Multifactor authentication (MFA) is now a widely used method across industries and technology systems. Why? It’s an easily implemented way to add a layer of security beyond the standard login with a user ID and password.
MFA is proving effective in combating cyber risk for independent agents as well as other users throughout the insurance industry. Adding another layer of security can prevent many cyberattacks: As many as 90% of the breaches can be avoided if users employ more than just an ID and password, according to the federal government.
The Independent Insurance Agents of Arizona recently held an online townhall event on the topics of MFA and cybersecurity. Panelists were Jim Rogers from The Hartford, Ryan Smith from Adar IT/Rigid Bits Cybersecurity, moderator Chris Cline from the Big I’s Agents Council for Technology (ACT) and me.
In addition to MFA, we at the townhall event discussed the state of cyber risk and regulation, why companies are taking action, how that is impacting independent agencies, and how agencies can lean into the topic.
Here is part 1 of 2 blogs about the event.
Key points made during this event are relevant to the independent insurance agent community:
Cline noted cybersecurity “is something that’s in the news all the time. If you watch 60 Minutes more than once or twice a month you are already getting some sort of scary news segment about what’s going on in the realm of bad actors and how all of our [online activities] are being tracked and shared [and] identities are being stolen and used in unsavory ways.”
“The threat hackers out there compromising IDs” have driven carriers to turn to MFA as an additional security measure, according to Rogers. The insurance industry competes on product, claims and service, he noted, but “we don’t want to compete on security. That’s the one area where we all try to help each other out and keep our industry out of the news” about cyber incidents.
Smith, making an analogy between cybersecurity and natural disaster, advised: “Don’t think about the types of storms that might hit your home. Think about ways you can reinforce your home. You have all these different things that could happen, but we need to think about ways to reinforce” the assets and operations in the independent agent channel.
One point addressed during the webinar was whether agents view MFA as an impediment to efficiency, since it requires an extra step for logging in to carrier or business partner websites. I noted that ID Federation’s trust framework allows MFA to be implemented in a common manner across carriers.
As noted in the Agency Universe Study, agencies work with an average of 10 carriers for personal lines and six for commercial lines. The SignOn OnceTM process from ID Federation provides a way to reduce numerous different MFA processes down to one.
Smith said: “We’re giving up efficiency [when implementing MFA] because those efficiencies give us weaknesses” and that makes it “harder for you [as an agent]. But it’s that much harder for the attackers, and that’s what we want. We have to sacrifice a little convenience here to make sure that we’re protecting ourselves. And that goes with every decision we make with security.”
Listen to ACT’s MFA and Cybersecurity Townhall session here: https://www.independentagent.com/ACT/Pages/webinars/act-webinars.aspx
Alvito Vaz is executive director of the ID Federation. He has had over 30 years of leadership in the insurance industry with technology positions at Progressive and Travelers. His involvement in the agency automation space has included working with comparative rater and management system solution providers. As a member of ACORD’s Property & Casualty Steering Committee, he was engaged in the insurance standards setting process. An inaugural member of IIABA’s Agents Council for Technology (ACT), he has chaired and participated in ACT workgroups. Alvito continues to champion the use of standards to improve operational efficiency across the IA channel.
