Risk Management Tips
Risk Management Tips09.03.2018
Take a look at the below claim scenario to learn how you may better protect yourself as a producer:
A top producer in a large insurance agency depends upon his agency issued laptop and smart phone to remotely access the agency’s computer network while servicing his large group of far flung clients. While checking his e-mails from a remote location he opens an e-mail which purports to be from a major client, stating that the client is attempting to send important documents and providing a link to facilitate delivery. The agent clicks on the link and is prompted to provide his user name and password for the agency e-mail system, which he does. His personal device and the entire agency network is then immediately infected with malware. The agency network quickly becomes inoperable, and a demand for $5000 to unlock the system is shortly received.
Risk Management Tips:
Many businesses, including insurance agencies, tend to downplay the risk that their computer systems and data may be at risk. Cyber attacks can and do impact firms of any size and any level of technological sophistication. They can involve simple data theft, denial of service attacks, or introduction of malware or ransomware into the firm’s network, servers, and mobile devices. The methods and sophistication of cyber attackers continue to evolve as technology advances. Accordingly, firms are obliged to proactively develop and continuously update cyber security programs to mitigate both existing and emerging cyber risks.
Employee education is key to attack prevention. Security industry studies indicate that most breaches involve some level of employee involvement, whether through clicking on a phishing e-mail, downloading a questionable document or app, or simply failing to employ effective passwords. Firms should educate staff on risks related to use of personal and corporate devices on the job, what to do if one is lost or stolen, traveling and accessing sensitive data through unsecured connections such as coffee shop free Wi-Fi and hotel business centers. Pubic Wi-Fi hotspots are especially prone to malware. Employee cyber awareness education should be mandatory with periodic testing.
Creating and testing a breach response plan will help lessen the impact the impact of and time lost to a cyber attack. The plan should designate who will be contacted when to respond to an attack. The plan should include instructions on how and when to communicate with anyone outside the firm including the media. The plan must be communicated to all employees with mandatory compliance required, and periodically tested, re-evaluated and modified as necessary to meet evolving threats.
Software updates, including any security patches, from software providers should be installed promptly on all devices used to access the firms network, including employee owned devices. Establish mandatory corporate mobile and employee owned device policies to ensure that employees don’t create unguarded network access points. Password protect and use encryption software on all devices used to access the firm network.
All information provided in this blog is for informational purposes only. The sources used are presumed accurate. CITA Insurance Services, Brown & Brown Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable for any errors, omissions, losses, injuries or damages arising from its display or use and will not assume responsibility for any misguided information. No guarantees are implied.