Security is at the top of everyone’s minds nowadays. From Facebook to Google to Quora, many of the biggest companies around suffered major security breaches that affected hundreds of millions of people around the world in 2018.
If you haven’t made a New Year’s resolution yet for your insurance agency, make 2019 the year you beef up your cyber security and make it a top organizational priority.
To do that, you will need to identify the biggest vulnerabilities in your organization. Only when you know where your weak spots are can you fix them.
These are the top three vulnerabilities for insurance agencies that leave their customers’ data open to security breaches.
Yes, the people who work for you are the single biggest cyber threat to your insurance agency. While some attacks have an “inside person,” meaning an attack is helped by an employee in the business, the vast majority of attacks are due to simple mistakes made by employees.
According to the Verizon 2018 Data Breach Investigations Report, employees falling for social engineering scams like financial pretexting and phishing were responsible for 93 percent of all attacks last year.
Much of the problem surrounding cyber security is that people tend to get caught up on the word “hacking” and picture some computer expert tapping away at a keyboard trying to find a way through their firewall with a trojan horse or whatever like we often see in Hollywood movies.
The truth is, though, that the vast majority of these breaches happen because of something called “social engineering,” which is a fancy term, in the context of cyber security, for tricking people into divulging confidential information.
If you check your spam folder for any of your email accounts, you likely have at least one “phishing” email sitting in there. It will say it’s from Amazon or Apple or Walmart or your bank and it will say your account has been breached or your order has been confirmed or someone has used your account to order something.
Then, it will give you a link to click to “login” to your account to rectify the issue. That link will take you to a fake sign in page that collects your username and password and the hackers have your information.
They go to great lengths to make these emails and pages look official and they fool thousands of people per year. In the context of your business, the cyber attackers might concoct an official looking email telling an employee they need to change their password or something like that and then give them a link to a fake sign in page where they can capture the employee’s credentials.
This type of phishing attack is just one type of social engineering. Sometimes the attacker will try to get an employee to download something or install an update that contains malicious code. No matter how it’s done, once the attackers have access to the system, they will wreak havoc.
How to counteract it:
Provide your employees with cyber risk training so they can identify these types of social engineering attacks.
Make it company policy to not use a personal device like USB drives or laptops with the company network, as the personal device might already be compromised.
Use software that scans all email attachments for viruses and remotely backup your data.
2. Poor website host security
A lot of small companies try to save money in this department by opting for cheap web hosting with one of the many budget web hosting services out there. The problem with using one of these budget providers is that they don’t always put a premium on security. They are cheap for a reason.
They also host thousands of sites on shared servers. Your agency’s site might be hosted on a server that also hosts dozens of other sites and some of those sites might belong to cyber attackers who are uploading malicious software to it that could affect every website hosted on that server. Basically, a shared server is only as secure as the weakest website that is using it.
Even if you take sufficient security precautions with your agency’s site, because you share infrastructure with so many other websites, you could still fall victim to an attack because of their lax security efforts and your site could be suspended and offline for extended periods.
How to counteract it:
Eschew the cheap, shared hosting services. Spend a little extra and find a web hosting service that will give you your own server and that has fewer clients so they can give you the attention your agency deserves. You also want your web host to focus on security. Investing a little more in your web hosting pays off.
3. Uneven and out-of-date security measures
You need to have the same level of security for your entire network. If one part is lagging behind, it puts the entire system at risk. Typically, hackers will probe an organization’s defenses looking for weak spots. If your business has strong security except in one area, the hackers will try to exploit that one weak area and if they succeed, your entire system could be compromised rendering your otherwise strong security useless.
For a real life example, in 2014 JP Morgan upgraded all of its servers to require two-step authentication (meaning they required two passwords to access instead of just a single password) except for one server. Hackers eventually got ahold of the password for that server and because it still only required a single password, they were able to infiltrate the system. Had the bank upgraded all of its servers equally, the breach would not have taken place.
Out of date software or software that has not had a security issue fixed also presents a problem. The longer you neglect updating your software, the more vulnerable it becomes to the constant stream of new threats coming out. Many software manufacturers routinely release security patches and updates for clients.
How to counteract it:
When you upgrade one facet of your security system, make sure it is done for the entire network.
Keep atop of the available updates and security patches to the software you use and always make sure it is an authentic update before installing.
One other way to ensure you keep your insurance agency safe is to use an agency management system that puts a focus on security. Evolution Agency Management software has been tailored to be flexible, easy-to-use and, most importantly, secure. Your customers’ data will be safe with eVo. Please visit us to book a demo today.