Glancing at news headlines on any given day provides constant reminders that focusing on cybersecurity is not only important but a necessary function of every successful business. That’s a reality that USAble Life takes very seriously. “Cybersecurity is a strategic imperative for the company,” explains Nick Tzanev, senior director, IT. “If we do our job right, we can protect our customers’ data and the reputation of our partners. My job is to protect and to enable.”
Comprehensive layers of security
The power of partnership involves holding USAble Life to the standards set by our partners. That includes submitting to annual audits by our partners and complying with state insurance regulatory agencies that typically conduct audits every five years.
USAble Life also purchases and conducts testing independent of regulatory requirements. The company hires independent security testers to assess the effectiveness of its security controls, maintains cyber insurance, and has cybersecurity and incident response companies on retainer. To further ensure the integrity of our data protection protocols, USAble Life recently launched a comprehensive third-party risk management program and system to validate our partners and ourselves against industry standards.
“Every company is protecting against the same adversaries,” says Nick. “Our partners, competitors — all companies — have common goals that are of national interest. We are a critical infrastructure organization that protects the most sensitive data.” That’s why USAble Life works with federal agencies like the Cybersecurity & Infrastructure Security Agency (CISA) to validate our external security posture. And the company is Service Organization Control (SOC) 2 Type 2 compliant. SOC assessments validate the organization’s ability to handle sensitive information. USAble Life also submits to being assessed against National Institute of Standards and Technology (NIST) standards. We consistently rank above our peer group (by 14%).
“We base our security posture on what our partners need to do,” Nick says. “We have comprehensive layers of security that include 24/7 monitoring with industry experts and business partners, like Microsoft. We work with some of the best names in the industry to protect the data and reputation of our partners, customers, and employees.”
An enterprise-wide effort
As cyberattacks increase in frequency and become more sophisticated, educating employees about how they can protect our data and networks is also imperative. That’s why all USAble Life employees are required to complete periodic cybersecurity training that addresses common and emerging threats, such as phishing, ransomware, and social engineering.
Taking an “all-hands-on-deck” approach to cybersecurity protects our partners, customers, and teammates from the negative financial impacts and reputational damage that often result from data breaches. To learn more about USAble Life’s commitment to online safety, visit USAbleLife.com/security.