Cyber Security for Insurance Agencies: 5 Ways to Protect Against Data Leaks

As traditionally analog insurance transactions migrate to more digital environments, understanding the risks associated with data breaches and computer security are imperative to agencies wishing to protect their customers’ and employees’ information. One bad data breach is all it takes for clients to lose trust and migrate to an organization that has better security protocols in place. But, cyber security for companies doesn’t have to be difficult. Follow along for five simple ways to protect your online information and give your customers the secure digital experience they expect.

1) Educate Yourself and Your Team About Phishing Attacks

Phishing attacks are attacks where a malicious party pretends to be legitimate so they can extract sensitive information like passwords, social security numbers, or billing information. Some of the most common phishing techniques include:

• Sending fraudulent emails or text messages to potential victims.
• Including fake attachments in fraudulent emails.
• Building fake websites that mimic legitimate sites to steal information.
• Creating fake “faster sign-in” options in apps and commonly used services.

Be extra cautious when you encounter emails from anyone outside of your company’s domain, emails that contain links or attachments, and websites that ask you to log in or confirm a password. You can learn more about common phishing scams from Phishing.org, a project of KnowB4, the world’s most extensive security awareness training, and a simulated phishing platform.

2) Update Your WiFi Encryption

Legacy methods of WiFi encryption such as WEP (Wired Equivalency Protection) and WPA (WiFi Protected Access) can make it easier for an attacker to compromise your network, sniff your traffic, and deploy other nefarious attacks.

• What is a network-compromising attack?
  • An attack focused on penetrating your network often with malicious intent like spreading malware, a virus, or exploiting a security vulnerability.
• What is a sniffing attack?
  • Interception or theft of data via unauthorized monitoring by a bad actor.
• What is a man-in-the-middle attack?
  • An attack altering communication between two parties to make them believe they are communicating with one another; when in reality, the attacker, who is in the middle, collects sensitive information from both parties.

You should encrypt your WiFi connection with WPA2, a security program certified by the WiFi Alliance that uses modern encryption. Additionally, the administrator password for your router should never be the default password assigned by the manufacturer as those are publicly accessible via the internet. Instead, choose a strong password with upper and lower case letters, numbers, and special characters or generate a random password with a password manager.

3) Use a Password Manager

A password manager is a handy tool for managing security. Rather than committing your password to memory, a good step for cyber security for companies is to implement a company-wide tool to generate, store, and grant access to passwords for employees. A password manager prevents everyone from collecting password sticky notes, using standard one-size-fits-all passwords, and sharing passwords insecurely. Moreover, a password manager can help prevent opportunities for security breaches before they begin.

Using a single password manager helps you manage secure and complex passwords. Not only can it suggest secure passwords, but it can also keep an encrypted version of your (different) passwords for each system. Password managers also include user-level permissions, making it easy to share passwords with team members as needed. Employees should never send credentials and other sensitive information over tools like Slack, Microsoft Teams, or other company communications platforms.

4) Adopt Multi-Factor Authentication

Having complex passwords prevents simple security breaches, but adopting multi-factor authentication (MFA) adds another layer to mitigate potential security breaches.

What is multi-factor authentication? MFA is a security protocol requiring users to authenticate their access by using more than one device to login. For example, you enter your Gmail password and then receive a text message on a previously-registered device to confirm that you are, in fact, you.

When utilizing multi-factor authentication, an attacker needs your credentials and access to your MFA device to complete an attack successfully. Whenever possible, use multi-factor authentication to increase security.

5) ​​Define Security and Emergency Protocols

Having well-defined security and emergency protocols are essential all the time, and are especially important if your company has a remote, decentralized, or hybrid workforce. Documenting security protocols and ensuring your team follows them will help protect against cyber attacks. Spotting out-of-the-ordinary activity is much easier when you know what is typical. Having emergency procedures in place supports efficient responses to cyber threats, attacks, and data breaches.

An excellent example of a security protocol is the Principle of Least Privilege (PoLP). The Principle of Least Privilege grants employees only the minimum level of access required to carry out their work. For example, your sales team sends invoices to customers for purchases and therefore needs some form of access to your payment processing software. However, you can grant your sales team a “specialist” role in your payment-processing software rather than an “administrator” role. Differentiating roles throughout your organization provides complete access to those that need it while not making excessive information available to those in positions that don’t need it.

At Layr, all of these protocols are followed on a daily basis with every partner interaction and every product built. If you’re using our platform, you can be assured that we’re going above and beyond with our cyber security for companies to secure you and your customers’ information. As always, feel free to reach out to our team with any questions surrounding how to utilize our technology to better service your book of business. Secure your books today with Layr and discover #betterbusinessinsurance.