One of the best and most effective ways to keep digital data secure is through using password and permissions protection. As mentioned in our previous post, it is important to store all client data in your agency management system or in an encrypted hard drive/folder, all of which require passwords to access. This level of protection makes it that much more difficult for data to be stolen or leaked.
In order for your passwords and permissions to be effective, you need to make sure they are strong and secure. The first step is to set a strong password. According to Microsoft, strong passwords should be:
- Unique from other passwords you use
- Not a familiar word or name (i.e. name of your street)
- Contain an uppercase letter, lowercase letter, number and symbol
- Be at least 8 characters long
Once you have a strong password set, be sure to change your password often. Have an agency policy and make sure your employees stick to it. It is best to change your passwords every 3 to 9 months. Many agencies simply look to their agency management systems, which are generally pre-set to prompt password changes on a regular basis, to set the tone. However, if you feel your password has been compromised, or if there is a threat such as the Heartbleed virus, you should change your password immediately.
Another way to protect data is to control your permissions well. This means understanding the access levels of your agency management system or encrypted drives and limiting access to only those who absolutely need it. In the same vein, educate your agency employees to never share passwords.
In addition, disable old user immediately. When someone leaves your agency, they should no longer have access to your agency’s records. You may not be able to (or want to) delete the user for record keeping purposes, but disabling means it can’t be used to log in anymore. By disabling these users, you are ensuring your agency’s data is accessed only by current employees, who are bound by contracts to protect that data.
Although it may seem simple, another way to maintain data security is to log out after you have finished. This simple action effectively closes the door, and makes it more difficult to access information. This is especially important should you devices be stolen or your drives compromised.
You will likely have many passwords, and it might be tough to remember each one. However, DO NOT WRITE DOWN your passwords! Instead, try some of these password protection tools to keep you organized and secure.
- LastPass – Creates a secure ID on your computer that will remember your passwords and log you in using hashtag algorithms along with an encryption key, all of which is saved on your computer.
- SignOn Once – Creation of the ID Federation, a non-profit group of carriers, solution providers, industry associations and agencies. Uses a digital identity provided by a trusted Identity Provider to authenticate your agency with carriers and other business partners in place of passwords.
- Agency Management Systems – Can link your carrier site passwords so that when you change your master password for your agency management system, you retain your real time access to carrier sites.
Partner XE is a great example of a data security conscious agency management system with its multi-level permissions, auto-log off and password management features. To find out more about how Partner XE can help your agency be both efficient and secure, contact us today!
