Skip Ribbon Commands
Skip to main content
None

Five Tech Pet Peeves That Can Dog Your Firm

Author: Mele Fuller
 
Do you realize that every one of the individuals whose personal data was accessed on the Anthem site will have to spend ­the rest of their lives watching their backs? With name, address, date of birth and Social Security number, anyone can have access to your birth certificate and thereby steal your identity. OK, the address may change over the years, but current addresses can be found on hundreds of websites. The only thing that can’t be duplicated is a Social Security card. Hopefully yours is in a safe deposit box.
This just drives me to the more general “things that bug me” about careless use of industry technology. Let’s look at my top five.
 
1.   The ACORD AL3 standards (used for policy download) still include fields for credit card name, number, expiration date and the security verification code as well as all the customer and bank information to set up Electronic Funds Transfer (EFT). With the security issues that we are dealing with today, there is no reason to send this data in download. No carrier should be doing this. Why don’t we delete the fields from download? By the way, the same can be said for Social Security numbers.
 
2.   Along the same line, why does an agency want to store a customer’s Social Security number? I’m sorry—if you remarket a product, ask the customer for the information again. You can improve customer relations by saying you don’t store sensitive personal data. Going a step further, how are you protecting your insured’s name/address/driver’s license? If someone gets that information, they can go to the department of motor vehicles and get a license in that name and be your “customer” in many ways.
 
3.   How many agencies operating with in-house automation (versus a cloud-based system) have not encrypted their databases? These systems include enough information to steal identities. An encrypted database is a major part of breach regulations, and it helps protect an agency against lawsuits if their system and/or data is hacked. Did any of these agencies read the comment a couple years ago that when a small business’s data is compromised 40% of those businesses fail within a year? That’s scary.
 
4.   How many agencies have put a paper shredder at every desk in the office? Everything with a name, address or any personal information should be shredded. One central shredder is too easy to forget as you leave work in a hurry. Trash cans at desks should be very small. Anything to encourage the destruction of paper. And there are very reasonably priced shredders available today.
 
5.   Maybe what is most frightening are the number of agencies that use one password for their systems and/or their carriers’ sites because it’s too much work to maintain more than one. This is the old story of the staff member who leaves the agency in less than the best of circumstances and uses that password to steal or damage the agency’s data. I heard an agency say, in the last couple months, that individual passwords are too much trouble. And why aren’t we using two-level security? Particularly if you have off-site workers, shouldn’t you be certain it is the right person logging into your system? Whether you ask a “secret question,” return a second security code or recognize incoming IP addresses, do something to protect your agency and your customer’s data.
 
While I think most agencies are very conscious of the need to protect their customers’ data and many have security procedures, there are quite a few that don’t. Even if only 10% are careless, it reflects on all independent agents, and it can hurt a lot of people. A breach can potentially put an agency out of business. For those who still have no security procedures, get a copy of ACT’s “The Independent Agent’s Guide to Systems Security”. That’s a start. Who knows—you may find yourself motivated to take cyber security to the next level, and that’s an important step up for all of us.
 
Mele Fuller heads MLF Data Services and is a consultant to ACT.
image 
 
​127 South Peyton Street
Alexandria VA 22314
​phone: 800.221.7917
fax: 703.683.7556
email: info@iiaba.net

Follow Us!


​Empowering Trusted Choice®
Independent Insurance Agents.