Tag Archives: mobile apps

Mobile Apps and the State of Privacy

Mobile applications or mobile apps or just plain apps are software programs designed and developed to run on a mobile device.

Mobile apps can be downloaded and accessed directly by users using their smartphone; tablet; mobile phone; PDA; etc., and they can be downloaded by one or more of the following ways:

  • Via the mobile operating system owner’s online app store or the internet (e.g. the Apple Store);
  • Preloaded by your internet provider.

Some apps are “free” – meaning they are not purchased with real money by the user but funded by advertisers (whose ads dominate and sometimes interfere with the use of the app), while other apps must be purchased with real money by the user

According to Ericsson, as of March 2018 there were 7.9 billion mobile device subscriptions worldwide. There were 98 million new subscriptions during the first quarter of 2018. Mobile application subscriptions associated with smartphones now account for 68% of all mobile phone subscriptions. That number exceeds the population in many countries. It is estimated that by 2020 almost 75% of the global population will be connected by mobile. Much of this growth will come from Asia, and in particular China, which will account for almost half of app users in 2020 (source: Ericsson.com – Mobility Report, June 2018).

This rise in mobile use, and the ever-increasing departure by marketers from traditional marketing to selling brands and products through mobile applications, has led to developments in technology that will continue to transform how the world communicates.

So, if you use a smartphone or other mobile device to access the nternet, chances are you have downloaded, or your mobile device came with pre-loaded, mobile apps that you are accessing and using for many of your online activities instead of just an internet browser.

There are hundreds of thousands of apps available. They are easy to download and extremely convenient. These mobile apps allow users to:

  • Access and read the news/books
  • Play games
  • Stream music
  • Take photos
  • Watch videos
  • Monitor their heart rate
  • Work out with a fitness regime
  • Get directions and maps
  • Find a nearby restaurant
  • Get the weather report
  • Pay for purchases on the spot
  • And a whole bunch more

Awesome, yes.


Along with the exciting capabilities mobile apps offer, it is prudent to keep in mind that with the expanding functionality that mobile apps provide when integrated into mobile devices, the online worldwide privacy risks and the concern of how to protect the user’s (your) privacy increases.


Because mobile apps can collect all sorts of data and transmit it to:

  • The app developer;
  • The app store;
  • The internet provider;
  • The platform owner of the mobile device operating system; and
  • Third-party advertisers or an ad network

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

The bottom line is: This data being collected from you, including your personal and private information, may then be shared or sold by these entities in their sole discretion to other companies or entities around the world and oftentimes without the user’s (your) permission or knowledge.

A case in point: In FTC (Federal Trade Commission) vs. Frostwire LLC), the FTC sued the developer of a peer-to-peer file sharing mobile app. The complaint alleged that the app’s default settings were configured so that, immediately on a user’s installing and setting up the app on a mobile device, it would publicly share files stored on that device. According to the FTC complaint, the default settings were likely to cause users to unwittingly disclose personal files stored on their mobile devices. Among other things, the settlement:

  • Bars the company from using default settings that share users’ files.
  • Requires the app to provide clear and prominent disclosures about file sharing and how to disable it.

The question then inevitably becomes:

How private and secure is your private and personal information when accessing and using a mobile application that is now integrated within your mobile device(s)?

This article is intended to explore and answer this question from the perspective of the risks to your (the user’s) private and personal information in the access and use of mobile apps, as well as recommendations on how to manage these risks.


See also: Do Health Apps Threaten Privacy?  

Using Mobile Apps

When you directly download and install an app, or your internet service provider pre-downloads and installs an app or applications you decide to activate on your mobile device, you are instantly allowing that app or applications to access data stored on your smartphone or other mobile device.

The app’s access to your data could be limited, or it could be an app capable of accessing large amounts of information, including:

  • Your personal and private information
  • Information on and of your friends and associates
  • Family photos and videos
  • Your phone and email contacts
  • Call logs
  • Internet data
  • Calendar data
  • Health data
  • Data about the device’s location
  • The device’s unique IDs
  • Information about how you use the app itself
  • Your web browsing history, etc. that is stored on your mobile device

So before you download an app or use a pre-loaded app it may be wise to understand at a minimum:

  • What of your data the app is going to collect
  • How it stores your data
  • Where and what other devices or entities is your data going to be shared with

To get the answers is easy, right? You just go to the app’s privacy policy.

Yet, the reality is that it is foolish to assume that any data is private in the mobile app world, or that the mobile app world has taken the responsibility to protect a user’s right of privacy seriously, because almost all mobile apps do not have privacy policies. Are you shocked to learn such a fact? I certainly was!

So why don’t the majority of apps have privacy policies? Because:

  • Most developers think it is technically too complicated and time-consuming as they rush to develop apps; or
  • Some developers are focused on getting new products to market to meet a deadline at the behest of an organization, and adequate consideration of privacy and security is not a priority, if at all; and
  • There is a belief among some developers and organizations that no one, (e.g. the user or the FTC or the courts), is really enforcing the laws governing privacy in the mobile world.

At this point, I believe it is worth noting again: These apps collect and store a tremendous amount of information. Even apps that appear to ask for permissions during installation can become a back door to your mobile devices and your private and personal information, along with that of your friends and family.

So, what does this mean for organizations (as well as the developers) of the apps they offer?

Well, first and foremost, for organizations (and developers) to dismiss the safeguarding of a user’s privacy whether technically, legally or morally in the interest of following the money, suggests a failure of transparency to the user in how those organizations collect, use and share personal and private information.

So what can be done to address this concern?

As a start, certain attorneys general and legislators in certain states in the U.S. have started to advocate and support new laws as well as to enforce current laws governing privacy in the mobile world.

So let’s take a moment to discuss some states’ actions:

California has long been a leader in privacy legislation to ensure that cutting-edge innovations, inclusive of mobile apps, are developed responsibly to protect users’ private and personal information.

To that end, In 2004, California enacted the California Online Privacy Protection Act (CalOPPA) requiring commercial operators of websites and online services, inside and outside of California, to conspicuously post clear, detailed privacy policies to promote transparency, be reasonably accessible to consumers of the online service and enable consumers to understand how companies collect, use and share personal information and those third parties with which they share that information.

One of the principles agreed on is to make mobile apps’ privacy policies available to users on the app platform before they download the app. This will give them the opportunity to either opt-in or opt-out before they download or activate the app, as opposed to having no real choice after the fact.

If developers and companies do not comply within 30 days after being notified of noncompliance, they can be prosecuted under California’s Unfair Competition Law or False Advertising Law.

For example:

The attorney general considered any service available over the internet or that connects to the internet, including mobile apps, to be an “online service.” Based on this interpretation, letters were sent to up to 100 non-compliant apps at the time, starting with those available for mobile users that were the most popular. The companies were given 30 days to conspicuously post a privacy policy within their app that informed users of what personally identifiable information about them was being collected and what would be done with that private information.

Delta Airlines was among the recipients of this letter. In December 2012, the attorney general of California, Kamala D. Harris, announced the first legal action under California’s online privacy law against Delta Airlines, for failing to comply with the 30-day notice letter to conspicuously post a privacy policy within the mobile app “Fly Delta.”

The suit sought to enjoin Delta from distributing its app without a privacy policy and penalties of up to $2,500 for each violation. The suit was filed in the San Francisco Superior Court.

It is no secret that California is currently unique in applying its privacy law to mobile apps, and many states look to California as a leader in this area. It is anticipated that more dedicated state laws will be forthcoming based on these actions.

But it is not just states in the U.S. that are concerned about mobile app privacy. This concern reaches across the pond. It is, therefore, important to note the actions of other countries, as well.

See also: Blockchain, Privacy and Regulation  

The European Union

The ePrivacy directive (2002/58/EC, as revised by 2009/136/EC) sets specific standards for all parties worldwide that wish to access and store information already stored in the mobile devices of users located in the European Economic Area.

The most important of the standards in regard to developing for mobile platforms is article 5(3) stating that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent. This consent needs to be based on the user, having been provided with clear and comprehensive information by the mobile platform, in accordance with Directive 95/46/EC. For example: a clear explanation of the purposes for which the mobile platform is processing and storing the user’s information.

So the bottom line is this: It is important for organizations and app developers to know that these directives are imperative laws in that the individual’s rights are non-transferable and not subject to contractual waiver. This means that the applicability of European privacy law cannot be excluded by a unilateral declaration or contractual agreement.

As a result, the mobile app developer or organization must:

Provide a readable, understandable and easily accessible privacy policy, which at a minimum informs users about:

  • Who they are (identity and contact details)
  • What precise categories of personal data the app wants to collect and process
  • Why the data processing is necessary (for what precise purposes)
  • Whether data will be disclosed to third parties (not just a generic but a specific description to whom the data will be disclosed)
  • What rights users have, in terms of withdrawal of consent and deletion of data

Note: Similar laws exist in other countries as well with slight modifications. It may be of interest to you to read in their entirety such similar laws, particularly your own country’s law.

Multiplying the Risks

The online worldwide privacy risks associated with the use of mobile devices increases with the use of mobile applications, not only because of the lack of privacy policies and transparency associated with the applications, but because mobile apps have their own unique set of challenges for the user who cares about mobile privacy, such as:

  • Mobile devices hold personal information for a long time by design. In other words, nothing is ever erased. This information is provided and accessed by the developer as he/she designs the mobile app and then disseminates it to the world. For example: If an organization requests or pays for a developer to develop an app, the organization provides the developer access to the user information stored on the mobile device or devices to which the app will be downloaded. That information is then stored in the new app for dissemination to the world.
  • Encrypting information is not foolproof to protect privacy, as encryption on both the Android and iPhone can be broken with minimal effort. In addition, it is not that difficult to extract data from a passcode-protected device. In other words: Never underestimate a hacker.
  • Mobile app developers rely on and use hardware device identifiers (hardware IDs) to track users and to enable:
    • Their apps’ functionality
    • Content
    • Advertising providers to track users across many mobile apps

It’s important to understand the key difference between hardware IDs and identifiers associated with social media platforms’ browser cookies.

The key difference between hardware IDs and identifiers associated with website browser cookies is that hardware IDs are permanently associated with the device. By deleting cookies and local shared objects, an end user can typically prevent a certain amount of tracking and retain some degree of anonymity from third parties. Each time the third party’s servers connect with the end user, the third party must set new, different, unique identifiers.

However, in the mobile app context, even if a user deletes the app, clears all web content, wipes all storage and restores factory defaults, the hardware ID remains unchanged. Third parties that have tracked the end user’s network traffic and stored that information can still associate it with the end user’s device.

In other words, hardware IDs are unique and permanent identification numbers, or character strings, associated with a device, and they can practically not be deleted or reset by a user.

As a result, even if a user deletes the app, clears all web content, wipes all storage and restores factory defaults on their browser, the hardware ID remains intact. Third parties that have tracked the user’s network traffic and stored that information can still associate it with the user’s device and identify that mobile device for the life of the device. This has prompted objections from privacy advocates regarding the use of hardware IDs for tracking purposes.

Types of hardware IDs include:

  • Cell phone radio (mobile equipment identifier (MEID))
  • International mobile station equipment identity (IMEI)
  • Wi-Fi radio (media access control (MAC)) address
  • Bluetooth radio identifier
  • Platform-specific identifiers (e.g. Apple’s unique device Identifier (UDID). Note: although Apple prohibits its developers from accessing UDID, in an analysis conducted by Appthority in 2013, 5.5% of the tested iOS apps were accessing it anyway.
  • Integration of apps with social media platforms, giving them even more of a user’s private and personal information. For example: Facebook, in response to the pressure from its stakeholders to make more revenue via mobile advertising, is streaming advertisers’ ads via mobile applications that also allow them to leverage the Facebook Connect feature, which invites users to sign into numerous apps and websites using their Facebook identity. This provides Facebook and its advertisers with the ability to monitor the actions that users take in all such apps, which in turn has potentially many monetarily satisfying commercial opportunities for Facebook, its partners and advertisers. These mobile ads are getting more and more aggressive, such as accessing and transmitting personal information and changing phone settings without user consent (reference: Lookout-a mobile security firm). Even if a developer is cognizant of the importance in providing users with a privacy policy that actually protects their private and personal information and does so, such a policy is often long and difficult to read on devices with smaller screens. (Try reading the Apple Store privacy policy on your mobile device).

Other Risks

Wow! After that litany of unique risks, it may seem difficult for some of our readers to believe there are other risks a user needs to be aware of – but there are.

For instance: children and mobile applications.

  • The apps collect personal information
  • The apps let children spend real money even if the app was free.  For example: The game Robolox is free. It also allows the user to enhance one’s character in the game by “purchasing” various add-ons by using points earned during the game (i.e.: swords, helmets, the Phoenix, etc.). However, if you do not have enough points, you can use real money (usually from mom or dad’s credit card) to buy the points you are lacking to purchase the coveted add-ons.
  • Apps include ads (which is extremely annoying to most children – and – raises the question: Is there any violation of the Children’s Online Privacy Protection Act (COPPA) as amended effective July 2013 to include the mobile app space).
  • Apps link children to social media web services without the parental notice and consent COPPA requires. (reference: see Children’s Online Privacy and Apps section of COPPA 16 C.F.R Part 312), and
  • Surprise of surprises, the apps most likely will not tell you they are transferring data (how can they when most of them choose not to be transparent with the user?)

The point is: Mobile applications can pose significant privacy risks for organizations, their customers/clients and individuals worldwide if they are not made aware of how their personal and private data is used.

So how can you, as the user of these apps that organizations provide you to download or you buy directly from developers (such as Rovio, which is the developer of Angry Birds) manage the risks threatening your mobile app privacy?

Well, the truth of the matter is: There is no easy way to know what data a specific app will access or how it will be used.

However, if possible:

Before you download or access and activate a pre-loaded app, find out who created the app and for what purpose; look at screen shots; read the description, content rating and any users’ reviews. .

In other words: Do your due diligence, and only access and use apps from trusted sources.

Managing the risks of how an app stores your data (as an individual or an organization)

For mobile apps, as well as social media platforms, user data can be stored remotely on servers on the web. However:

In the social media platform or website context, most user data stored locally is stored centrally in browser files, while in the mobile app environment it is stored locally by each app.

Therefore, your information stored in a mobile app is not centrally located but is splintered and app-specific, making it more difficult if not impossible for users to know how much of their data is stored in each app and disseminated externally to third parties.

Additionally, mobile apps generally do not provide tools to the user to:

  • Access local storage to review what the app has stored of the user’s information; or
  • Manage the content of the information stored

The foregoing is another way of reinforcing that, as a rule, realistically and practically users do not have any control or access to their data that is stored on a mobile app, This lack of control includes access to manage the use of their personal and private data or any other part of their data for that matter.

Don’t provide your credit/ATM card information

Some mobile payment acceptance applications that are marketed and sold to retailers, airports, etc. for processing of credit/debit card information will store such information on the user’s mobile device if there is no internet connection available at the time and then send it when a network connection can be made.

The point? Any time data lingers on a device, even if encrypted, there is a higher risk of that data being compromised (need we say “Target”?).

Currently, a user has no means to manage this risk except to not provide this information.

See also: Wearable Tech Raises Privacy Concerns  

On the other hand:

To manage your risk for those mobile payment acceptance applications you have on your own mobile device, check to see if your payment acceptance application has a “store and forward” feature, and, if it does, turn it off.

  • Location information. Many apps track your location There are location-based mobile application services like Yelp and Foursquare that need your location to function properly. However, there are also apps (such as a simple flashlight) that do not need your location to function and yet still track it.
  • Some apps provide location data to ad networks, which may combine it with other information in their database to target ads based on your interest and your location
  • Once an app has your permission to access your location data, it can do so until you change the settings on your phone
  • However, if you don’t want to share your location, you can turn off location services in your phone’s setting. The downside is even if you turn off location services it may not be possible to completely stop the app from broadcasting your location data.

Bottom line: Now that you have the information, use it wisely in making your decision to download or activate a pre-loaded app that will provide specific location data

Managing where and what other devices or entities your data is going to be shared with

Users should not assume any of their data is private in the mobile app world or that the mobile app world has taken the responsibility to protect your right of privacy seriously.

For instance: Many apps send users data via unencrypted connections that potentially expose users’ personal and private data to everyone on a worldwide network without the user’s knowledge or permission.

The lesson, therefore, in how to manage the risk of a mobile application violating the privacy rights of an organization as well as its customers/clients and the individual user is to understand that currently there is little or no privacy protection for users of mobile applications, and based on that understanding, as well as doing your due diligence, make your decision as to whether to access and use an app accordingly.

Follow (or I will be writing about them, as well) the developments of:

  • The Federal Trade Commission’s increasing focus on the subject of mobile app privacy or lack of same to determine FTC’s regulation and enforcement.
  • The multi-stakeholder process facilitated by the National Telecommunications and Information Administration to develop an enforceable code of conduct on mobile app transparency.
  • The implementation of the recommendations of Kamala Harris in her white paper “Privacy on the Go,” describing an approach for developers and other players (like the mainstream social media platforms, which provide the user information to the developers) in the mobile app world to consider when designing the app.
  • State/country legislative and enforcement actions to achieve privacy controls that allow users to make, review and change their privacy choices based on widely accepted fair information practice principles (FIPPs) that form the basis for many privacy codes and laws in different parts of the world.


Users care about mobile privacy, and, yes, they do find value in mobile apps. They are also eager to try them as they are released (as opposed to waiting for several versions to have been tested first).

However, as Harris said: “Losing your personal privacy should not be the cost of using mobile apps, but all too often it is. Users of those apps deserve to know [and have the ability to control] what is being done with their personal information.”

I would submit to you that It should now be clear that the risks to one’s personal information is substantial when using mobile apps and that these risks are good enough reasons as to why a developer or the organization that engages the developer as well as other stakeholders in the world of mobile apps should first and foremost begin with the mindset of worldwide privacy and security of a users’ personal data in the initial design of any mobile app.

How to Bring Distribution Into Sync

We’ve been taking a look at how a confluence of forces are having an impact on insurance distribution and how insurance companies need to respond by following a 2D strategy.

In my first two blogs, we detailed the four fundamental drivers of the changes. In my first blog post, “Bringing Insurance Distribution Back Into Sync Part 1: What Happened to Insurance Distribution?”  we talked about how new expectations are being set by other industries and technology.  Last time, in “Unending Waves of Change in Digital Expectations and Distribution Issues ,” I discussed the other three of the four fundamental drivers: that new products are needed to meet new needs and risks distributed in new channels; that channel options are expanding; and that the lines are blurring between insurance and other industries.

Today, we’ll dive deeper into the components of the 2D strategy, which calls for:

  • Optimizing the front-end with a digital platform that orchestrates customer engagement across multiple channels
  • Creating an optimized back-end that effectively manages the growing array and complexity of multiple distribution channels beyond the traditional agent channel.

Optimize the Front End

The digital revolution is being powered by an array of technologies and the changing expectations of customers across all demographic groups. As customers gain market power, they are increasingly comfortable with technology, have a stronger voice and are willing to use it to make their expectations and needs known. In this new world, all technology should be viewed as customer-touching, because it directly or indirectly influences the customer experience.

As a result, many insurers are rapidly investing in digital initiatives and technologies, but too often they do so in a tactical, fragmented and reactionary approach. In today’s world, insurers must look to orchestrate the customer experience through any channel and technology that consumers choose to use. Whether they choose agents, websites, mobile apps, portals, compare sites, aggregators or retail firms, consumers want a consistent and compelling experience that gives them confidence in the insurer.

This demands a platform that enables personalization of portal and mobile solutions based on the unique customer journeys and personas defined by each insurer. To fulfill their unique and multi-channel distribution and customer experience needs, the platform must be integrated with other core insurance solutions as well as an extensive partner ecosystem that integrates content, channels and technology.

Optimize the Back End

In a fast-paced competitive market, distribution channels and effective management of those channels is increasingly critical. Designing, developing, maintaining and managing productive channel relationships is crucial to achieve sustainable competitive advantage.

Effective distribution management should cover a broad array of capabilities to drive operational effectiveness (including distribution registration and licensing); compensation plan design and configuration; compensation payments and reconciliation; and performance management reporting and analytics. Channel management and productivity are critical in contributing to overall growth and profitability. The ability to improve channel productivity, reduce sales cycles and increase cross-sell and up-sell opportunities is increasingly important for long-term success.

To stay competitive and keep distribution channels engaged, insurers are increasingly putting a priority on servicing these channels. From providing access to their production and compensation reports to providing new leads and licensing compliance and education, these all offer opportunities for channel service excellence to retain and grow the channels. Enter the growing need for effective distribution management and systems that improve carriers’ capabilities to manage multiple channels and multiple factors.


An insurer can have the best insurance products, pricing and advertising to build its market presence, but if it doesn’t have a distribution ecosystem underpinned by a connected, digital front-end and a robust distribution management system on the back-end to optimize and maximize these channels, its customer growth and retention potential will remain limited. If it is difficult to effectively manage or, better yet, optimize compliance, compensation and performance of distribution channels, insurers could end up losing business to competitors that can.

Customers expect and demand multiple, coordinated channel options to learn about, shop for, buy and use products and services, and insurance is no exception. Just as long-established retailers will remodel every few years, the place you meet your customers can’t remain untouched without your organization and its products losing their sense of value. Building an integrated digital distribution framework within a foundation of modern distribution management capabilities will provide new efficiencies, new opportunities and additional fuel for growth.

It’s a Good Time to Be in Insurance

Today, the insurance industry is healthy and strong, with high levels of organic revenue growth and rising profit margins across the independent agency and brokerage channel. According to Swiss Re, mergers and acquisitions (M&A) activity continues to trend upward in terms of both the number of acquisitions and the average price paid per agency.

As we start a new year, it’s important to keep in mind how much the insurance industry has evolved since it first began. From the first policy to protect shipments at sea, to coverages for new risks like cyber security that were unimaginable in years past, insurance has always been a critical component in human progress. It has allowed people to follow their dreams and take risks. No one would purchase a house or build a new industrial complex with the underlying belief they could lose it all.

What’s Ahead

We’ve seen how insurance has adapted over the years, but what’s next? With organic growth and acquisitions higher than ever, now is the time for your agency or brokerage to fully embrace digital technology to take advantage of every business opportunity in a market primed for profitability.

Why go digital?

  1. Your clients expect it
    Today’s insurance consumer is fundamentally changing business and customer service models. Consumers are more mobile than ever. Media and news are now consumed on the go, and personal and business transactions via mobile apps are part of everyday life. The demand for 24/7 access to information is requiring nearly every industry to reevaluate how it operates to meet these new customer expectations – and the insurance industry is not immune. In fact, in a recent survey conducted at this year’s Applied Net conference, agents and brokers ranked changing customer demand as the main catalyst to increasing their technology investments.


Agencies and brokerages should also consider that the next generation of tech-savvy insurance consumers will also be the next wave of insurance employees. They bring a new set of expectations to the workplace as insurance professionals from the baby boomer generation begin to retire.

Delivering a digital customer experience has become table stakes for the next-generation trusted adviser. The insurance experience of yesterday is no longer sufficient with today’s demands and tomorrow’s expectations.

  1. Your business requires it
    The increased pace of business to keep up with consumer demand can make staff feel like there are not enough hours in the day. Digital technology simplifies processes and eliminates manual tasks. In the Applied Net 2015 survey, when asked which technology most improves productivity, respondents strongly indicated that standardized workflows and agency-insurer interface are seen as the greatest source of efficiency gains.


Advanced software, such as Applied Epic, delivers pre-built, best-practice workflows to streamline processes and reduce time spent on duplicate tasks. Additionally, end-to-end transactions between a business and insurers need to happen within the management system for optimal productivity and efficient business operations. For agents using IVANS Download, employees save an average of two hours per employee per day.

The Makings of a Digital Agency or Brokerage

Digital transformation reflects the transition of taking manual, paper-filled processes to digitally automated workflows powered by software and the Internet. A “digital agency” is one that has undergone a digital transformation to drive growth and profitability across its lines of business. It experiences many digital, paperless interactions and transactions per day with insurers and insureds and among staff.

A digital agency is built on 5 pillars:

  1. A single agency or brokerage management system to serve as the operational foundation. Your system should be able to manage every type of business from personal lines, commercial lines, benefits and risk management, and it should connect all of your staff within your agency or brokerage including CSRS, producers, accountants and principals. Consider this: 50% of the insurance industry’s workforce will retire in the next decade. Can new staff be efficiently trained on your agency management system?pic3
  2. Big data evaluates ways to mine and analyze the rich transactional data in management systems. There is an abundant amount of data in your management system, but do you have the technology to quickly gain insights? Data analytics uses advanced technologies to analyze vast amounts of data and produce analytic insights in visual representations much more rapidly than traditional tabular reports. Consider this: Companies that use data analytics are five times more likely to make faster decisions than their peers.pic4

  3. Insurer connectivity creates a digital connection between your management system and your chosen insurer partners. It’s important that agencies and brokerages have access to the best products and the best insurers to meet the risk needs of each client, and connectivity allows just that. Consider this: 69% of survey respondents found the availability of automated insurer interface to be very important when selecting insurers to do business with.pic5
  4. Mobility gives agents and brokerages the ability to interact with prospects, clients and employees in the field via insurance-specific mobile apps and client portals. It becomes much easier to obtain information when you have your smartphone or tablet in a time of need. Consider this: 76% of Millennial survey respondents believe access to information via a mobile app is important.pic6

  5. The Cloud allows your staff access anytime, anywhere, as well as full security and data backup. Hosting your software in the cloud leads to increased flexibility, security and business agility. Consider this: Today, 77% of organizations cite agility as the primary reason of moving to the cloud. Whether you are scaling up via organic growth or M&A or scaling down to be sold, the cloud allows your business that flexibility.pic7

Step into the Digital Age

With today’s customers expecting more and increased competition redefining the insurance industry, digital technology simplifies and amplifies current processes. It expands communication channels – to clients and insurer partners. It mobilizes your staff from their desk to the field. Digital technology elevates your role as a trusted adviser, making you present at all moments of opportunity – any time, anywhere.

As each year goes by, we strive to be better and do more for our customers. Business as usual is no longer enough. The strategy? Your foundation has to be more advanced, your communication channels need to be open and your business must be mobilized. Growth-minded agencies and brokerages have a great opportunity ahead.

Phishers’ New Ruse: Trusted Tech Brands

Most of us don’t think twice about opening and maintaining multiple free email accounts where we live out our digital lives. And we’re getting more and more comfortable by the day at downloading and using mobile apps.

Yet those behaviors can harm us. ThirdCertainty sat down with David Duncan, chief marketing officer for threat intelligence and security company Webroot, to discuss how cyber criminals are hustling to take advantage of our love of free Web mail services and nifty mobile apps.

Infographic: Where malicious phishers lurk

3C: Phishing attacks leveraging our love of Google, Apple, Yahoo, Facebook and Dropbox are skyrocketing. How come?


David Duncan, Webroot chief marketing officer

Duncan: There are 10 times more phishing attacks based on emulating tech companies than financial firms. You’d think it would be the other way around, but it’s not. The focus is on stealing information from your various email accounts because it’s easier to spoof people into acting on something that appears to come from Google or Apple than from Bank of America or Citibank.

Free resource: Stay informed with a free subscription to SPWNR

3C: Because we’re less suspicious of Google and Apple than big banks?

Duncan: Yes. Phishers prey on the fact that we see those brands as trustworthy brands.

3C: What ruses should folks watch out for?

Duncan: It’s the typical ones. You’ll get something advising you of the need to change your password or share your contacts. They’ll send you a link to click. A certain percentage of gullible users will click on the link and follow instructions to give up their credentials.

I can’t say I know of any specific new strategies other than the fact that the focus is on impersonating big domains like Google and Yahoo because people don’t think too much about something that appears to be coming from those trusted sources.

3C: Is there really a one-in-three chance the average person will fall for a phishing scam?

Duncan: Yes, there is a 30% chance of Internet users falling for a zero-day phishing attack over the course of the year. It used to be about one out of every seven phishing emails actually got through. But we’re human beings, which means we’re gullible.

3C: What about mobile apps? What’s the risk there?

Duncan: A year ago, we tracked about 8 million mobile apps, and around 75% were trustworthy and 10% were benign. So 15% were malicious or suspicious. Now we’re classifying 15 million mobile apps, and we’re finding 35% to 40% are suspicious or malicious in character.

3C: That’s a pretty significant change.

Duncan: People don’t think of installing an app on their mobile device as installing a potentially unwanted application that’s being delivered from an untrustworthy app store.

3C: So is this mostly an Android exposure?

Duncan: Probably 90% is Android, maybe 10% is iOS. Apple has a more secured kind of walled guard for verifying and authenticating the source of applications. But it also depends on what users are accustomed to. If you go over to certain geographies in the world, people may not necessarily always go to the iTunes store. There are a lot of third-party websites where even iOS apps are cheaper or they’re free.