Handling sensitive information is one of the most critical responsibilities that insurance brokers and agents have. Now, as expanding areas of agents’ jobs involve the use of technology, cyber risk is becoming an increasingly prevalent issue. Cyber-criminals have come to recognize that not only do insurers possess personal client information, in some cases even payment or credit card information is recorded.
Get all the latest cyber insights for free: Sign up for tomorrow’s Broker Connect event
Insurance is the fourth most attacked economic sector, experiencing over 10% of all exposures, according to Ron Berg (pictured), executive director of Agents Council for Technology (ACT), part of the Independent Insurance Agents and Brokers of America (IIABA).
“We’re seeing more sophistication when it comes to types of phishing attacks. Even though people are becoming more aware, it just takes a quick, thoughtless click for an attack to be successful,” he said. A recent claims study also found cyberattacks were escalating specifically for small and medium sized businesses, he added, and that risk will only continue to rise.
In our current business environment, with insurance companies transitioning to work-from-home models or a hybrid office/home structure, more devices are being used on less secure networks, which increases risk and vulnerability. While users may be diligent when on their work computer, Berg says home laptops, phones, smart TVs and IoT devices like connected thermostats are exposed. Companies and their employees need to consider routers and Wi-Fi networks when thinking about security, as well as mobile apps.
“About 60% of online attacks, both phishing and malware, are being accomplished on mobile platforms, mostly through mobile apps,” he said. “Not only are we doing business using more mobile platforms that management system vendors are providing, we are also escalating the use of social platforms as part of our business.”
Brokers and their clients increasingly use social media platforms like Facebook, Instagram, Twitter, and LinkedIn to communicate with customers and also blast out notices. Using these applications creates more opportunity for potential intrusion. For example, if someone takes a personality quiz on the same Facebook account they use to manage a business page, it could open up risks for that business.
Mitigating risk
In addition to regular cyber guidelines, Berg says companies need to adhere to their state’s data breach response laws.
The ACT cyber security report states: “The Gramm-Leach-Bliley Act (GLBA) covers all other models and state laws, including the New York Department of Financial Services (NY DFS) and the new National Association of Insurance Commissioners (NAIC) Model, which several states have already adopted, and many others are reviewing. These acts and regulations can be difficult to address given the multifaceted responsibilities agents encounter daily, but it must be a priority.”
Berg shared some quick tips that brokers should be aware of, as well as advising their customers on, to improve cybersecurity:
Don’t respond to texts or emails about cheques from the government.
Be wary of anyone claiming to represent a source of pandemic information, like the CDC. These tactics can be used to gain personal information or money.
Harden entry points: lock down routers with complicated passwords and make sure computers and browsers have up-to-date malware protection.
Remember that cybercriminals are using information about vaccinations not only to scam money, but also to embed malware.
His number one piece of advice: “You can have firewalls in place, updated malware and antivirus protections, a written information security plan and a data breach response plan, but without diligent and consistent training, all those other protections crumble.”
Ron Berg will be joined by a panel of industry experts at the Insurance Business virtual event: Broker Connect Cyber, where they will discuss the impacts of the COVID-19 pandemic and how brokers should set themselves up for success in the ‘new normal.’ To register for the event – free for risk managers and brokers – taking place tomorrow, June 09, click here.
