These information security bulletins are going to be a regular feature over the coming years as a way to highlight important security information for you, making it distinct from product, pricing, and research updates. Over the coming months we will individually highlight areas of our information security policies and certifications for you. These areas will also be updated in our Outsource provider statement. We suggest that you file these along with other aspects of your cyber resilience planning, such as audits of your devices and internal security practices.
Our Financial Advice Provider clients all have standard licence commitments to meet in terms of cyber resilience and in order to support you in doing that we have reviewed our security stance. For that reason, two factor authentication will become mandatory. This important form of account protection allows you to be more confident when using Quotemonster services.
CERT NZ reports that cyber criminals are trying harder than ever to get hold of your personal and financial information, prompting our team to develop measures that will keep our users more secure when using Quotemonster.
We will be introducing two factor authentication (2FA) in the next few weeks; this is a second layer of defence to keep attackers out of your account.
This aligns with our plans to bring back client surnames (highly requested) and add features that save you time in setting up your quotes, including, automatically populating the right number of lives from a quick set-up menu, and setting up income protection based on client income fields.
Why do we need 2FA?
Passwords can be shared, stolen in phishing scams, used on multiple systems, or lost in a data breach. Adding 2FA makes it much harder for a cybercriminal to access information held in your quotes and statements of advice.
How will 2FA work?
The options available are email verification or authenticator apps. Both Google and Microsoft authenticator apps are supported. Many of you will already have one of these authenticator apps downloaded.
When logging into your account, you use both your password and temporary code that is sent via email or generated on your phone’s authentication app (e.g., Google authenticator or Microsoft authenticator).
Who will be affected?
We plan to take a tiered approach, activating the requirement in the following stages:
- 23 November 2FA will be activated for all accounts, but you have four weeks to set it up before it becomes mandatory.
- 12 December 2FA becomes mandatory for all Research and AdviceMonster accounts.
- 16 January 2FA becomes mandatory for all free Quotemonster accounts
What if you share your account?
Account sharing is a breach of our licensing rules. Accounts with multiple users will be affected the most. There are solutions at free and lower cost for admin and compliance officer access to accounts, and for managers of larger financial advice provider businesses. Student access can also be arranged along with free trials for completely new members of staff who may not yet be productive. If you are one of these users, we would recommend contacting us to discuss your options going forward as the last thing we would want is for you to be locked out when sitting in front of your client. If you just need more accounts, call us to ask about group discounts.
What if I run into problems?
We are here to help! Please contact us on 09 480 6071 or at [email protected] if you have any concerns or questions.
More information about relevant certifications, policies, and procedures will be shared in future information security bulletins. We recommend you keep these with other compliance documents.
ISB 01-202211