Every Insurance Broker I speak with typically has the same story: “we are on the cloud “, “I think we are good” or the famous “don’t they take care of security on the cloud”
Chances are they didn’t read the fine print on the lengthy software service agreement, especially the part on how they’re not liable for a cybersecurity breach.
All Software as a Service (SaaS) platforms (Applied Epic, AMS, or Hawksoft to name a few) are cloud based systems that only require a user name and password to authenticate. This basic logon process makes you vulnerable to a cyberattack, especially since chances are you are using the same using password you used on other sites. If you had an account created with those credentials at: LinkedIn, yahoo, Citygroup, Equifax, JP Morgan, Facebook, Twitter, stayed at a Marriot, AOL, TD Ameritrade, AT&T, Capital One, CVS your information is floating in cyberspace in the DARKWEB.
By the way, this already happened! See the HAWKSOFT Cyber breach. They had to shut down their systems and keep their clients waiting until they fixed the issue. Can you afford to not service your customers for a week or two?
Don’t get me wrong; I am a big proponent of the “CLOUD”. We stopped buying servers for ourcustomers years ago. I am a bigger proponent of Cybersecurity, you see is important to verify who is accessing what and when. The old servers in your office did provide some low level of security although can be easily compromised when left open it did a few things ok.
The post-pandemic move to working remotely made security even more challending. Employees were given a company owned laptop (hopefully you made this investment and not let them use their kids old computers!) and now they are accessing these CLOUD BASED AGENCY MANAGEMENT SOFTWARE from their homes. Guess who else can do that? You guessed it! Cybercriminals. It would take a hacker less than an hour to hack a password if it’s not complex, it’s just a matter of time. Don’t believe me? GO HERE and type a password similar to the one you use (don’t use your password) and see how long it would take to be broken.
Beyond guessing, a criminal could just steal it (especially if you’re using your kids old laptop, do you know where they’ve been?) A keylogger is a program (malware) that can be installed on a computer and you won’t even know it’s there. If you’ve seen one of my webinars you’ve seen this in action, I usually do a live hack to a member in the audience to show just how easy it is for a hacker to be logging every keystroke from your computer. CLICK HERE TO WATCH MY WEBINAR.
How important is cybersecurity?
Cybersecurity is no longer just a good business practice, it’s now the law. As a Licensed Insurance Agent, you are obligated by law to comply with the Cybersecurity Regulations imposed by your state or federal regulations, for example in New York the DFS Department of Financial Services NYCRR500.
When (Not If) Your Business Falls Victim To A Cyber-Attack…
Depending On What Happens…
- You will be BLAMED. There’s no sympathy for businesses who get hacked, and you’re wrongly labeled irresponsible, careless.
- You may be questioned, possibly investigated, about what you did to prevent this from happening.
- You may need to notify CLIENTS that you exposed their data to cybercriminals, or at least were hacked, losing files and data, delaying projects and halting services.
- If the news (or your competitors) gets wind of this, they’ll have a heyday destroying your reputation.
- Costs for restoring data and work can quickly escalate.
There is only one way to properly secure your IT Systems and that is by following some basic but important cybersecurity rules.
- Enable Multifactor authentication on as many accounts as you can: Multifactor, or otherwise known as 2-Step, Authentication is a method on which you will receive a text with a code, or you can use a free app on your phone such as Microsoft or Google Authentication to verify that is really you that is logging in.
- Set Security Policies and Enforce them: Work with your IT provider, or call us to secure your laptops, office computers, mobile devices.
- Deploy serious security software: The old days of Norton are over. You need a modern proactive not reactive Endpoint Security System that can not only detect threats but remediate and roll back any issues that happened in real time.
- Deploy and TEST a Ransomware proof backup: Yes, backups can be attacked, and cybercriminals know this. That is why is very important to have a way to go roll back in time from a location that doesn’t touch your normal network.
- Review your systems at least quarterly: and demand your IT Provider to give you a detailed penetration test on how an attacker will get into your system and how they will protect you against it. There is always a new way someone can get it.
- MORE IMPORTANTLY, GET A CYBERSECURITY RISK ASSESSMENT. You must do regularly an assessment of your computer systems and look at all of the potential liabilities and risks. How do you know where you stand if you’ve never tested it?
- Look into systems like AVD Azure Virtual Desktop to make sure every employee accesses your Agency Management System from one location and that they must Multifactor Authenticate to confirm their identity. AVD also helps you with someone trying to steal your book of business by encrypting and locking files even if a hacker tries to take them outside your organization.