1

Data Security

for the Independent

Insurance Agency

2

CONTENTSE–Signature Security ............................................................... 4

Passwords and Permission Protection .................................... 8

Cloud Data Safety ..................................................................11

Mobile Data Safeguards ........................................................ 15

3

In our digitized times,

data is flowing freely.

Easy online access from wireless hot spots and mobile devices has given us the ability to send and receive more and more information, increasing our communication and exposing us to potential data threats.

Independent insurance providers must be aware of these risks, and take every precaution to ensure client data security. Legislation is in place to protect consumers, and insurance providers should be aware of, and follow, these regulations.

In this eGuide, we’ll hit on the major legislation regarding data security for insurance agencies, and provide tips and tools to help keep your agency compliant and your clients protected.

4

E–Signature Security

5

E–signing provides great benefits to both client and agency. It is important to know and comply with the rules and regulations guarding this practice.

Currently, the legislation guarding e–signature security includes:

n HIPAA (Health Insurance Portability and Accountability Act)

n ESIGN (Electronic Signatures in Global and National Commerce Act)

n UETA (Uniform Electronic Transactions Act)

NOTE: Although many states have adopted the above legislation, each varies. Some states may not have enacted all the above, and others may have additional legislation. It’s important to check out your individual state(s)’ legislation regarding electronic transactions.

E–Signature Security

6

Check Your Compliance With numerous items of legislation covering e–signature security, it may seem daunting to cover everything. However, the Electronic Signature and Records Association outlines some of the important areas to cover to protect your agency and your clients.

1

2

3

User Authentication

Document Validity

Evidence of Process

Make sure client identity is verified through a pre–created username and password, each with complex multi–character alphanumeric codes. You may choose to ask for other verification information such as date of birth or social security number prior to signing.

It is important to ensure documents do not change after signing. This protects both your agency and your clients. Ensure all signed documents are locked and include timestamps that verify signature date and time.

Use a system that captures each step of the e–sign process to ensure your contacts hold up in court.

E–Signature Security

7

E–Signature Security

4

5

Proof of Compliance

Transmission Security

Keep the terms and conditions, the document, and the client’s signature all in one place for easier verification of compliance and validity for your agency, your client and any third–part reviewers.

As the document moves back and forth, the best form of security is your agency management system due to its password protection and data–encrypted security. Also, CNET keeps a current list of encryption software that will allow you to create an encrypted folder or hard drive for temporary storage.

8

Passwords and Permission Protection

9

Passwords and Permission Protection

One of the best and most effective ways to keep digital data secure is through using password and permissions protection.

Set a strong password A strong password is unique, contains upper and lower case letters, a number and a symbol, is at least eight characters long, and is not a familiar word or name.

Change your password often It is best to change your passwords every 3 to 9 months. If your password has been compromised, or if there is a threat such as the Heartbleed virus, change your password immediately.

Control permissions Understand the access levels of your agency management system or encrypted drives and limit access to only those who absolutely need it.

Never share passwords. Sharing passwords might seem like a good idea—until you find out that the co–worker you trusted isn’t quite who you thought he was.

Disable old users immediately Ensure your agency’s data is accessed only by current employees, who are bound by contracts to protect that data.

Log out This simple action effectively closes the door, and makes it more difficult to access information. This is especially important should you devices be stolen or your drives compromised.

10

Passwords and Permission Protection

NEVER WRITE DOWN YOUR PASSWORDS!

Try one of these password protection tools to keep you organized and secure.

n LastPass Creates a secure ID on your computer that will remember your passwords and log you in using hashtag algorithms along with an encryption key, all of which is saved on your computer.

n SignOn Once Uses a digital identity provided by a trusted identity provider to authenticate your agency with carriers and other business partners in place of passwords.

n Agency Management Systems Links your carrier site passwords so that when you change your master password for your agency management system, you retain your real time access to carrier sites.

11

Cloud Data Safety

12

Cloud Data Safety

What to Watch ForCloud security breaches can put a black mark on your agency. To avoid this, you should become well versed on laws surrounding data security and keep your policies, procedures and systems up to date.

Current legislation around data security includes:

n Federal Trade Commission (FTC) Guidelines These guidelines were recently updated to keep up with current technology.

n State specific legislation Each state has its own data security regulations, and your agency should be aware of the specifics for each state in which you operate.

n Data Disclosure Acts Electronic Communications Privacy Act (EPCA), the Store Communications Act, and the USA PATRIOT ACT can all be used by the government to obtain private data.

13

Cloud Data Safety

Protecting You and Your ClientsHere are some steps to keep your agency’s data secure:

1

2

Establish Procedures

Inform Your People

n Set up clear E&O policies, and keep them updated.

n Set who is authorized to access what data and when.

n Know when and how to destroy old data.

n Keep clients and employees informed of data policies.

n Know how to identify and inform should a security breach occur.

n Inform of security procedures and levels of protection.

14

Cloud Data Safety

3

4

Vet Your Provider

Use Multiple Layers

n Know your provider’s policies on accessing /sharing data, and when data is destroyed.

n Ensure your provider has regular back–up procedures and disaster recovery.

n Know how your provider addresses security breaches, especially in terms of altering your agency.

n Have multi–layered encryption in place when accessing sensitive data.

n Use multi–character, alphanumeric passwords at different levels.

n Go for more security than you think you need – this is where “better safe than sorry” really comes in to play.

15

Mobile Data Safeguards

16

Mobile Data Safeguards

To help you stay compliant and secure, we’ve complied the top tips to stay secure on–the–go.

1

2

3

Stay Away from “Free” Wi–Fi

Don’t Access Secure Files

Use Double and Triple Password Protection

Stay away from networks labeled “free” and instead look for the network named by the establishment (i.e. Columbus Airport, Starbucks). When prompted, be sure to select “Public Network” as this adds protection to make your device as undetectable as possible.

Never access highly secure data on a mobile devices or public Wi–Fi, and don’t save any such files on your device. Your agency should ensure remote wiping is available for all devices in cases of theft. This wipes a users’ personal data (contacts, SIM–card, stored data) from a device no matter its location.

Your employees should have at least one complex password on any mobile devices used for agency business, but it is a good idea to have additional passwords granting access to applications. Use an encryption browser extension, like HTTPS Everywhere, that adds an extra layer of security to every site you visit, increasing your protection against data theft.

17

Mobile Data Safeguards

4

5

Use a VPN

Access Via Your Agency Management System

A Virtual Private Network, or VPN, is a private network that you can access anywhere. By investing in a VPN service, you can be ensured your employees are always accessing a secure network no matter where they do agency business. Check out HotSpot Shield and ProXPN as potential providers.

If your agency management system provides mobile access, use it as a means to get the data you need. Since it’s already set up with a server firewall and anti–malware protection, it’s the safest way to view and store any client information.

18

By staying informed of legislation and keeping up on the latest data security measures, you can rest assured that your agency is doing its best to keep

data safe and secure.

19

About SISHeadquartered in Columbus, Ohio, Strategic Insurance Software (SIS) is the team behind Partner XE—

an innovative and secure web–based insurance agency management system that helps independent

agencies streamline workflow and grow their business. Built on a foundation of strong technology and

exceptional service, we’re moving forward with a constant eye on innovation that will make independent

agents’ lives easier.

About Partner XESupporting downloads from nearly 300 carriers, real time interaction, integrated agency accounting,

and much more, Partner XE is a full–featured agency management system at an affordable cost for the

independent insurance agency. For more information, please visit www.sisware.com

4181 Arlingate Plaza, Columbus, Ohio 43228 | 800.747.9273 | www.sisware.com