Cyber crimes are on the rise. Time for cyber education.
BY JOEL ZWICKER
Insurance agents handle client’s sensitive data on a daily basis and in the new digital world, data is a prize worth stealing. Given the amount of personally identifiable information (PII) agencies collect and retain, they can be a tempting place for cyber criminals to strike.
Becoming a victim of a cyber attack can hurt your clients and put your personal reputation at risk. If your agency is determined to be the source of a breach, customers will know your name in association with negative headlines. This is not the way you want prospective clients to find you when they look up your name online.
Technology alone will not provide protection against most types of attacks. Employees must take an active role in the digital health of their organization. Agencies should provide basic cyber education. Your agency is only as secure as its most exploitable staff member. Compromised emails are the entry point for 60% of cyber attacks and create opportunities for criminals to plant ransomware, steal funds, and misuse sensitive information. All agency employees must be vigilant about phishing emails that steal PII by impersonating other people or organizations.
Know What Phishing Looks Like
It’s important to show employees what these attacks can look like and inform agents to flag suspicious emails to management or the internal IT support. If one agent received an email they suspect of being a phishing attempt, other agents likely have the same email sitting in their inbox. All it takes is one successful phishing attempt for a bad actor to install malware and/or steal sensitive information.
All a hacker needs to do is to make an email account impersonating an executive at the company and send a message with a link or an attachment to employees. If they click on it, then malicious malware can be installed and infect the systems that hold sensitive data. These are the emails we joke about – someone from a faraway land wants your help and if you provide your bank account, they will share their great fortune with you. While it is easy to laugh at these blatant attempts to capture personal information, phishing attacks are not always this obvious and if the hackers cast a wide enough net, they are bound to catch something. The problem is that many times when an employee falls prey to these types of attacks it’s not immediately evident. Malware can gather information for months, even years before the hacker strikes – pulling data from servers and holding it for ransom.
Spotting those messages before anyone can open them can keep your network safe. Emails asking for sensitive information or for the recipient to click a link should set off red alerts in every agent’s minds. Sometimes, simply double checking the sender’s email address can help employees identify phishing attempts.
When Things Get Personal: Spear Phishing
If phishing is a shotgun approach to cyber crime, spear phishing is a sniper rifle. Spear phishing is harder to spot because it takes pieces of information available on social networks and tailors a lure to the target. It is targeted and personalized. If the CEO of an agency posts about being on vacation, a sophisticated hacker will take that bit of data and create an email that looks like it’s from the CEO (maybe a few letters off from their actual email address) and send a message asking an assistant for passwords or contacts. This is just one example. Spear phishing is so effective because it uses things that the hacker already knows the target cares about. Again, letting employees know what to look for is the best line of defense against this form of attack.
Phishing Can Lead to Ransomware
Using a phishing email, a cyber criminal will gain access to an insurance agency’s network.
Then what? They don’t always sell the information on the dark web. Sometimes they inform the agency that they are holding the information and will destroy the data unless a ransom is met. Hackers have recognized that no one wants data more than the person that they stole it from.
Ransomware attacks have increased over the past two years. Ransom payments from companies increased 341%, to a total of $412 million during 2020. The insurance industry is not excluded from these attacks, with researchers estimating that the industry has lost more than 100 million Americans’ PII.
Most offices have antivirus software but there is still some work to be done when it comes to the human element of agencies’ digital networks. When we all went remote during the pandemic, phishing attacks increased by 600% during this time. Hacker’s realized that many agents were working from home and something about being at home made people lower their guard. Taking the time to educate employees on the methods that cyber criminals use to attack insurance networks can help keep you safe.
Just like a business would put an alarm system on a brick and mortar storefront, it’s time for insurance agencies to become proactive and take the necessary, simple steps to beef up their cyber security. With the risk of having client information stolen or exposed, it’s not only dangerous but reckless to not educate your team on the role they play in ensuring the agency’s safety. Insurance agents need to protect client data so this must be a critical aspect of all agents’ operations.
JOEL ZWICKER is chief evangelist at Agency Revolution (agencyrevolution.com). He has helped hundreds of independent agencies improve KPIs and achieve growth objectives. He coaches them in their digital transformation by helping them leverage digital marketing, marketing automation and content marketing. In addition to his years at Agency Revolution, Joel has extensive agency experience. For 11 years he was an independent agent and spent the last eight of those years overseeing the marketing efforts for a large insurance agency. Reach out to Zwicker at firstname.lastname@example.org