This article was originally published in the Mar 2007 edition of The Agent Newsline, a publication of Westfield Insurance.
When John retired last month, when Sue left the company, when Sam moved into another department, did their access rights get updated? Or can they still log onto the computer and see your customers’ confidential information? Can they log onto one of your partner web sites and prospect against your customers?
Identity and rights management is a complex and serious problem for any company with more than a few employees. Federal and state regulations require that private customer information be protected based on a business need-to-know. Social Security numbers, credit scores and driver license numbers are just a few of the fields that are considered private. If your employees, contractors or support staff have access to files or programs holding that kind of data, I recommend creating a plan to make sure that only the right employees have access.
Here are suggestions to help keep your data safe:
- Keep a current list of users for your systems.
- If you have a user who no longer needs access, you should remove the name from the list of authorized users. According to Secret Service Internet crime statistics, most penetrations of electronic systems are carried out by former insiders whose access was not properly shut down. Make someone responsible for changing access rights whenever an employee’s status changes to ensure users do not keep rights they should no longer have.
- Keep an employee access checklist of all carriers’ systems, bank systems industry web sites, etc.
- Make sure that they also know of the employee’s status change. A sample checklist with some of the most common considerations is available on Agent’s Web Passport* and can be used as a template to build or expand your own list.
* Agent’s Web Passport is a proprietary web portal for independent agents affiliated with Westfield Insurance. The sample checklist is not currently available through this blog.
Leave a Reply