Identity Management in a Remote Workforce
The coronavirus pandemic closed the lights on many offices and agencies, forcing entire workforces to work from home with little to no preparation. But at Parry Insurance, we’ve (surprisingly) found that pivoting to a fully remote workforce for our employees is just as effective and productive for our team.
Initially, we activated VPN connections on our employees’ home computers back to our agency. We implemented a new voice-over-IP phone system within one month of working remotely. We increased communication, adding weekly water cooler Zoom meetings to our schedules. Now, we are in the process of deploying agency workstations with VPN connections and our standard security configurations to our at-home employees to shore up connectivity back to our agency.
One issue that continues to cause a snag is data security and identity management.
There is no standardization in the independent agency world when it comes to identity and password management. Each carrier deploys its own criteria for login credentials, including how often the individual passwords expire and how often they need to be reset.
This issue became highly critical when our team all shifted to working from home, disrupting our existing processes around identity management. As an independent agency representing multiple carriers, we have unique credentials for each employee with each carrier. User code and password management has its own set of challenges when you’re together in the agency. Multiply this by employees working remotely at various locations, and it adds a completely new layer of complexity.
“With … virtually the entire industry working remotely, we must prioritize our attention to cybersecurity and identity management.”
A recent paper by Aon and CyberCube, “Pandemic under the Microscope: A Focus on the Cyber Risk Impacts of Working from Home,” explained that the pandemic “exposed new access points for cyber criminals to gain access to systems, exploit distracted individuals and potentially wreak havoc through new critical infrastructures.” According to Aon, insurers are still experiencing a rapid rise in ransomware claims over the last 18 months — and working from home may exacerbate this response, by delaying the timeliness of incident response.
Plus, consider the report’s examples from the employee’s perspective:
- Deciphering the difference between “work” and “play” is more difficult.
- Working many hours can lead to fatigue and more mistakes.
- Using new apps and tools for virtual work means using cloud applications more broadly, oftentimes without oversight from employers.
With our entire office — and virtually the entire industry — working remotely, we must prioritize our attention to cybersecurity and identity management.
The industry’s solution, SignOn Once by ID Federation, enables the agency owner to manage the user IDs and tokens within the management system. It’s more secure and management maintains control over who has access to which systems. It provides a more secure environment for the carriers as well. Agents are coming through their secure agency system, rather than using the internet, many times, without antivirus software installed.
SignOn Once enables a more secure connection between our agency management system and our carriers. If the federated model were more widespread, the management of those user IDs and tokens would be a lot easier.
COVID-19 has thrust the “digital agency” front and center — the genie is out of the bottle and remote operations will be here to stay in some form or fashion. To prepare for that inevitable future, we should promote security and the use of SignOn Once to our carriers so we can minimize risk.