Euclid Strengthens HIPAA and NYDFS Compliance and Security Requirements with SCORE Assessment

Leveraging the Intelligent Tools in Microsoft 365

Written By // Eric Jandacek

Itasca, IL

With the government issuing the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation in August of 2017, Euclid was facing increasing pressure to harden their security posture to meet new compliance regulations and standards.

To continue to support their mission, Euclid sought to increase their overall security posture in the face of modern threats and meet new compliance regulations before federal deadlines.

Euclid Insurance Services, Inc. an Itasca, IL-based General Agent and Program Administrator helps over 4,000 insurance brokers find the right insurance products for their clients. Since 1952, the company’s mission has been to provide their clients with best-in-class products and service.

As Insurance continues to be one of the most regulated industries, Euclid was facing increasing pressure to harden their security posture to meet new compliance regulations and standards, as well as support their mission of providing best-in-class products and services to their clients.

In response to changing compliance laws, Euclid was investing more time in manually managing and monitoring security issues. This process was not only labor-intensive but prone to human error. It was estimated that, for just one of their many providers, Euclid’s internal IT team was spending more than 10 hours per week on compliance-related activities. Additional hours would be needed to document each manual process as well.

Beyond compliance challenges, Euclid had their own set concerns with how well they were defending against modern threats. As the sophistication, scope, and aggressiveness of cyberattacks continued to intensify, the serious financial and reputational risks associated with a security breach continued to escalate.

With the government issuing the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation in August of 2017, which required companies like Euclid to comply with new cybersecurity standards, Euclid knew quick action was required to remain compliant.

Getting Started with Advanced Cyber Security

Euclid recognized that their current tools and processes were not sustainable for meeting compliance regulations and managing the ever-evolving threat-landscape of today. While they were eager to make a change, like most midsize organizations, they struggled with knowing where to begin.

They knew they could benefit from working with a partner who had been successful at improving the security “score” of countless other customers, so they tapped their existing relationship with SWC as a Managed Services customer to help them evaluate, analyze, and roadmap a solution to bring them to compliance and reduce their risk of a cyberattack.

Threat-Based Security Scoring

SWC’s unique approach to threat-based security scoring used a customized SCORE framework to evaluate Euclid’s ability to defend against modern security threats, establish how their current solutions were protecting them, and show how to leverage Microsoft 365 to increase their protection.

SWC performed a data-driven assessment of over 210 of Euclid’s security controls (e.g., authentication methods, physical access, role-based permissions) against the company’s most common security threats (e.g., credential harvesting, ransomware/malware, accidental data leaks). SCORE was then used to establish a baseline using the following assessments:

  • Sensitive Data Identification: SWC reviewed the data that would be most enticing to attackers and that had the most potential to cause harm if compromised.
  • Control Review: SWC assessed Euclid’s environment and identified the status of 210 potential security controls.
  • Organizational Readiness by Attack Method: SWC classified the attack strategies the organization’s environment was vulnerable to and mapped them back to controls they already had in place.
  • Risk Protection Grading: SWC provided a calculation of Euclid’s current state of protection in their security controls.
  • Evaluation and Recommendations: SWC mapped technology investments that would improve their controls and calculated a new potential SCORE for their organization.

Improving Cybersecurity in the Cloud

One of the biggest initiatives that resulted from the SCORE assessment was to move Euclid’s most mission-critical business applications to Azure in the cloud. SWC leveraged Azure Active Directory, which would reduce the number of security solutions required to manage the customer environment. This enabled Euclid to leverage Microsoft 365 to enhance and automate many of the security controls that were needed to meet compliance and protect against modern threats. Technical integrations including Intelligent Security Graph, Secure Score, Azure SQL Database, App Service, and Functions were also implemented.

SWC’s SCORE security solution allowed us to clearly identify where we should be making security investments and how to get the maximum benefit with Microsoft solutions. Our security needs around NYDFS are important to our business. SWC has been able to help us increase our overall security posture and meet compliance regulations before federal deadlines.

– Maureen Dunn, Chief Operations Officer, Euclid Insurance Services

Tapping Microsoft 365 to Make Security Better and Easier

By leveraging the built-in security features of Microsoft 365, Euclid can now rely on self-healing technology to monitor, detect, diagnose, and resolve issues without requiring IT intervention. In the event that the technology is unable to fix the issue, the system will proactively alert the right teams to ensure the problem is resolved quickly.

This use of automation and artificial intelligence in Microsoft 365 has not only reduced the risk of cyberattack, but also freed up their internal IT resources to focus on strategic initiatives rather than manually completing compliance-related activities. What once took 10 hours to respond to an audit now takes less than 1 hour; and due to the effectiveness of the intelligent cloud, Euclid is now able to meet auditor’s expectations with virtually no follow-up work required.

Microsoft, along with SWC, have a value proposition that allows us to focus on our business while they focus on providing us with seamless, secure, and scalable solutions so that we can continue our cloud journey.

– Maureen Dunn, Chief Operations Officer, Euclid Insurance Services

Ongoing Security Management

Beyond addressing their immediate security, compliance, and operational concerns, Euclid’s security engagement with SWC has proven to be a powerful partnership as the company continues to plan for the future.

The team is able to use benchmarks and goals established in the SCORE assessment to help their team communicate ongoing progress to the board. With the help of SWC’s Managed Defense, Euclid continues to build a more flexible, stable, and reliable architecture in the cloud to streamline business operations and protect against modern threats.

We look forward to partnering with SWC and Microsoft to incorporate additional Microsoft 365 features to empower our employees, along with Azure solutions to better securely engage our customers.

– Maureen Dunn, Chief Operations Officer, Euclid Insurance Services

Questions? Get in Touch