None

Security and Privacy

​This section of the ACT website includes articles on agency information security, implementing secure email with TLS and general information security articles.

NEW SECURITY RESOURCE FOR INDEPENDENT AGENTS  

 

 

 

 

Get Started: Agency Information Security Plan Development Materials

Related Webinars

 

Articles & webinars on Secure Email using TLS

 

 Related Content

You can browse the content below or do a search for topic relevant for you.

 

----------------------------------------------------------------------------------------------------------------

 Security Issues Pocket Guide and Summary Guide

ACT How do you best protect your agency from cyber threats and prepare your agency to recover should disaster strike? The ACT Security Issues Work Group has collected the following resources to help you protect your agency against tomorrow's threats. Understand risks, discover solutions and check out the wealth of resources available.  

Independent insurance agents & brokers deal with sensitive client information every day. For many insurance transactions, consumers must disclose confidential personal information that they would not normally or willingly disclose even to close personal friends. This puts the burden on agents and brokers to properly collect and protect this information which means complying with state and federal regulations as well as adhering to customer service best practice standards. Handling sensitive information is now one of the most critical responsibilities faced by the modern insurance agency. This guide, available to Big 'I' members, will help you understand threats and create policies and procedures to protect your agency from a cyber threat and prepare your agency for recovery should a threat occur.
We continue to receive information on new iterations of ransomware, this time called WannaCrypt (also referred to as ‘WannaCry’) that has been making the rounds since this past Friday, impacting computers worldwide. This worm, code named EternalBlue, is a remote code execution attack taking advantage of a vulnerability in Windows.
In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater. In order to be as secure as possible, we need to use good 'cyber hygiene' - that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices. The Cyber Hygiene toolkit was created by the Center for Internet Security (CIS) with input from ACT's Security Issues work group.
Password creation is becoming something of an art for most insurance agents. With the ever increasing need to update passwords for carrier websites, management systems, rating vendors, banks, and other entities, secure passwords are mandatory. Our topic for this posting is to help agents determine how to develop a strong and secure password.
With the continued usage of wireless technology, most independent agencies have incorporated wireless routers within their agency. Wireless routers allow computers to connect to the agency network to access information on the system and the internet. Potential hackers can have a field day with gaining access to your agency data if the router is not re-configured from the factory settings. In this agency security briefing, we will focus on what agency owners need to know about their wireless routers and how to resolve potential threats to your network.
Insurance company agency agreement wording for both Property Casualty agents and Group Health agents require unequivocal compliance with all current state and federal privacy and data breach response laws. Failure to do so puts the agency in potential breach of contract and liable for all claims incurred by the insurance company under the indemnification clause in their agreement. This could cause serious financial harm for most agencies and agency owners.
Agents beware - If you’re running unsupported software on your computer to access the Internet, process emails, or receive files via USB devices, you could be putting your data at risk and opening yourself up to a cyber breach.
In this June 2014 ACT article, the authors Teresa Addy and Jim Rogers share more background on SignOn Once; as an industry standard, the benefits, and guidance for carrier and vendor participation. SignOn Once is a collaborative industry effort to create a safe and standard way to secure ID/password authentication. This solution is not specific to any individual carrier or vendor, the aim is to get as many parties participating so that independent agents reap the benefits of one potential single ID and password set.
The final HIPAA Omnibus Rule which goes into effect on September 23, 2013, impacts all independent agencies which sell health insurance and which are “Business Associates” under HIPAA. ACT’s HIPAA Work Group prepared the attached article to raise agent awareness about the final HIPAA Omnibus Rule, provide guidance on the key compliance measures they should take and reference a number of resources agencies can use to help them comply. This final rule will now require HHS to conduct periodic audits of Business Associates as well as Covered Entities for compliance with HIPAA and authorizes HHS, as well as state attorney generals, to impose significant fines directly on Business Associates which are not in compliance. This article is relevant to all agencies – even if they do not sell health insurance – because it provides security measures they should take and references resources they can use to formulate their general security plans and procedures, in order to to be compliant with the federal and state privacy and data breach notification laws that do apply to them (because of the PII (personally identifiable information) that they do handle).
The authors provide nine great tips for agencies to follow to protect against data breaches, which can destroy an agency’s reputation and cost a lot of money to remedy. The article also points to resources the agency can access to get further information and to implement the recommendations. The authors seek to simplify an increasingly complex subject – laying out a series of manageable steps – in the hope that agencies will take action now to bolster their current agency security procedures where needed.
This article recommends ways agencies can secure their email and their websites when their clients' personal data is being transmitted. It defines the major types of “personal data” that should be 'encrypted' when traveling over the Internet, as well as outlines the resources that are available from ACT to assist agencies in protecting their clients' and employees' personal data
The mingling of personal devices into the business environment is now commonplace. Technologists are concerned about how the “bring your own device” (BYOD) trend influences the security of the employer’s network, applications, and data. This article gives an overview of the trend and provides some practical guidance independent agencies can use to manage the BYOD phenomenon. It discusses opportunities and risks presented by BYOD practices, which are driven by the outflanking of business technology by personal technology.
Like traditional crime, cybercrime covers a broad scope of criminal activity and can occur anytime and anyplace. What makes it different is that the crime is committed using a computer and the Internet. You may recognize some of its most common forms such as identity theft, computer viruses and phishing, and at a corporate level, computer hacking of customer databases.
This article outlines the major security risks facing computer users in hotels and wireless hotspots and outlines practical steps you can take to protect yourself in these environments.
This report discusses key issues agencies must tackle to safeguard private customer information, prevent identity theft, implement an effective security policy, and protect agency data both while at rest in the agency's systems as well as in transit to and from the agency.
The following insurance carriers have reported to ACT that they support TLS email encryption for their agencies provided the agency has also enabled TLS on their mail servers.
This article discusses the importance of agencies having and implementing a written security plan in order to protect their clients’ personal information and to meet increasingly specific state privacy requirements. The article then provides links to information and resources that will assist agencies in building a viable security strategy and plan to protect their clients and their business.
Agency websites have become a core component of the marketing strategy for many independent agencies, but they also may present errors & omissions exposures that must be managed. This article explores some of the major E&O exposures that may arise and provides several E&O tips for mitigating those risks, as well as sample website disclaimers.
A lot has been written about how agencies can use social networking tools to enhance their online marketing and market reach. This article explores how the use of social media can impact the E&O risks agencies face and recommends specific steps agencies can take to mitigate those risks, so that the agency can get the full benefit out of these new tools.
Protect your agency from E&O exposure by including a Privacy Statement & Disclaimers on your agency websites and social media sites. These sample disclaimers can be used as a starting point. For sample Privacy Statements, please review the Privacy Statement on the IIABA website as well as that used by other independent agencies and organizations. For more details on the E&O risks arising from agency websites and the use of social media, please see the ACT articles 'Don't Get Caught on the Web' and 'Agency E&O Considerations when using Social Networking' found below on this web page.
TLS Email Encryption-- Agents' Frequently Asked Questions
The world has changed for independent agents and brokers. In the past, agencies primarily had to protect the paper within the physical perimeter of their agencies. Today, most of the information an agency relies upon has been digitized; most of the work is done on computer; and the agency is connected to the outside world through the Internet. These changes have been very beneficial, but they have greatly complicated the job of protecting the security of the agency’s systems and data.
Over the past year, ACT’s Agency Security Work Group has been working to develop a business tool designed specifically to assist independent agency business leaders and their employees in understanding and protecting against the security issues they face. This new ACT Guide—“The Independent Agent’s Guide to Systems Security; What Every Agency Principal Needs to Know”—is now available for download from ACT’s website at www.independentagent.com/act. The report also includes guidance on securing outside security help, an Agency Security Risk Self-Assessment Tool, a sample Agency Information Security Policy, and steps to consider should a security breach occur.
This Plan for Agency is intended to create effective administrative, technical, electronic and physical protections to safeguard the personal information of the Agency’s Clients and employees, the Agency’s proprietary and confidential information, the physical security of our premises, and the integrity of our electronic systems so that they are best positioned to function smoothly without interruption.
While using Real Time is the best option for moving sensitive client data between agents and carriers, independent agencies and carriers still must use email in certain circumstances and are in need of workflow friendly secure email solutions. Proprietary email solutions create inefficient agency workflows, require the retention of additional passwords, and require agents to go to the carrier Web site to retrieve email. Agencies and carriers are encouraged to implement a much more efficient and cost effective approach to secure email by enabling their email servers for TLS (Transport Layer Security) email encryption. This article explains how TLS works.
Laptops, Windows based portables, and smart phones allow agents and brokers to stay in touch with their customers and offices and to have access to their agency systems from anywhere at any time. These portable devices will continue to get better and better offering larger disk storage, very convenient user interfaces, fully functional Office suites, as well as wireless Internet access, email, and Internet browsing. We expect use of these devices by agency principals and producers in the field to continue to increase dramatically.
American citizens are becoming increasingly concerned with the privacy of their health and other personal information. Clients want to know that their agents and brokers have taken the steps necessary to safeguard the private information that they obtain on them and that this information is only used for permitted business purposes.
The current disparity of carrier handling of passwords within the real-time environment is reducing the benefits of real-time workflows and is discouraging some agency employees from using Real Time. In this report, the ACT Real-Time Management Work Group makes the business case for changes in carrier and vendor password handling in the real-time environment based upon new password workflows that some carriers and vendors have already started to implement.
The purpose of this ACT report is to heighten agencies’ awareness about the importance of taking steps within their businesses to safeguard the privacy of non-public personal information about their clients and prospective clients, whether it be the individually identifiable medical information that is governed by HIPAA or other non-public personal information that is impacted by other federal and state laws.