Your agency data is worth more than you think. And, while there aren't many regulations yet on cybersecurity, securing your clients’ data is just good business practice. ITC CEO Laird Rixford discusses how you can protect your agency data against cybersecurity threats.
- Why Data Security is Critical to Your Agency
- 5 Steps to Secure Your Agency Data
- Better Passwords: The First Step in Securing Your Data
The internet is great for many things. Like cute cat videos. Easier communication with our friends and family who live far away. Entertainment and shopping at our fingertips.
But, the internet has also brought more risk and not just for consumers. Businesses are at a risk now more than ever for data breaches, phishing scams and more. And, the insurance industry is no exception.
While we don’t have many regulations yet on cybersecurity, there are data breach laws. And, there are other rules and regulations for privacy and security concerns… HIPAA and FINRA are examples.
But, regardless of the rules and regulations, securing your clients’ data is just good business practice.
Your agency data is worth more than you think. You have so much information hackers would love to get. Think about what’s in your agency management system, comparative rater, and any other insurance agency software you use.
If your agency had a data breach, what could happen? Well, a couple things.
For your clients: At best, they might be the target of phishing emails and scam calls. At worst, they may become victims of fraud or identity theft.
For your agency there will be financial impact. Data breach laws require you to pay a fine per incident. Each client exposed in the breach counts as an incident so those fines add up quickly.
Then, there’s the costs of lawyers, notifying clients and improving your security. It’s not uncommon for a data breach to put a small business out of business.
If the financial impact doesn’t put you out of business, there is also the reputational damage to consider. That damage can affect your future sales.
Being a small business doesn’t protect you from a data breach. It makes the impact to your agency more severe because it is likely you won’t survive the costs and damage to your reputation.
But, there are steps you can take now to protect your agency and your clients’ data. You don’t have to wait until your state department of insurance passes a regulation mandating a cybersecurity plan.
When you create a cybersecurity program, there should be three parts.
First, there’s the information security plan. What are you going to do to protect your clients' data? This can include requiring everyone to change their computer passwords every 90 days and using two-factor authentication when available, among other actions.
Next is your data breach response plan. What actions will you take in the event of a data breach?
The final part is the third-party standards for your technology vendors. What standards are you going to hold them to?
You can get help creating your cybersecurity program if you need it. Check with your state association to see what resources they have. Also, talk to your IT team.
But, you also have to do more than plan. You will also need to train your employees.
Help them understand it is an important and serious issue. Show them what to do and what to watch for. Hold them accountable to your security plan.
Review your plans once or twice a year to make sure they stay up to date with new technology and threats.
A failure to plan is a plan to fail. Take the time to protect your agency and your clients by creating a cybersecurity program. It might save your business.