strategy over the past 12 months*

Current State Existing systems

Existing partnerships and integrations

Growth of connected devices and integrations

Movement to cloud systems & computing

Highly regulated companies moving to the cloud.

Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.

Future State

Dramatic growth of connected devices & customer data

Increased cyber threats

Changing laws and regulatory landscape

Increased regulator and auditor scrutiny

Rise of class action and derivative suits.


Regulatory & Real Risk Regulatory standards and real risk

Appetite for risk and understanding therefore

Access and data management

Third party vetting of security and access

Third party data management

Anecdotal examples.


Cyber Aggressor, circa 1990

The details?

• Small Size Company

• New Employee Hired

• Passed Background Check

• Walked Away With Thousands…


Where Do You Start?

Key Areas For Improvement

1. Risk Measurement

2. Business Engagement

3. Controls Assessments

4. Third Party Risk Assessments

5. Threat Detection.

Source: RSA/EMC, “Security for Business Innovation Council Report”

Security in the Boardroom1. Understand fiduciary responsibilities

2. Embrace education and awareness

3. Determine your risk profile

4. Define your risk appetite

5. Take reasonable steps to show due diligence

6. Instill a culture of monitoring, reporting & accountability

7. Confirm appropriate resource allocation

8. Know your regulator, know your industry.


Build Your ProgramStrategic elements to build a successful InfoSec program:

Develop a ‘need to know’ culture regarding information

Establish an information security team

Understand your regulatory and compliance landscape

Assess your threats, vulnerabilities and risks

Create a risk mitigation strategy, develop a plan

Manage & secure third-party business relationships.


Build Your ProgramOperational elements to build a successful InfoSec program:

Manage information assets and protect the crown jewels

Secure your computing technologies

Manage access and user ID life cycle

Implement security controls and audit them

Build user awareness and conduct ongoing training

Create an incident response plan and practice it.


Customer & Vendor Experience It starts with exposure

What is asked of the client by the vendor

Up-to-date integration techniques

SFTP, SOAP, REST, API

Maturity in system, process, testing, documents & support

Antiquated vs. Current vs. Bleeding Edge.


Recommendations1. Shift focus from technical assets to critical business processes

2. Institute business estimates of cybersecurity risks

3. Establish a business-centric risk assessment process

4. Focus on evidence-based controls assurance

5. Develop informed data collection methods.

Source: RSA/EMC, “Security for Business Innovation Council Report”