We often hear about large data breaches on the evening news. Once again, hackers stole private information from a company’s database. Personal records, exposed and accessed.
The company’s reputation, tainted. The ensuing potential state and federal fines impact their financials. The breach could put the company out of business.
As insurance agents, we need to protect the private information we collect on our clients. Here are a few steps your agency can take to protect your client data and reduce the likelihood of a data breach.
Strong passwords should be your first line of defense against a cyberattack. In past breaches, experts found weak passwords allowed hackers to access private information.
Today, agents have a plethora of passwords. It can be overwhelming to manage passwords for carriers, vendors, and financial institutions. You must develop a password policy for the agency. Here are a few tips.
• Strong Passwords – When creating a password, it should be at least 10 – 12 characters in length. Include upper and lower case letters, numbers and special characters. Do not use default passwords that come with your systems, such as Admin, Password, or 1234.
• Password Policy – Every agency should put in place a password policy for their staff. Focus on using strong passwords as mentioned above. Change your passwords every 90 days. And, don’t share passwords with other employees.
• Secure Password Storage – Do not post your passwords on a sticky note on your monitor! Secure your passwords with a password manager such as LastPass, KeePass, or 1Password. This will enable you to store your passwords in a secure environment.
For more information on creating better passwords, visit our blog post Better Passwords: The First Step in Securing Your Data.
2. Use and Update Anti-Virus and Anti-Malware Software
Install and update anti-virus and anti-malware software on each of your office computers. Anti-virus and anti-malware will help to prevent malicious software from entering your network.
For example, malicious software known as ransomware prevents you from accessing your data. To access to your data, you must pay a ransom to the hackers, thus the name ransomware.
Make sure you set the anti-virus and anti-malware software for automatic updates. Enabling this feature will help prevent viruses and malware from entering your machines.
Also, make sure you set the scans to run on a regular basis. These scans might take some time. So, you may want to schedule them to run early in the day or after business hours. Review the logs to see if the software detected any viruses or malware.
What if the software detects a virus? Contact your IT department or local IT professional to determine the extent of the virus. Some viruses can install key loggers that allow hackers to steal your passwords. So, act fast.
3. Secure Wireless Routers
Today, every agency has a wireless router for internet access. But, even those aren’t safe. Hackers can still gain access to an unsecured wireless router.
Most wireless routers come with a default administrator password. So, if this is not changed, any hacker can access your network data. Make sure to change the administrator password when you install your router.
Establish a strong password for your wireless users. Change it anytime an employee leaves the agency. This will help to prevent unauthorized access by former employees with ill intentions.
When setting up your wireless router, you will select a wireless encryption protocol. Today, the current wireless encryption protocol is Wi-Fi Protected Access (WPA2). WPA2 provides stronger encryption methods than the former WPA or WEP.
For more information on securing your wireless router, review Securing Your Agency’s Wireless Router.
4. Education & Training
Employees can be your first line of defense against a cyberattack. Their knowledge, or lack thereof, can make a difference.
Educating employees about the risks of phishing attacks. These can happen when you open an email attachment from an unknown sender. It only takes one employee to open a fake, virus-laden email to expose your computer network.
Recently, an agency informed me of an email one of their employees received from firstname.lastname@example.org. They thought this was from the individual handling their accounting information. They opened the attachment, and installing a virus on their computer.
Emphasize your responsibility to keep your client data safe. Inform employees to report any suspicious behavior. This could range from their machine running slow to unusual phone calls.
Explain attack tactics such as social engineering and phishing. Talk about recognizing and avoiding unsafe internet websites. Explain the cost of a breach and regulatory requirements to protect client data.
5. Update Software to the Latest Operating System
Set your computer operating system to automatically install the latest updates. Sometimes operating system vendors find security loopholes in their operating systems. So, they release updates to fix them.
If you do not install these updates, you are leaving your agency open for a potential cyberattack. If you have an older operating system, immediately update them to the latest version.
Securing your agency data starts with you. Following these steps will help better secure your agency data. You’ll protect your agency from expensive fines and a damaged reputation. You’ll protect your customers’ data from hackers. And, you won’t be on the 6 o’clock news.