In this eGuide, we’ll hit on the major legislation regarding data security for insurance agencies,and provide tips and tools to help keep your agency compliant and your clients protected.
2. 2
CONTENTS
E–Signature Security................................................................ 4
Passwords and Permission Protection..................................... 8
Cloud Data Safety...................................................................11
Mobile Data Safeguards......................................................... 15
3. 3
In our
digitized times,
data is flowing freely.
Easy online access from wireless hot spots and mobile devices has given us the ability to send
and receive more and more information, increasing our communication and exposing us to
potential data threats.
Independent insurance providers must be aware of these risks, and take every precaution to
ensure client data security. Legislation is in place to protect consumers, and insurance providers
should be aware of, and follow, these regulations.
In this eGuide, we’ll hit on the major legislation regarding data security for insurance agencies,
and provide tips and tools to help keep your agency compliant and your clients protected.
5. 5
E–Signature Security
E–signing provides great benefits to both client and agency. It is important to know and
comply with the rules and regulations guarding this practice.
Currently, the legislation guarding e–signature security includes:
n HIPAA (Health Insurance Portability and Accountability Act)
n ESIGN (Electronic Signatures in Global and National Commerce Act)
n UETA (Uniform Electronic Transactions Act)
NOTE: Although many states have adopted the above legislation, each varies. Some
states may not have enacted all the above, and others may have additional legislation.
It’s important to check out your individual state(s)’ legislation regarding electronic
transactions.
6. 6
E–Signature Security
Check Your Compliance
With numerous items of legislation covering e–signature security, it may seem daunting to cover
everything. However, the Electronic Signature and Records Association outlines some of the important
areas to cover to protect your agency and your clients.
1
Make sure client identity is verified through a pre–created username and password, each with complex
multi–character alphanumeric codes. You may choose to ask for other verification information such as
date of birth or social security number prior to signing.
2
3
User Authentication
Document Validity
It is important to ensure documents do not change after signing. This protects both your agency and your
clients. Ensure all signed documents are locked and include timestamps that verify signature date and time.
Evidence of Process
Use a system that captures each step of the e–sign process to ensure your contacts hold up in court.
7. 7
E–Signature Security
4
5
Proof of Compliance
Keep the terms and conditions, the document, and the client’s signature all in one place for easier
verification of compliance and validity for your agency, your client and any third–part reviewers.
Transmission Security
As the document moves back and forth, the best form of security is your agency management system
due to its password protection and data–encrypted security. Also, CNET keeps a current list of encryption
software that will allow you to create an encrypted folder or hard drive for temporary storage.
9. 9
Passwords and Permission Protection
One of the best and most effective ways to keep digital data secure is through using password and
permissions protection.
Set a strong password
A strong password is unique, contains upper and lower case letters, a number and a symbol, is
at least eight characters long, and is not a familiar word or name.
Change your password often
It is best to change your passwords every 3 to 9 months. If your password has been compromised,
or if there is a threat such as the Heartbleed virus, change your password immediately.
Control permissions
Understand the access levels of your agency management system or encrypted drives and limit
access to only those who absolutely need it.
Never share passwords.
Sharing passwords might seem like a good idea—until you find out that the co–worker you
trusted isn’t quite who you thought he was.
Disable old users immediately
Ensure your agency’s data is accessed only by current employees, who are bound by contracts
to protect that data.
Log out
This simple action effectively closes the door, and makes it more difficult to access information.
This is especially important should you devices be stolen or your drives compromised.
10. 10
Passwords and Permission Protection
NEVER WRITE DOWN YOUR PASSWORDS!
Try one of these password protection tools to keep you organized and secure.
n LastPass
Creates a secure ID on your computer that will remember your passwords and log you in using
hashtag algorithms along with an encryption key, all of which is saved on your computer.
n SignOn Once
Uses a digital identity provided by a trusted identity provider to authenticate your agency with
carriers and other business partners in place of passwords.
n Agency Management Systems
Links your carrier site passwords so that when you change your master password for your
agency management system, you retain your real time access to carrier sites.
12. 12
Cloud Data Safety
What to Watch For
Cloud security breaches can put a black mark on your agency.
To avoid this, you should become well versed on laws surrounding
data security and keep your policies, procedures and systems up to date.
Current legislation around data security includes:
n Federal Trade Commission (FTC) Guidelines
These guidelines were recently updated to keep up with current technology.
n State specific legislation
Each state has its own data security regulations, and your agency should be
aware of the specifics for each state in which you operate.
n Data Disclosure Acts
Electronic Communications Privacy Act (EPCA), the Store Communications Act,
and the USA PATRIOT ACT can all be used by the government to obtain private data.
13. 13
Cloud Data Safety
Protecting You and Your Clients
Here are some steps to keep your agency’s data secure:
1
2
Establish Procedures
n Set up clear E&O policies, and keep them updated.
n Set who is authorized to access what data and when.
n Know when and how to destroy old data.
Inform Your People
n Keep clients and employees informed of data policies.
n Know how to identify and inform should a security breach occur.
n Inform of security procedures and levels of protection.
14. 14
Cloud Data Safety
3
4
Vet Your Provider
n Know your provider’s policies on accessing /sharing data, and when data is destroyed.
n Ensure your provider has regular back–up procedures and disaster recovery.
n Know how your provider addresses security breaches, especially in terms of altering
your agency.
Use Multiple Layers
n Have multi–layered encryption in place when accessing sensitive data.
n Use multi–character, alphanumeric passwords at different levels.
n Go for more security than you think you need – this is where “better safe than sorry”
really comes in to play.
16. 16
Mobile Data Safeguards
To help you stay compliant and secure, we’ve complied the top tips to stay secure on–the–go.
1
Stay away from networks labeled “free” and instead look for the network named by the establishment
(i.e. Columbus Airport, Starbucks). When prompted, be sure to select “Public Network” as this adds
protection to make your device as undetectable as possible.
2
Never access highly secure data on a mobile devices or public Wi–Fi, and don’t save any such files on your
device. Your agency should ensure remote wiping is available for all devices in cases of theft. This wipes a
users’ personal data (contacts, SIM–card, stored data) from a device no matter its location.
3
Stay Away from “Free” Wi–Fi
Don’t Access Secure Files
Use Double and Triple Password Protection
Your employees should have at least one complex password on any mobile devices used for agency
business, but it is a good idea to have additional passwords granting access to applications. Use an
encryption browser extension, like HTTPS Everywhere, that adds an extra layer of security to every site you
visit, increasing your protection against data theft.
17. 17
Mobile Data Safeguards
4
A Virtual Private Network, or VPN, is a private network that you can access anywhere. By investing in a
VPN service, you can be ensured your employees are always accessing a secure network no matter where
they do agency business. Check out HotSpot Shield and ProXPN as potential providers.
5
Use a VPN
Access Via Your Agency Management System
If your agency management system provides mobile access, use it as a means to get the data you need.
Since it’s already set up with a server firewall and anti–malware protection, it’s the safest way to view and
store any client information.
18. 18
By staying informed of legislation and
keeping up on the latest data security
measures, you can rest assured that
your agency is doing its best to keep
data safe and secure.
19. 19
About SIS
Headquartered in Columbus, Ohio, Strategic Insurance Software (SIS) is the team behind Partner XE—
an innovative and secure web–based insurance agency management system that helps independent
agencies streamline workflow and grow their business. Built on a foundation of strong technology and
exceptional service, we’re moving forward with a constant eye on innovation that will make independent
agents’ lives easier.
About Partner XE
Supporting downloads from nearly 300 carriers, real time interaction, integrated agency accounting,
and much more, Partner XE is a full–featured agency management system at an affordable cost for the
independent insurance agency. For more information, please visit www.sisware.com
4181 Arlingate Plaza, Columbus, Ohio 43228 | 800.747.9273 | www.sisware.com