The “Why” and “How” of Helping to Secure Your Agency Against Cyberattacks

Cyberattacks have become a major concern for agencies of all sizes. Even the smallest of agencies can experience a cyberattack. With hackers constantly evolving their tactics, it’s crucial to take proactive steps to safeguard your data. Cyberattacks can lead to data breaches, financial loss, disruptions, and damage to client trust.

Understanding the Risks
It is vital to understand some of the risks you could face that could target your agency. These include:

• Phishing/Smishing – Uses various methods to entice you to click a malicious link, download infected files, or reveal personal information such as passwords.
  
• Ransomware – Malware that locks your data until a ransom is paid.
  
• Malware – Designed to harm or exploit systems.
  
• DDOS (distributed denial-of-service) – Attacks aimed at overwhelming your system to cause disruption.
  
• Data breaches – Unauthorized access to confidential or sensitive data. Data breaches are often the result of other types of cyberattacks such as phishing.
  

The following are some risk mitigation strategies insurance agencies can use to help defend against cyberattacks:

• Staff Education – Human error is one of the most significant causes of cyber breaches. Phishing scams and social engineering attacks often succeed due to a lack of employee awareness. Invest in regular cyber security training for your staff. This training can help your employees recognize suspicious activities, avoid risky behavior, and adhere to best practices.
  
• Use Multi-Factor Authentication (MFA) – Passwords alone are no longer sufficient to secure your accounts. Multi-factor authentication adds an additional layer of protection by requiring users to provide two or more verification factors to gain access.
• Back Up Your Data – It is important to back up your data frequently to help ensure that in the event of a cyberattack you can restore your systems without paying a ransom or experiencing significant data loss. Isolate backup systems from the primary network to prevent them from being compromised if there is a breach.
• Update Your Software – Updating your software regularly can help avoid cyberattacks that take advantage of weaknesses in your operating system and programs. Regularly updating with security patches can increase the efficacy of your computer system’s built-in security. Antivirus software is critical for early detection, however, if it is not updated often, it will not be as effective at locating and isolating potential malware.
• Third-Party Vendors – Insurance agencies often use third-party vendors for various services which can be entry points for cybercriminals. When contracting with vendors, assess their cybersecurity practices to ensure they have stringent security standards.
• Establish an Incident Response Plan – Having an incident response plan in place will allow you to more effectively respond to a cyberattack and minimize the impact. Your plan should outline clear steps to follow in the event of an attack, including identifying and containing the threat, notifying relevant parties, communicating with clients, and coordinating with law enforcement and/or legal professionals.

Implementing strong cybersecurity policies and practices can significantly reduce the risk of cyberattacks against your agency. This is essential to protecting your business and maintaining your clients’ trust.

Examples of Cyber Claims that Could Impact an Insurance Agency

• An employee receives an email that appears to be from the President of their company indicating they need to urgently make a payment to a vendor.
• An agency management system is shut down for weeks due to an attack which originated from an employee clicking a link in a phishing email. The agency is unable to process business and/or accept payments during this time period, resulting in the need to hire experts to remediate the situation as well as loss of revenue.
• An Account Executive’s laptop containing clients personally identifiable information (PII) is stolen.