3 Insurance businesses that exposed client data + 2 ways you can help prevent your agency from being next

There were 16.7 million victims of identity fraud in 2017. Avoid simple mistakes that will put your insurance clients at risk.

Do you have spreadsheets with your client’s names, addresses and phone numbers? What about internal systems within your agency that house sensitive client information? Cloud storage on your phone? Amazon Echo in your home? Insurance agents and agencies use technology as a tool to improve customer experience and relationships, and this could make you a target for cybercrime.

A recent survey found that cyber security is the #2 concern across businesses of all sizes. In fact, 52% of the respondents believe that suffering a cyberattack is inevitable. However, most of the respondents have not taken adequate steps to protect themselves.

Think about the last time a major data breach made headlines. Recall a scenario where a client had a cyber-related claim. (Maybe even a time when you were the unfortunate victim of identity theft). Cybercrimes happen so frequently that they no longer surprise us. We know the risks and we know it could happen to anyone. But that doesn't mean we've actually taken steps to safeguard our data.

Deloitte, a group of independent firms, shares the stories of 3 insurance companies who were impacted by a cyber attack:

1. What happens when you don't follow best practices. An insurance and financial services firm specializing in serving seniors was attacked by cyber criminals when they identified vulnerabilities in the company's systems. The attackers stole credit card information of more than 93,000 customers — including names, addresses and unencrypted card security codes, with the goal of selling the information on the black market and committing fraudulent transactions. The company fixed the issue and issued a formal apology, however they were strongly criticized for keeping unencrypted security codes.

2. Being part of a big network can bring big cyber risks. A group of insurance and financial companies were compromised when a cybercriminal hacked into the network used by all of its members. More than one million customers and sales prospects had their information stolen, including driver's license and social security numbers, and the data was sold for identify fraud. The group had to reimburse all damages that resulted from the break, supply free credit monitoring for their customers and suffer a loss of trust from its customers.

3. When an insurance company is targeted. An insurance and investment company was targeted by cyber criminals who sent their employees e-mails containing malicious software to capture confidential data. This information was then used to comprise several of the company's servers in order to gain access to online banking information for financial gain. This event impacted a very small amount of people, but it still received media attention that impacted they company's reputation.

The average cost of data breach was $3.86 million globally in 2018. But these examples show that the initial cost of damage is just the tip of the iceberg for agents and agencies. A breach in data is a breach of trust — and that's what insurance business is built on. So, if you're not going to protect your data for yourself, do it for your clients, reputation and business.

Here are 2 ways you can help protect your client data today:

1. Know what you're up against.

Cyber security for insurance agents can differ depending on the software and platforms they use. Cyberattacks can typically be broken down into two categories: crimes where the goal is to disable the target and those where the goal is to access the target’s data. According to CSO, these are the most common techniques that cyber criminals are currently utilizing:

• Malware. Malicious software that is designed to damage systems. Worms, viruses and Trojans are all types of malware and 92% of malware is delivered by email.
• Phishing. There are roughly 156 million phishing emails sent globally every day. Phishing emails that trick users into taking a specific action, like submitting sensitive information or downloading malware.
• Denial of Service Attacks. A maneuver to stop something from working properly, for example, shutting down an entire website. This is often used as a tactic to hold the services of a company for ransom.

• "Man in the Middle" Attacks. Cyber criminals put themselves between a user and the service they're accessing. For example, criminals pose as a known WiFi account and collect the data people submit while they're surfing the web.
• Cryptojacking. Attackers gain access to a victim's computer to generate cryptocurrency.
• Structured Query Language (SQL) Injection. Malicious codes are entering into the back-end of data-based websites and applications. This is how criminals will typically gain access to an entire database.
• Zero-Day Exploits. Hackers identify vulnerabilities in software and use that knowledge against all of the software's users.

2. Share best practices, and use them.

Designate someone in your agency to share IT security updates with your team, like a weekly tip and notifications about current scams. And post best practices around the office for reminders. *Added bonus, these tips will be great to share with your clients, too!*

Here are a few tips from Cybint News to get you started:

• Be password smart. Make your password more than eight characters long, and use a strong mix of letters, numbers and special characters. Don't use the same password for multiple sites and definitely don't post your password on a sticky-note attached to your device.
• Keep your devices safe. Never leave any of your devices unattended, including flash drives or external hard drives. If you do plug devices into your computers, use caution — this is an easy way for criminals to install malware on your devices.
• Use your own networks. Don't do sensitive browsing on a device that doesn't belong to you or one that is on public WiFi.
• Don't share too much. From social media to phishing emails, the smallest amount of information (like your employer) can give criminals a shocking amount of leverage. If someone asks you for information, it's okay to say "No," and call the company directly to verify credentials.
• Be careful what you click. Links aren't always what they appear to be — hyperlinks and a small change in URL can take you anywhere online.

As the world of insurance continues to go digital, the technology we use will advance and our cyber security risks will change. But one thing that will stay the same is our continued commitment to our clients — including their rights to privacy and secure data. Without that commitment, trust will be lost. And a loss in trust is a loss of business.