To continue providing the best in data security and availability for an ever-expanding Partner XE user base, Strategic Insurance Software (SIS) has upgraded data hosting capabilities and increased capacity in the cloud computing infrastructure supported by SIS partner Expedient Data Centers.
“We’re building out for growth,” said SIS CEO Alex Deak. “This expansion is a result of our continued success in attracting new independent insurance agencies to Partner XE and underscores our continuing commitment to provide our clients with secure, reliable, leading edge technology to assist in operating their business.”
SIS has partnered with Expedient since 2012 because of their expertise in IT infrastructure outsourcing and proven network of secure data centers. Partner XE, a leading agency management system, and all associated client data are housed on Expedient’s highest capacity cloud computing infrastructure.
“SIS has always been a forward-thinking client.” Bryan Smith, Regional Vice President for Expedient said. “It’s been great to be able to provide them a platform that is designed to scale as their business needs change.”
Through additional investment in Expedient services including cloud computing, colocation, disaster recovery, firewall, offsite backups, and archiving, SIS is maintaining and building upon their dedication to protecting data integrity. Partner XE users can be certain that their data will remain secure and available.
“We know we can count on SIS,” said Michael Sweere, President of the National Association of SIS Partner Agents (NASPA). “They do everything they can to deliver the reliable, always available computing resources we need.”
About SIS: Headquartered in Columbus, Ohio, SIS is the team behind Partner XE insurance software – an innovative web-based insurance agency management system that helps independent agencies streamline workflow and grow their business. Built on a foundation of strong technology and exceptional service, we’re moving forward with a constant eye on innovation that will make independent agents’ lives easier.
About Expedient Data Centers: Expedient operates a network of eight nationwide data centers in six markets (Pittsburgh (2), Cleveland (2), Boston, Baltimore, Indianapolis and Columbus). Their suite of managed services include virtualization, cloud computing, remote backups, management of equipment, storage area networks, disaster recovery and more. These proven managed services combined with reliable and redundant geographically-diverse SSAE-16 SOC 2 compliant data centers enable Expedient to deliver premier colocation, network and managed services to enterprise, commercial, education and government entities. Expedient is a wholly owned by Landmark Media Enterprises of Norfolk, VA. To learn more about Expedient please log on to http://www.expedient.com.
As an independent insurance agency, your number one priority is client care. You need to make sure your clients are getting the best service, at the best price, and ensure their personal information is safe in your hands. Our rapidly digitized world makes this final task increasingly difficult, and it’s your job to take the necessary steps to ensure your clients’ data is secure.
Federal, state and local legislation set up policies to protect client data. You need to be aware of and comply with these policies, and go beyond to create your own agency standards. Our latest eGuide outlines major legislation governing data security and provides you with practical tips and tools to bring your agency above and beyond.
Check it out here, along with our other eGuides, covering topics such as engaging in marketing on a limited budget and improving agency efficiency through cloud apps.
We are always interested in providing you with the latest industry news, tips, and tools and would love to hear from you on what your agency needs to know. Contact us today to share about topics of interest, provide feedback, or just to get in conversation about how we can better serve you.
Mobile devices and “free” Wi-Fi at airports, coffee shops, and hotels have made doing business on-the-go easier and more effective. However, with the good must come the bad, and such on-the-go access comes with many potential security risks.
As an independent insurance agency, you have a commitment to client security. In addition, as a HIPPA compliant agency, you must adopt written privacy procedures for all your employees to follow – including when they are doing business via mobile devices and public Wi-Fi. To help you stay compliant and secure, we’ve complied the top tips to stay secure on-the-go.
1. Stay Away from “Free” Wi-Fi
When accessing Wi-Fi, stay away from networks labeled “free”. You should instead looks for the network named by the establishment (i.e. Columbus Airport, Starbucks). When prompted, be sure to select “Public Network”. This adds additional protection to make your device as undetectable as possible.
2. Don’t Access Secure Files
As a rule, you should never access highly secure data (i.e. personal identification information) on a mobile devices or public Wi-Fi, and you definitely shouldn’t save any such files on your device. As a security measure, your agency can ensure remote wiping is available for all devices in cases of theft. This wipes a users’ personal data (contacts, SIM-card, stored data) from a device no matter its location.
3. Use Double and Triple Password Protection
When accessing information on-the-go, you can never have too many passwords. At the very least, your employees should have a complex password on any mobile devices used for agency business, but it is a good idea to have additional passwords granting access to applications. Use of an encryption browser extension, like HTTPS Everywhere, adds an extra layer of security to every site you visit, increasing your protection against data theft.
4. Use a VPN
A Virtual Private Network, or VPN, is a private network that you can access anywhere. By investing in a VPN service, you can be ensured your employees are always accessing a secure network no matter where they do agency business. Check out HotSpot Shield and ProXPN as potential providers.
5. Access Via Your Agency Management System
If you agency management system provides mobile access, use it as a means to get the data you need. Since it’s already set up with a server firewall and anti-malware protection, it’s the safest way to view and store any client information.
For more tips on data protection, check out our previous posts on the topic. We know data protection and security are important issues for you, your agency, and your clients. We’ve made efforts to ensure Partner XE is as secure as possible, including providing protected mobile access for all users. To hear more about our data safety and security measures, contact us today!
One of the best and most effective ways to keep digital data secure is through using password and permissions protection. As mentioned in our previous post, it is important to store all client data in your agency management system or in an encrypted hard drive/folder, all of which require passwords to access. This level of protection makes it that much more difficult for data to be stolen or leaked.
In order for your passwords and permissions to be effective, you need to make sure they are strong and secure. The first step is to set a strong password. According to Microsoft, strong passwords should be:
- Unique from other passwords you use
- Not a familiar word or name (i.e. name of your street)
- Contain an uppercase letter, lowercase letter, number and symbol
- Be at least 8 characters long
Once you have a strong password set, be sure to change your password often. Have an agency policy and make sure your employees stick to it. It is best to change your passwords every 3 to 9 months. Many agencies simply look to their agency management systems, which are generally pre-set to prompt password changes on a regular basis, to set the tone. However, if you feel your password has been compromised, or if there is a threat such as the Heartbleed virus, you should change your password immediately.
Another way to protect data is to control your permissions well. This means understanding the access levels of your agency management system or encrypted drives and limiting access to only those who absolutely need it. In the same vein, educate your agency employees to never share passwords.
In addition, disable old user immediately. When someone leaves your agency, they should no longer have access to your agency’s records. You may not be able to (or want to) delete the user for record keeping purposes, but disabling means it can’t be used to log in anymore. By disabling these users, you are ensuring your agency’s data is accessed only by current employees, who are bound by contracts to protect that data.
Although it may seem simple, another way to maintain data security is to log out after you have finished. This simple action effectively closes the door, and makes it more difficult to access information. This is especially important should you devices be stolen or your drives compromised.
You will likely have many passwords, and it might be tough to remember each one. However, DO NOT WRITE DOWN your passwords! Instead, try some of these password protection tools to keep you organized and secure.
- LastPass – Creates a secure ID on your computer that will remember your passwords and log you in using hashtag algorithms along with an encryption key, all of which is saved on your computer.
- SignOn Once – Creation of the ID Federation, a non-profit group of carriers, solution providers, industry associations and agencies. Uses a digital identity provided by a trusted Identity Provider to authenticate your agency with carriers and other business partners in place of passwords.
- Agency Management Systems – Can link your carrier site passwords so that when you change your master password for your agency management system, you retain your real time access to carrier sites.
Partner XE is a great example of a data security conscious agency management system with its multi-level permissions, auto-log off and password management features. To find out more about how Partner XE can help your agency be both efficient and secure, contact us today!
As an independent insurance agency, you hold a significant amount of personal information related to your clients. Names, addresses, driver’s license and social security numbers are found together, making clients vulnerable if anyone else was to get their hands on your system. And, if you’re on top of your game, it is likely you’re holding most of this information in the cloud. Although the cloud provides a host of benefits to you and your clients, it can be, without proper due process, a security risk for your agency.
What to Watch For
Cloud security breaches can put a black mark on your agency, causing you to lose clients, money, and your reputation, not to mention the potential legal implications. To avoid this, you should become well versed on laws surrounding data security and keep your policies, procedures and systems up to date. Current legislation around data security includes:
Protecting You and Your Clients
To keep you and your clients safe from security breaches, be sure to have policies in place around data storage and keep clients and employees informed. It’s also important to know your cloud provider well, and make sure they are complying with your state and agency policies. Here are some steps to keep your agency’s data secure:
1. Establish Procedures
- Set up clear E&O policies, and keep them updated
- Establish protocol for data moving from the cloud to personal devices
- Set who is authorized to access what data and when
- Know when and how to destroy old data
2. Inform Your People
- Keep clients and employees informed of data policies
- Know how to identify and inform should a security breach occur
- Inform of security procedures and levels of protection
3. Vet Your Provider
- Know your provider’s policies on accessing and sharing data
- Find out how and when your provider destroys data
- Ensure your provider has regular back-up procedures and disaster recovery
- Know how your provider addresses security breaches, especially in terms of altering your agency
4. Use Multiple Layers
- Have multi-layered encryption in place when accessing sensitive data
- Use multi-character, alphanumeric passwords at different levels
- Enact an E&O policy for all agents that covers breaches on your end, and for your provider
- Go for more security than you think you need – this is where “better safe than sorry” really comes in to play
When it comes to cloud providers and data security, most agencies think first of their agency management system. This is where your clients’ sensitive information is held, so you need to be sure it is secure. We at SIS know these security risks and have partnered with world class data center provider Expedient Data Centers to keep Partner XE backed up and secure. To find out more about our data security measures, contact us at email@example.com or 800.747.9273.
Upholding client privacy and security has always been important for independent insurance agencies, and recent security breaches in other sectors have brought these issues to the forefront. This is especially true with e-signatures. Although e-signing provides great benefits to both client and agency, it is important to know and comply with the rules and regulations guarding this practice.
Currently, the legislation guarding e-signature security include:
- HIPAA (Health Insurance Portability and Accountability Act)
- ESIGN (Electronic Signatures in Global and National Commerce Act)
- UETA (Uniform Electronic Transactions Act)
Although many states have adopted the above legislation, each varies. Some states may not have enacted all the above, and others may have additional legislation. It’s important to check out your individual state(s)’ legislation regarding electronic transactions.
Check Your Compliance
With numerous items of legislation covering e-signature security, it may seem daunting to cover everything. However, the Electronic Signature and Records Association outlines some of the important areas to cover to protect your agency and your clients.
1. User Authentication
Make sure client identity is verified through a pre-created username and password, each with complex multi-character alphanumeric codes. You may choose to ask for other verification information such as date of birth or social security number prior to signing.
2. Document Validity
It is important to ensure documents do not change after signing. This protects both your agency and your clients. Ensure all signed documents are locked and include timestamps that verify signature date and time.
3. Evidence of Process
There have been cases in which contracts were deemed invalid due to a lack of user authentication and document validity proof. To prevent against this, it is helpful to use a system that captures each step of the e-sign process. This includes items such as send date/time, page views, and timestamp of signature. This high level of detail will ensure your contacts hold up in court.
4. Proof of Compliance
Compliance items are outlined in the above legislation, and generally apply to alerting the client of terms and conditions such as:
- Right to sign paper copies
- Notice of hardware/software requirements for e-signatures
- Agreement to e-sign
In order to stay fully compliant, the client’s signature must be present on the same page listing the terms and conditions of e-signing, and both should be connected to the signed document. Keeping the terms and conditions, the document, and the client’s signature all in one place means easier verification of compliance and validity for your agency, your client and any third-part reviewers.
5. Transmission Security
As the document moves back and forth, it is important to maintain security. The best form of security is your agency management system due to its password protection and data-encrypted security. However, documents in transit may be on your mobile device or laptop for a short time, so it is best to create an encrypted folder or hard drive to store documents in the meantime. CNET keeps a current list of encryption software (complete with user ratings) that will allow you to create an encrypted folder or hard drive for temporary storage.
The best way to stay in compliance with e-signature standards and maintain high security is to choose an outside provider to focus on this important area of your independent insurance agency’s business. We at SIS. Also, as you strive for security, be careful of overkill. Some agencies make the mistake of adding in so many complex security barriers that potential clients may be turned away.
At SIS, we take security very seriously. We partner with RPost for e-signatures because it’s simple, secure, and effective, just like our Partner XE agency management system. Partner XE blends security with usability so you can feel confident and streamline your workflow at the same time. To find out more about Partner XE’s security and usability features, contact us at 800.747.9273 or firstname.lastname@example.org.