Given the number of data breaches at both large corporations and small businesses, online security is paramount for independent insurance agents who want to protect their clients and follow the appropriate regulations and laws. So how can you make that happen?
There are several things you can do to protect your computer network and your servers, but a lot of it starts with having the right kind of security on your website.
If you’ve been paying attention to your internet browser bar, you might have noticed that a lot of your favorite websites now start with HTTPS, instead of regular old HTTP (see below). They also have a little green padlock to show that the site is protected by encryption, which helps protect consumers and businesses against cyber theft.
For most hackers, attacks on HTTPS connections are very difficult and expensive. Plain HTTP connections, however, “can be easily intercepted and modified by anyone involved in the network connection, and so attacks can be carried out at large scale and at low cost.”
This is why, especially if you use Google Chrome as your web browser, you may have seen alerts about unsecured websites that may be vulnerable to attack or hacking.
You’re seeing the ‘S’ in HTTPS in action. The ‘S’ means Secure, which signifies the site has been secured with an SSL, or secure sockets layer certificate. That’s a certificate that encrypts and protects sensitive information as it flows between the website and its customers. In other words, it puts an encryption lock on the website so that all the personal information within is protected from hacking or online theft — even in transit.
SSL certificates encrypt nearly all information sent between your client and an SSL-secured website. Hackers can still analyze data like time spent on the site or the relative size of user input, but they won’t be able to see data such as names, credit card numbers and passwords. And this is what they’re really after.
GoDaddy describes what an SSL does this way:
When a website visitor enters an SSL-protected area of your website, your SSL certificate automatically creates an encrypted connection with the visitor’s browser. Once the connection is secure, a padlock icon and HTTPS prefix appear in the visitor’s browser bar to show them they’re safe to share personal details. All information passing to and from your website is now scrambled by 2048-bit encryption that’s virtually unbreakable by hackers.
In short, if you’re sending or collecting personally identifiable information — name, address, email, phone, Social Security number, password, credit card or bank account numbers — over the Internet, you absolutely must have an SSL in place.
This is doubly significant for independent insurance agents who also sell mutual funds, annuities, wealth management products, and retirement and estate planning because your websites send and receive highly sensitive information.
There are banking regulations you have to follow, including the security of personal information.
Why independent insurance agents need SSLs
While it might seem as if SSLs primarily benefit clients by helping keep their personally identifiable info from falling into the hands of hackers, they actually protect both you and your customers. Here’s why you need one:
To keep client information safe.
For one thing, an SSL is going to protect your clients. It’s going to help keep names, addresses, emails and social security numbers safe from unscrupulous types who are constantly on the lookout for information to steal. An SSL helps you protect them from having their identity stolen and their personal credit ruined.
To protect your own business reputation.
Think of how damaging it can be to your own business reputation if your system gets hacked and dozens, or even hundreds, of your clients have their personal information stolen. Not only could this be reported in your local media, but word will definitely spread from your affected clients to their friends and neighbors (and further, thanks to social media). And they’ll all be telling the story about how your website got hacked, which will only damage your reputation further.
To avoid having your websites flagged as unsafe by Google.
Google now takes internet security very seriously, and they will flag your website as unsafe for new visitors if it accepts personal information but doesn’t have an SSL certificate. You can imagine the impression a big red X is likely to make on insurance shoppers who see your Google listing on Chrome — and it won’t be good. They’re going to turn and run away.
To improve your rankings on search engines.
Google is already looking at over 200 different signals to determine your website’s search ranking, including things like page load speed, whether it’s mobile-friendly and ease of navigation. So they’ll certainly look at whether your website is SSL-certified. Certified sites rank better than non-certified sites, so if you want good web traffic, you’ll get the SSL.
To avoid financial liability for any losses clients suffer as a result of stolen data.
I’ve written about cyber liability insurance in the past — something independent insurance agents should be selling anyway — and frankly, this last point scares me to death. When there’s a data breach, the affected company has to notify the authorities and then is responsible for notifying all the affected customers.
Depending on what services you offer at your agency, including wealth management, that could end up being hundreds, if not a few thousand, clients. You’re responsible for any financial liability for your clients’ losses, and you’re even required to provide credit monitoring for one year. (Luckily that will be covered by your cyber liability insurance.)
How to choose the right SSL
Ultimately there are several factors that go into choosing the right SSL for your agency. A lot of it depends on what you plan to do with your website and how much protection you actually need.
There are five types of SSL certificates, and GoDaddy can help you with all of them.
Standard Domain Validation SSL (DV)
Perfect for blogs and personal websites, domain validation is the quickest of all the SSLs to get because the only thing a Certificate Authority like GoDaddy needs to confirm is that you own the domain name used for the website. Still, a hacker isn’t likely to pass that test, are they? All SSL certs encrypt data flowing to and from your site. They reassure customers by displaying a padlock icon in the user’s browser bar and improve your site’s Google rankings.
Deluxe Organization Validation SSL (OV)
Ideal for information-only websites that don’t sell things (e.g. education, non-profit websites, etc.), these certificates validate both your ownership of the domain name and the existence of your organization. Same as DV certs, OV certs encrypt data flowing to and from your site, reassure customers by showing a padlock icon in their browser bar and improve your site’s Google rankings.
Premium Extended Validation SSL (EV)
Recommended for financial websites (e.g. banking, loan, etc.) and eCommerce sites that accept payments online, this certificate validates your ownership of the domain name and the legitimacy of your business through a stringent process conducted by an actual human (a test that no hacker could hope to pass). Like the other SSLs, this one encrypts data flowing to and from your site. In addition to the lock icon, it also turns the user’s browser bar green, a high-visibility security sign.
Multiple Domain SSL (SAN/UCC)
Designed for those who need to secure multiple domain names and websites, Multi Domain SSL certs can protect (for example) LilysBikes.com, LilysBikeShop.com and Lilys.bike. The information your customers submit to any of these sites will be safe. These certs are also sometimes called Unified Communication Certificate (UCC) SSLs.
Best for websites with subdomains, such as Shop.LilysBikes.com or Help.LilysBikes.com. The Wildcard protects one website and all its related pages. One Wildcard SSL protects an unlimited number of servers and subdomains. Wildcard SSLs provide the same encryption strength and visual security cues as the other GoDaddy SSLs.
Don’t let this to-do slide
Independent insurance agents are on their own for a lot of things — including web development, IT management and web security. Don’t overlook these, because they’re some of the most important areas of running your business.
If you don’t have the time or know-how to set up your own SSL and secure website, I highly recommend you work with an IT security specialist who can make all of this work for you. At the very least, install an Organization Validation SSL Certificate (if you go with GoDaddy, you can do this yourself).
Then check out GoDaddy’s Website Security, powered by Sucuri, which includes malware scanning to keep your site safe from malware, viruses and malicious attacks. These two will go a long way toward making your website secure and giving both you and your customers peace of mind.
Also published on Medium.