The following is a summary of Episode 29 of The Digital Broker, an Indio produced podcast hosted by industry veterans, Steve Anderson and Ryan Deeds.
In this episode, we discuss email technology management. Specifically, you will learn:
- How a DMARC and an archive can save your company time and money.
- How to handle underwriters who refuse encrypted email.
- Noninvasive ways to monitor employee use of work email on personal devices.
Whether you’re a large organization or a small one, the content of your email is so sensitive that you need to take email technology seriously, so bear the following questions in mind when assessing it:
ARE YOU USING A DMARC? (3:09)
Spam, phishing, and malware have become so commonplace, a lot of people are now wary to click on anything that comes through email because they’ve gotten burned so many times in the past. A DMARC is simply a better way to verify that the sender is who they say they are. This reduces the amount of junk that gets through, so your staff doesn’t even have to see it. It’s unlikely to keep out all imposters—some will invariably figure out a way to get through—but the reduction is significant enough to be a great relief to your staff.
There is a downside. Emails that weren’t bouncing before might begin to do so (5:54). Ryan saw this happen firsthand. After his agency installed a DMARC, some of his clients couldn’t communicate with him anymore and flooded the account managers with calls complaining that the agency’s email system was broken. This can be frustrating, but it doesn’t have to last forever if your IT department stays on it.
To reduce your clients’ discomfort, we recommend informing them ahead of time of your upcoming DMARC installation and guiding them through steps to take if they find their emails bouncing. They’ll appreciate the heads-up and might be pleased by your conscientiousness.
ARE YOU USING ENCRYPTION? (7:14)
Many carriers encrypt email on the employee benefits side, but it’s been slower to catch on for P&C even as that’s gotten more data heavy. Ask why, and you’re likely to hear account managers say that clients don’t like to deal with encryption because it requires some action on the recipient’s part.
What we found, however, is that clients don’t mind dealing with this all that much, and some of them actually appreciate it. The real pushback is coming from the underwriters at the carriers (8:29). They can’t forward the encrypted email to a processing team and would, therefore, need to extract the documents, reattach them, and send. Some underwriters are so loath to do this that they make it a point simply not to accept encrypted email. (Ryan found this out the hard way on one of the worst days of his life.)
If you’re a broker or an agency, you need to stand your ground on this. An agency is an advocate for the client (9:31), and it’s our responsibility to protect clients’ information and let them feel comfortable that we did everything in our power to secure and encrypt that information for them.
The next time a carrier refuses to accept encrypted email, ask to speak to the carrier’s CSO and say you need something in writing that indemnifies your agency from the carrier’s refusal to accept encrypted email (9:56). See what happens.
(We discuss some of your encryption options at 11:21 in this episode.)
ARE YOU MONITORING EMAIL ON MOBILE? (14:06)
It is one thing to deal with email on an office computer, but what happens when employees take their work home with them—which usually entails taking work email on their cell phones?
Some organizations cope with this by assigning separate, company-owned phones to their employees. If your organization isn’t ready to go that far, you still need to go to some lengths to monitor what your employees can do with email on their personal devices.
This can be an uncomfortable conversation, and our personal philosophy is the less we need to do with your phone, the better, but you don’t have to feel like Big Brother just for bringing it up (16:46). It is common, for example, for C-Level to email a list of prospects to a producer. What happens if that producer is let go? Is the list still accessible on their phone, enabling them to take it to a competitor? Since you’re not at liberty to wipe a former employee’s phone, you need to do what you can to contain sensitive or proprietary material within your organization’s network and minimize the ease with which it can be taken out of it.
Mobile Device Management (MDM) applications exist to help you do just that, enforcing compliance between employee devices and the organization’s rules. We discuss some of your options, such as Zixone, Sophos, and Good for Enterprise, at 17:30 of this episode, but it is up to you to evaluate what’s best for your organization based on the email client you’re using.
ARE YOU ARCHIVING? (22:20)
An email archive is the truth of the agency. Every inbound and outbound email is captured and stored in a central location where anybody (who’s authorized) can go search for it and retrieve it.
The benefits of this are pretty evident in the event of litigation, compliance, etc.—you simply fetch all the relevant emails within a date range and hand the batch over to your legal team. A lesser-stated benefit is an impact on operational efficiency (23:52).
The incumbent mindset in the insurance industry is “document, document, document everything,” but this can confuse as to who’s supposed to be doing the documenting and where it all ends up. Many employees take it upon themselves to create their own CYA folders because they’re nervous about deleting anything that they might have to come back to later. An archive relieves them of that preoccupation and frees up their time.
It also reduces the number of emails your staff has to attach to client files—maybe not down to zero, but the agency can now deliberate over what needs to be attached. Certain things, like certification requests, aren’t as important to attach when you’ve got an archive capturing them. Since attaching is so process-intensive, the book of business increases for those who are able to leave some items unattached because an archive is taking care of them (25:35).
Some of these measures might appear to be nice-to-haves, but in our opinion, many of them are need-to-haves. The pain points are worth enduring: not only will the benefits win out in the long run, but the implementation of these measures will show customers, regulators, and your own staff that you did everything you could to help your organization.
Nothing is as easy as pushing one button and everything works, but remember what an old mentor of Ryan’s used to say: the most secure computer is the one that’s turned off. Try to secure your organization as much possible while retaining the max amount of usability and functionality.
Start Using Indio Today
Find out why agents everywhere are talking about Indio.