It has recently come to our attention that certain third-party Customer Relationship Management (“CRM”) firms require advisors to share their various Insurer advisor portal login credentials to enable the CRM tool to scrape Client data. Such practices are not permitted by Insurers and, frankly, should not be necessary. Client data must be properly safeguarded and, as a reminder, you are responsible for safeguarding that data as well as any Client data held by your service providers.

Advisors should never share carrier platform or system credentials, multi-factor tokens, or access codes with any person or third party.

Fraudsters continue to become more sophisticated, and we strongly encourage advisors to remain vigilant to help safeguard client data and assets.  We also encourage adhering to security best practices, including the use of strong, unique passwords and enabling Multi-Factor Authentication (MFA) whenever possible. If an advisor suspects or identifies a potential breach, prompt escalation is critical so we can work together to mitigate any risk to clients. Additional guidance is available through our | Cyber Readiness HUB.

Thank you for your continued partnership in helping reduce risk and protecting our clients.