Tech Tips is a regular feature on our blog, courtesy of IIANC Technology Consultant, George Robertson, CISR. George has more than 25 years of experience in the insurance and technology industry, with 12 of those being a fellow independent agency owner.
If there is one single thing any agency can do to better safeguard their data, it is to follow good password practices. Creating strong passwords and changing passwords regularly helps to prevent unauthorized access to consumer data.
- Use strong passwords/passphrases. Having a strong password is an essential step in providing tighter security. It is amazing that many of the top passwords being used today are “password”, “123456”, “letmein” and “welcome”. Creating a strong password should begin with a few simple requirements. Make sure it contains upper and lower case letters, some symbols, and numeric characters. Password phrases are another good way to create strong passwords. Take a phrase like “I love the beach,” add a few capital letters, symbols and numbers and then you have a very strong password. (ILove#thebeach2018!).
- Enable Multi Factor Authentication where possible. Multi factor authentication provides an extra layer of security that requires at least two pieces of information to authenticate the security process. The first step is to use your regular password process and then the second step requires a random pin. Pins can be generated on mobile devices, emails or text messages. Once the pin is sent, the individual will enter the pin to gain access. Several carriers and many agency management system vendors are implementing two factor authentications.
- Do not reuse passwords or use the same password on multiple sites. Many of us use the same password on multiple sites. With the number of sites we have to provide passwords for, this makes it easy for individuals to remember. However, it also makes it easier for hackers to gain access to your accounts. Imagine if a hacker gained access from a security breach to your email password and then logged in to your bank account using your email and password pair. Would they gain access to your financial data? Using a strong and unique password for each site you visit will help to eliminate this potential hazard. To help manage your numerous passwords, you can implement a password manager.
- Select a password manager. Password managers have been out for several years and allow users to manage their passwords on multiple sites. Some password managers will even detect weak and duplicate passwords allowing you to update and manage your password lists. If you can not think of a good password, a password generator is provided to give you a strong password. There are many products on the market for this. Some of the top names in this sector are: Dashlane, LastPass and Keeper. You might find others that you like better, but those are just a few in recent reviews.
- Change passwords. Having a policy that requires your staff to change passwords on a regular basis is another great way to help safeguard your agency data. Although this might be viewed by some as an inconvenience, using a password manager will help eliminate some of the pain. This process will certainly provide better data security.
- Create a Password Policy. Every agency should establish a password policy and hold staff accountable for implementation. As part of your security plan, it is highly encouraged to have in place a policy for password creation and limiting the time a password can be used on any given site.