5 Best Practices to Improve Protection of Customer Information
In today’s digital environment, insurance agencies are tasked with the responsibility of safeguarding their customers’ personal information. This includes maintaining compliance with state and federal privacy and data breach notification laws and regulations.
Here are five best practices your agency can implement to better mitigate the risk of a data breach and protect customer data.
Change passwords every 30 to 45 days.
Mixing up passwords every month or so may seem like common knowledge, but is your agency actually doing it? Establish an agency protocol that mandates that everyone in your office must change their passwords on a regular basis. Set a schedule and stick to it. Here’s how to create a strong password.
Always log out when away from the computer.
Even a bulletproof password is worthless if a user is logged in and gives anyone walking by their desk an opportunity to accesses personal data. Make it a policy for everyone to log out before stepping away from their desk – always. Consider setting up a logout feature that automatically locks a system if it remains inactive for a defined period of time, say every 15 minutes.
Install good security software on every device.
An effective security program should include internet and server firewall data protection, malware, and anti-virus protection, as well as weekly security patch updates. Don’t forget to include protection for all devices and for every producer who uses a phone, laptop, and tablet to conduct business.
Protect outbound data with Transport Layer Security (TLS).
It’s not unusual for insurance agencies to send personal and confidential information over the computer. A strategy for safely sending and receiving data can include TLS to encrypt emails. TLS is the industry-recommended secure email solution for agencies where there are frequent email communications going back and forth, such as between agencies and carriers. Several companies offer TLS certificates with various security features, so you can decide which is right for you.
Be selective in who has access to agency information.
Is it necessary for you to give access to your agency’s database to everyone in the office? For example, does the temp who comes in on occasion to make cold calls need access to your customer management system? Understand the levels of permission certain individuals should have in order to perform the necessary functions of their job.
In today’s digital environment, it’s critical to train employees on security risks that your agency may encounter. This includes creating an enterprise-wide commitment to adhering to the agency’s policies and procedures.