It’s understandable that the focus is on capabilities when evaluating an automation vendor - you need to know first and foremost if their product can truly meet your organization’s needs. The conversation usually pivots to cost - vendor software licensing, potential professional services needed, in addition to talent allocation from your own company.
What should also be occurring in parallel with learning about features and pricing is carefully evaluating how a solution provider would protect and secure one of your organization’s greatest assets - your data.
If an information security assessment is never completed, the reality is the risk of a major data breach that will damage your business and reputation is only a matter of when not if. When this evaluation is only initiated as the last step before signing a contract, you’ve lost - if not wasted - time.
Either you go into a holding pattern, as your data security team works with the solution provider to complete the assessment, and you’re not able to yet launch your important automation project.
Or the worst outcome becomes your reality if the vendor solution is found to not meet your company’s information security requirements. Now you’re back at square one to look for other automation options. You’re late even before you can get to solving business problems, improving the customer experience, and eliminating manual tasks for your employees.
In Part 1 of our Information Security (InfoSec) blog series, we introduced the idea of a vendor embracing a proactive information security approach as being mission-critical to protecting your - and your customers’ - enterprise data. Here in Part 2, we will discuss 6 important considerations for delivering the two key components of information security - cybersecurity and operational security, including Ushur’s recommendations for combating the associated challenges.
Cybersecurity focuses on protecting networks and systems from digital attacks. This is an increasing threat not only to businesses but also governments and our personal lives. Not a week goes by where we don’t read about a data breach at a company or a ransomware attack on a community. And we are all probably receiving phishing emails daily at home, as criminals try to access our personal data.
Operational security consists of the procedures and protocols used to maintain and enhance cybersecurity. If cybersecurity is the fortress, operational security is the camera system monitoring the perimeter to ensure all gates remain locked.
Virtual Private Network (VPN) Techniques - Threats to your company’s network security are evolving minute-by-minute, as criminals develop new ways to detect - if not create - vulnerabilities to break in online. A VPN creates a secure, end-to-end connection, keeping activity on a public internet connection anonymous, private, virtually untraceable, with security and encryption. Introducing VPN features to your company’s network connections will strengthen the security of your external touchpoints. Regular and extensive auditing of any connections with an automation service provider is essential, to detect any warning signs of a potential problem emerging on their end.
Network Redundancy - For anyone who has strung up holiday lights, all it takes is one bulb to go out and the whole string goes dark. Hence it’s vital for companies to have multiple options for network activity to travel, so a problem with one server doesn’t bring business to a halt. This “distributed architecture” is something you would want to see in place with an automation service provider. You will be leveraging their tool to conduct your business and you want high confidence that they have addressed any risk of downtime.
Distributed Denial of Services (DDoS) Prevention - DDoS attacks involve bombarding a website with more traffic than its network can handle, to hopefully force it to shut down. When successful, a DDoS attack does major reputational damage to a company and can be both expensive and time consuming to repair. When selecting an automation solution provider, you want to be sure that they have DDoS preventative measures in place, including with any cloud partner in use.
Change Management - Your company has a robust change management process in play to ensure any and all technology changes individually and in concert are technically compatible. This prevents a security gap that could emerge if one or more systems within your organization are no longer fully functional. An automation solution provider should be able to walk you through their change management policy - both how they manage change within their environments and how they will collaborate with you, as their customer, when they update their applications that you are using. This includes how they screen their code for potential security issues, including using code analyzer tools and a manual review process.
Compliance Management - More and more legal data protection requirements are emerging, specific to a state or region, like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA). Plus, there is the Health Insurance Portability and Accountability Act (HIPAA). An automation solution provider should be able to explain how they ensure for each customer that they are adhering to that customer’s strictest data security requirements.
Administrator Access - Managing systems and hardware requires some people to have extra access privileges so they can modify settings when needed. Some refer to this as “root” access. Admin access must be tightly managed and closely monitored to maintain the expected level of security over time. It’s important to understand how an automation solution provider limits access to their test and production environments. Ideally, multi-factor authentication is in use, with logging of all sign-ons and regular access audits.
Be proactive and be informed. Ask questions as you explore new vendor partnerships. Be sure your business and technology teams are partnering early in the exploration process, to complete a 360 degree assessment as quickly and effectively as possible. Information security should be a shared responsibility for everyone in your organization.These cybersecurity and operational security best practices will help you safeguard your data.
To learn about how Ushur uses a proactive and end-to-end security approach to protect clients and arm them with confidence, check out our Information Security Whitepaper, where we discuss our security practices and protocols in-depth.
Looking to automate your customer engagements with a vendor that prioritizes your data security?
Ushur delivers the world’s first AI-powered Customer Experience Automation™ platform that has been purpose-built, from the ground up, to intelligently automate entire customer journeys, end to end. Designed to deliver delightful, hyper-personalized customer experiences through rapid issue resolution and unified, omnichannel engagement, Ushur is the first-of-its-kind system of intelligence. It combines Conversational Automation and Knowledge Work Automation in a No-Code, Cloud-native, SaaS platform to digitally transform every step of the complete enterprise customer experience – from Micro-engagements™ to entire customer journeys.
Backed by leading investors including Third Point Ventures, 8VC, Pentland Ventures, Aflac Ventures and Iron Pillar, Ushur’s Customer Experience Automation™ solutions are currently in production at some of the leading insurance providers across the globe including Irish Life, Unum, Aetna, Cigna and Tower Insurance.
Have you ever wished that it was easier to interact with an insurance carrier? We all know that waiting on hold for what can feel like forever and scouring the Internet for answers to seemingly basic questions are major hurdles that can cause most customers to approach simple tasks, such as filing an insurance claim, with caution and dread. With Ushur’s omni-channel Virtual Customer Assistant (VCA) powered by Conversational AI, insurance carriers can automate servicing for their end users in their channel of preference. That’s why Ushur has added WhatsApp, a popular communication tool used by 2 billion people worldwide, as a communication channel.
The insurance policy is a contractual agreement that stipulates, in exchange for payment, a person or business will receive reimbursement or financial protection against losses from an insurance company. In other words, if the required premium is paid, a customer will be paid for covered damage, injury, illness or loss.
Insurance is one sector of the financial services industry which has faced challenges as it embraced the digital revolution - first by choice and then by necessity following the pandemic lockdown. Cloud computing has taken hold, but some carriers are early in exploring solutions like artificial intelligence and machine learning.Insurance companies are eager to find technologies that cannot just improve but differentiate their overall customer experience, ideally while also reducing operational expense. One specific area insurance companies are looking at closely is claims service and process automation or as Ushur likes to call it, the future of insurance.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.