How to Protect Your Agency’s Digital Security

Insurance Journal's Tech Talk column is made possible in part by the generous support of ITC

Most agencies can’t afford to employ an information technology (IT) specialist. Luckily when it comes to most security and privacy issues, they may not need one. Most agency systems have built-in protections. However, agents need to stay vigilant, focused and use common sense to address the most common and preventable threats.

“Agents will get slaughtered if they don’t pay attention,” says Steve Aronson of Aronson Insurance of Needham, Mass. Aronson is a tech expert and serves on several national committees (Agents Council on Technology (ACT), Association for Cooperative Operations Research and Development (ACORD), ACORD Users Group Information Exchange (AUGIE) and NetVU) and lectures at insurance conferences around the country.

“For example, it’s critical to change passwords every 60 days,” he says. “All desktops should have their own individual password, and they should all be different – not as part of a pattern.”

Aronson also suggests an online tool to manage passwords if they are secure.

“Agents need to think about the ways that information comes into an agency, the way it is used, and then how it is stored – they all present challenges,” says Jason Hoeppner of agency consultant B.H. Burke & Co. Inc. “The most pressing area is how well agents protect information when it is in transit. For example, is their email or text secure? Are they protecting any paper documents they take outside of their controlled environment (his/her office)? What technology and best practices are they using to protect it?”

Hoeppner is a member of the CT ASCnet (Applied Systems Community Network) and active in AUGIE and ACT.

Hoeppner says “given enough time and enough intent and regardless of how buttoned up an agency’s internal security is, anyone can cause a security breach.

The good news is that if you are more protected than the next agency, or any other business that deals with personal information, you are much less of a target.”

“It’s not just someone hacking into a website,” says Ted Joyce of Richmond, Va.-based Insurance Agency Services LLC. “I don’t have a big staff, so I’m scared to death of an employee doing something they shouldn’t. I am concerned that we are not throwing sensitive information into the dumpster or a producer losing their laptop with all their information.”

“I use a shredder for everything, ” Joyce says. “I don’t have sensitive information lying around in open files. We discuss security and privacy issues at every staff meeting, even if it’s a small issue, so everyone understands that it’s a top priority.”

Joyce also reviews and updates the agency’s own insurance coverages to avoid gaps.

Hoeppner says at a minimum, agencies must keep up-to-date on their management systems, rating platforms, operating system, antivirus and malware software, and any other support platforms they use. Agencies also should conduct a self-assessment on how well they protect their information, including procedures and their physical security. Any problems should be addressed and fixed as quickly, and as economically feasible, as possible.

Ample resources are available, including ACT and AUGIE, and, depending on the type of technology, system and software vendors and an agency’s carriers as well.

This is the fourth of a series on technology issues facing agents. The focus is on practical solutions on many fronts, including the customer experience, privacy and security.