Cyber security has been a concern across industries for years, but the COVID-19 pandemic accelerated risk. With more businesses moving to online operations, more data became vulnerable. This is especially true in insurance, where the use of insurance tech skyrocketed in 2020, along with incidents of cyberattacks.
Insurance is second only to legal firms as cyber criminals’ preferred industry to attack. The average agency is targeted over 100 times per year, with more than 30% of attacks succeeding. And according to PwC’s Digital Trust Insights Pulse Survey, cybercrime is expected to cost companies $10.5 trillion annually over the next four years.
These stats should be more than enough to get you asking the question, “What’s our agency cyber security plan?” Whether you’re starting from scratch or updating an outdated strategy, the following elements are must-haves for your agency’s cyber protection.
Add These Basic Security Measures
There are a handful of actions you need to set up baseline cyber protection. Those include:
- Use modern hardware: Outdated desktops and laptops are more vulnerable to modern cyber-attacks. Make sure you’re using tech that’s less than five years old to ensure it has the most recent safeguards.
- Add or update anti-virus software: Similarly, you need the most up-to-date virus protection software to act as the first layer of protection. Don’t ignore that “your software has expired” pop-up!
- Implement multi-factor authentication: Add a layer of protection to your data storage systems with multi-factor authentication. The more complex passwords and additional layers of entry you have, the more you protect your data.
- Work with a security expert: You can only do so much in-house – your team knows insurance, not cyber security! It’s worth the investment to hire a trusted partner to get you the best software, training, and cyber security management.
Train Your Team
Even the best cyber security software can’t spot all potential threats. As cybercriminals have evolved, they’ve begun implementing tactics that hit people’s vulnerabilities rather than machines.
One type of attack is called “social engineering,” in which a cybercriminal gains information on the names, titles, and small personal details about a person or persons at a company and uses that to impersonate them. Cybercriminals will then convince a team member to transfer funds, give up passwords, or reveal other valuable information they can use to attack the company.
With such people-centric attacks evolving, you need to keep your team at the ready by training them on:
- How to identify common threats, including specific details to watch for and common tells.
- How to determine if correspondence is legitimate, such as calling, texting, or sending a separate email contacting the person a message is supposed to be from to confirm their identity before taking action.
- Who to contact if they suspect a threat, whether through a reporting system or contacting a specific team member.
- How to set up a secure work from home station, including using a VPN, enabling a password on their computer, and never sharing their work devices with anyone.
Training on these elements and others should be continual, and you should frequently test your team with fake attacks. The more practice they get, the better they’ll be at responding to a real threat.
Choose Security-Conscious Partners
No matter how safe your agency is, if you’re working with a vendor that’s vulnerable, you are, too. Only work with providers who take cyber security seriously, as we do at Partner Platform.
Our team uses all the above cyber prevention tactics and employs elements like a redundant, cloud-based backup system for secure data storage. We also carefully vet all our Partner Ally integrations, ensuring they meet our high cyber security standards.