Tech Tips will be a regular feature on our blog, courtesy of IIANC Technology Consultant, George Robertson, CISR. George has more than 25 years of experience in the insurance and technology industry, with 12 of those being a fellow independent agency owner.
Recently, you might have received a request from a carrier or vendor asking if your agency is using multi-factor authentication (MFA). Within several state and industry data security standards, MFA is now becoming a requirement for compliance. Probably the best way to describe MFA is when you are using your Gmail account – once you enter your username and password, you are sent a code via text or email to enter allowing validation you are the rightful owner of the account. In summary, MFA is the process of validating a user by two or more processes allowing the user access to secure data.
As vendors and carriers begin to add this feature to their systems, agents must make sure they implement this new security measure. By adding multifactor to systems, it will require agents to key in a security code either received by email or text into their system to gain access. Some may think this is an added burden, but it has become a more secure method for protecting access to data-sensitive systems.
At this time, there are two main methods for implementing multifactor: texting and email. If your agency selects texting, make sure the smartphones are owned by the agency. Each staff person will be required to have their phone nearby when accessing any system requiring multifactor. Upon receiving the secure code via text, the user will need to enter the code within an allotted time to gain access. Email is another method of usage and can be used by all staff with email access. When using this method, make sure the email account is controlled by the agency. This will allow the agency to discontinue access easily if the staff member leaves the agency.
Benefits of MFA
Strengthened security is one of the main benefits of MFA. Hackers will have a difficult time trying to access two or more methods of security to access agency data. Most implementations of MFA have a required time element to enter the secure code. If the hacker can not gain this information quickly, they will be denied access.
Compliance is another benefit of MFA implementation. As more states and industry standards continue to add MFA to their requirements, agents must adhere to this standard. Make sure that all systems with personal identifiable information and private healthcare information are secured by MFA standards.
MFA is one part of providing secure access to agency data. Implementation is a key factor and each agency will need to address the best suited execution for their agency. Make sure that any remote access to agency systems have MFA implemented and tested for verification. Once implemented, this will assist an agency in helping to protect personal identifiable information.