With the recent hacks of high profile insurers and retailers, data security has become headline news. As an independent agent, you are responsible for ensuring the security of any data you have in your possession.
Below are some recommendations for how to ensure your clients’ data is protected.
Password protect any computers or mobile devices that can access client information – Any devices that can access client information should be secured. Every device will allow you to set a password or passcode, and some devices may also allow alternate methods like security patterns or fingerprint scans. Remember that this doesn’t just apply to computers. Smart phones and tablets that can access your email or address book should also be secured.
Keep your software updated – Software developers do their best to fix any security issues or add protection against new threats as quickly as possible, but it’s still your responsibility to make sure that those updates are installed as soon as they become available. It’s also important to pay attention to when developers end support for older software. For example, Microsoft stopped releasing security updates for Windows XP in April of 2014.
Use only secure wi-fi networks – Any time you access an open or public wireless network, other people may potentially be able to access your data. Fake networks in cafes or other public places are also a popular way for identity thieves to gather information. If you must use a network that is not secured, do not access any client data while you’re connected.
Limit access to client data – If you have employees or family members who have access to your computer, mobile devices, or your office in general, do your best to limit the information they can access. Set up separate accounts on computers so that you can limit access to only necessary data, and keep close track of mobile devices.
Only transmit client data by secure email or fax – Any time client personal information needs to be sent to another party, it must be sent either via secure email or by fax. Even if you’re sending the information to the client themselves, it must be sent securely in case the email is intercepted or accessed inappropriately.
Lock hard copy files in file cabinets or a separate file room – Many hard copies of applications or client policy information may still need to be kept to comply with records retention requirements. Invest in a locking file cabinet, or keep files in a separate room that can be locked. Also, don’t leave client files sitting out unattended while you’re working if your desk or other workspace can be accessed by other people.
Keeping client data secure does require some extra steps, but those extra steps can save you and your clients expensive and time consuming problems.