Digital insurance options opened up new markets and improved communications for agencies worldwide. However, this growth goes hand-in-hand with the rise in cyberattacks over the past few years.
Recent reports estimated cyberattacks increased between 200% and 300% in 2020 and are doubling again. Similarly, ransoms from cyberattacks are rising by between 50% and 80%, making it a more attractive scheme for cybercriminals.
Labor market changes contribute to increased cyber-vulnerability as well. More people are working remotely, and their home offices may not have the same security measures as their company. Similarly, the recent labor shortage means companies are hiring more people more often and, in their haste to fill positions, may not provide ample cybersecurity training for new hires.
Hacking your systems and gaining a payout is a full-time job for cybercriminals. Your agency needs to stay alert with these measures to ensure your data stays protected.
Know the Threats
One of the best ways to keep your agency data secure is by knowing the different ways cybercriminals can attack. Some of the most common threats include:
- Malware. This type of threat is embedded in software. Cybercriminals may hack into systems and download malware onto a victim’s device, or they can trick individuals into downloading it themselves. Hackers get malware in your system through email attachments, links, and even through flash drives left for curious individuals to open on their devices.
- Ransomware. Ransomware is a way that cybercriminals use malware. Essentially, they get malware installed on your system and use it to take your data or system hostage. They may threaten to share private data publicly or keep your system locked unless you pay a fee, often in bitcoin or another cryptocurrency.
- Spyware. With spyware, hackers can access your device and take control of it. They may look at files, access your camera and microphone, or look at your emails. By looking through your information or listening in on conversations, cybercriminals can gain information that will help them access your organization’s data. Spyware is also sent through links, email attachments, or flash drives.
- Phishing. Phishing is one of the most successful cyberattacks because it uses manipulation to get people to give up information on their own. In a phishing scheme, a hacker sends an email or makes a phone call posing as someone in the organization or another credible person or organization. They then ask for information like bank account numbers, passwords, or other sensitive information. Thinking they are communicating with a reputable individual, employees give up information willingly.
- Spear–Phishing. When a cybercriminal targets a specific employee, the attack is called spear-phishing. With a phishing attack, a message may be more general, but the communications are highly personalized in spear-phishing, making them more successful.
These are just some of the common threats organizations face today. Keep in mind that cybercriminals are becoming more sophisticated, and these threats can evolve. It’s best to partner with a full-time cybersecurity expert, like our partners at Archway Computer, to keep your agency up-to-date on the latest protective measures.
Train Your Team
Your best line of defense against cyberattacks is your agency team members. Equip them well by training them on the following:
- What threats to watch for and how to identify them
- Who to report suspicious activity to and what action (or inaction) to take when they suspect a threat
- How to safely access your agency servers when they’re working elsewhere (i.e., using a VPN and not connecting to public wi-fi)
- Who can access sensitive data and why it’s important to limit access to secure information
- What to do with physical documents containing sensitive data (i.e., scan to a secure location and shred paper copies)
- What your policies are for accessing data on personal devices and how to keep them secure (ACT has a great guide you can access here)
Another big part of training your team is letting them know common tells of a suspicious email, text, or voicemail message. Some of those tells include:
- Receiving an unexpected message with an unusual request (i.e., your boss asking for an immediate funds transfer)
- Demanding immediate action (“Reset your password NOW!”)
- Getting an unexpected attachment
- Requesting user name or passwords information
One of the best ways to train your employees is to partner with a cybersecurity training team. At SIS, we use KnowBe4 to keep our team equipped with regular training sessions and check-ins to ensure our staff is alert.
Invest in Tech
Cybercriminals use sophisticated technology to attack your agency, so you need similarly robust tech to defend your data. Some of the most valuable technology you can employ includes:
- Updated anti-virus protection and malware scanning software
- Recent hardware and updated internet browsers with the latest security patches
- Protected VPN for accessing data outside your office
- Secured document storage via cloud services like OneDrive
- Updated passwords and multi-factor authentications
At SIS, we recently added multi-factor authentication measures to provide our Partner Platform agency management system with even more security. It’s just one part of the secure tech, training, and partnerships we have to give the best data protection for our Partner Platform agencies.
Partner Platform agencies can read more about our multi-factor authentication on PartnerNet. If your agency is interested in learning about our secure Partner Platform community, you can learn more about our commitment to security here.