As an independent insurance agency, you hold a significant amount of personal information related to your clients. Names, addresses, driver’s license and social security numbers are found together, making clients vulnerable if anyone else was to get their hands on your system. And, if you’re on top of your game, it is likely you’re holding most of this information in the cloud. Although the cloud provides a host of benefits to you and your clients, it can be, without proper due process, a security risk for your agency.
What to Watch For
Cloud security breaches can put a black mark on your agency, causing you to lose clients, money, and your reputation, not to mention the potential legal implications. To avoid this, you should become well versed on laws surrounding data security and keep your policies, procedures and systems up to date. Current legislation around data security includes:
- Federal Trade Commission (FTC) Guidelines – These guidelines were recently updated to keep up with current technology
- State specific legislation – Each state has its own data security regulations, and your agency should be aware of the specifics for each state in which you operate
- Data Disclosure Acts – Electronic Communications Privacy Act (EPCA), the Store Communications Act, and the USA PATRIOT ACT can all be used by the government to obtain private data, and you should be aware of these legal regulations
Protecting You and Your Clients
To keep you and your clients safe from security breaches, be sure to have policies in place around data storage and keep clients and employees informed. It’s also important to know your cloud provider well, and make sure they are complying with your state and agency policies. Here are some steps to keep your agency’s data secure:
1. Establish Procedures
- Set up clear E&O policies, and keep them updated
- Establish protocol for data moving from the cloud to personal devices
- Set who is authorized to access what data and when
- Know when and how to destroy old data
2. Inform Your People
- Keep clients and employees informed of data policies
- Know how to identify and inform should a security breach occur
- Inform of security procedures and levels of protection
3. Vet Your Provider
- Know your provider’s policies on accessing and sharing data
- Find out how and when your provider destroys data
- Ensure your provider has regular back-up procedures and disaster recovery
- Know how your provider addresses security breaches, especially in terms of altering your agency
4. Use Multiple Layers
- Have multi-layered encryption in place when accessing sensitive data
- Use multi-character, alphanumeric passwords at different levels
- Enact an E&O policy for all agents that covers breaches on your end, and for your provider
- Go for more security than you think you need – this is where “better safe than sorry” really comes in to play
When it comes to cloud providers and data security, most agencies think first of their agency management system. This is where your clients’ sensitive information is held, so you need to be sure it is secure. We at SIS know these security risks and have partnered with world class data center provider Expedient Data Centers to keep Partner XE backed up and secure. To find out more about our data security measures, contact us at [email protected] or 800.747.9273.
