As an insurance brokerage, your company is an inviting target for hackers. Your business is large enough to store personal data about employees and the policyholders you serve. At the same time, because you’re a smaller business, you may not have sophisticated cyber threat prevention protocols in place. Your agency may also be highly reliant on digital files, making you vulnerable to ransomware.
Fortunately, there are steps you can take to protect your agency and heighten your vigilance, and it starts with increasing your team’s awareness. With that goal in mind, here are the top four cyber threats faced by insurance agencies, along with a checklist of best practices.
1. Ransomware
Insurance professionals spend a lot of time warning their clients about the threat of ransomware. They would be wise to heed this advice themselves.
- Use anti-virus and firewall programs on all the devices you use for work-related purposes.
- Update your computer regularly, applying software patches as soon as they become available.
- Use strong passwords and multifactor authentication.
- Keep backups of your files. Update these backups regularly, such as once a week or even once a day. Store the backups in a location not connected to the network, such as an external hard drive.
- Be cautious if using Remote Desktop Protocol (RDP). Hackers may exploit RDP to gain access to systems. However, there are steps you can take to boost security for RDP, such as restricting access.
- Consider hiring a security consultant to review your cybersecurity and address any vulnerabilities.
2. Phishing
Hackers may use phishing attacks to access computer systems and deploy ransomware or other malware. Hackers may also use phishing to steal login information or access accounts and data. This makes phishing a serious threat. Unfortunately, the problem is becoming worse – according to Kaspersky, phishing attempts increased by 40% in 2023.
New technology may be at least partially to blame. Hackers often use generative AI for phishing, which allows them to craft highly-targeted and convincing messages in very little time.
As the threat grows, insurance agencies need to increase their vigilance.
- Reduce malicious email by using spam filtering and flagging external communications.
- Watch out for email or text messages that ask you to click on something. They may sound convincing and create a sense of urgency. Instead of clicking on the link, contact the organization using the contact information you have for them. For example, if you receive a message from your bank about suspected fraud, call your bank directly instead of replying to the message. If you receive a message about one of your accounts, go to the account directly and log in rather than clicking on the link.
- Watch out for phishing by phone, sometimes called voice phishing or vishing. Never give anyone who calls you sensitive information, no matter how official or urgent the person sounds.
- Train workers on how to spot phishing attacks. Consider running simulated phishing tests to see if employees avoid suspicious messages.
3. Data Breaches
According to Security Boulevard, an insurance broker has had to notify 1.5 million people that their information was exposed in a cyberattack on the broker’s systems. The hackers gained access to names, dates of birth, Social Security numbers, and other personal details.
Not all data breaches are associated with ransomware attacks. Breaches may occur when hackers access files by stealing passwords or exploiting system vulnerabilities. Employees or former employees may also cause breaches. Physical devices are another threat – someone could find a misplaced laptop or flash drive and recover the data on it.
In addition to taking steps to prevent ransomware and phishing, the following help prevent breaches:
- When an employee leaves, change passwords and ensure the employee no longer has access to files.
- If portable devices are necessary, take extra care with them and encrypt sensitive data.
- Limit access to computers. For example, keep your office locked and do not allow customers to be left alone in the office.
- Assess the security of any vendors you use that have access to data. Third-party data breaches are also a threat.
4. Business Email Compromise
Business email compromise scams have become common in the real estate sector, but they also impact other sectors, including insurance. In these scams, a hacker usually poses as a supervisor, client, partner, or other trusted party and then requests a wire transfer. Sometimes, a wire transfer may not be the goal. For example, hackers may also request sensitive information or gift cards. HR departments are also targets – hackers may pose as employees in an attempt to divert paychecks.
Business email compromise scams may become harder to detect now hackers don’t have to rely on email. With the emergence of deepfake video and voice, they can impersonate individuals over the phone and even in video conference calls.
Establish policies to confirm requests for:
- Wire transfers or sensitive information, preferably in person.
- Changes to payroll disbursement. For example, if employees want to change the bank account for their paychecks, require them to come into the office in person to make the request.
Managing cyber risks has become an important part of running a modern insurance brokerage. Do you need support? In addition to carrier access, Heffernan Network offers innovative technology solutions and back-office support. Learn more.
