Word is spreading about the importance of multifactor authentication (MFA) for the independent agency channel, its customers and its business partners. It’s gone from a novelty several years ago to a nice-to-have security feature more recently and now, a must-have for many business partners in the channel.
In fact, a 2022 Agents Council for Technology (ACT) survey found that 60% of carriers are now implementing MFA for agent interactions such as for carrier-agent portals.
Agents should care about MFA because it provides additional layers of security in a risky world. And one of our core responsibilities is to protect the privacy of our clients and their data.
A recent article from PIA (Professional Insurance Agents) Northeast had some important information on the topic, and I want to highlight two items.
First, the article defines MFA as “a method of authenticating users on an information system and requires them to go through multiple steps to access that information system. Commonly, this is accomplished through a combination of a username and password, followed by a requirement for the user to prove his or her identity again through a notification sent to his or her mobile device or by inputting an additional code.”
The article also noted: “Often, MFA is the first and best defense against a cyberattack.” That’s a strong statement — and timely given today’s significant cyber-risks from hacking. As I’ll explain below, data security is now job No. 1 for every independent agency.
MFA helps us protect first-party systems (what the agency subscribes to directly) such as policy administration, sales, phone and email. We also are obligated to cooperate with third-party systems (those operated by others such as insurance companies and premium finance companies) that also must protect agencies’ client information.
Agencies, industry groups such as ACT, and carriers throughout the independent agent channel agree on the value of MFA. But implementation has been spotty. The ACT survey mentioned above found that agencies are looking for a consistent solution — the adoption of one method among the many carriers and service providers across the industry.
One difficulty agencies face is the process of provisioning and deprovisioning staff members with MFA-based credentials for third-party systems. Setting up a new agency employee or producer with multiple carrier partners can take days. And adding a person across multiple carriers’ systems has always been difficult. The additional requirement of provisioning MFA credentials, while beneficial, adds to an agency’s logistical difficulties.
ID Federation offers an approach that allows an agency to provision and deprovision online identities securely and readily across multiple carriers. It’s up to us as agents to request that our carrier partners consider offering a federated identity approach.
Keith Savino, CPIA, is managing partner of PCF Insurance Services – Broadfield Insurance. He is a cyber practice leader and insurtech advisor. As a partner, he focuses on risks in the areas of cyber liability, professional liability and executive lines as well as high net worth personal lines. PCF Insurance was ranked the 13th largest property-casualty insurance agency by Insurance Journal for 2022 and ranked 118 of the INC 5000 for 2022.He can be reached at: keiths@broadfieldinsurance.com.
