What are your IT systems? How sensitive is the information stored? How are you protecting it? These questions are essential for determining the extent of security measures a business needs to take to minimize cybersecurity risks and to determine how much insurance coverage businesses should purchase.
Dustin Mooney and Ryan Smith are with RigidBits Cybersecurity, a cybersecurity consulting and forensics firm. Together they advised insurance agents how to help themselves as business owners and their clients as the pair offered a one-hour webinar during the Independent Insurance Agents of Texas Rise Virtual Summit 2020 on Nov. 9. The day of online presentations substituted for IIAT’s annual Small Agency Conference.
Mooney made it clear that there is no such thing as secure. “There is only more or less risk,” he said.
Every system has vulnerabilities, Mooney said. Vulnerabilities include employees, who may release information accidentally, despite office protocols, and hackers, who identify and exploit weaknesses wherever they can find them.
Hackers share information with one another, Mooney said. They let fellow hackers know how easy a business’s system is to penetrate.
Business email, Mooney said, once compromised, becomes a “sit and wait” situation for a hacker, who waits for a financial transaction and intercepts it. Bottom line, said Mooney, “You can’t trust an email system. Hackers can change a password and lock you out of your own email.”
Fear, however, should not be the basis for making decisions. Instead, Mooney advised making decisions based on risk. Risk is quantifiable, he said. Risk considers the likelihood of impact and the damage it can cause.
Smith said agents need to identify the agency’s highest risks. All 50 states have breach notification laws. Agents should know what state laws and regulations require before an attack.
IT personnel are focused on keeping computers functioning, said Smith. They need to work with security professionals who can identify the risks involved with the technology.
Mooney said that every business should conduct annual awareness training, some more often than that. Smith suggested that management simulate a phishing email for training purposes. Employees will pay attention to cybersecurity training if they understand it can be followed at home for their protection as well.
Both consultants advised that multifactor authentication be used for entry into systems containing sensitive information. “People grumble about multifactor authentication,” said Smith, “because it’s harder to log in. But it also makes the account more difficult to hack…. How much risk do we want to allow?”
Cybersecurity 101 was just one of the presentations of the Rise Summit which was devoted to topics important to insurance agents. Charles Symington, government affairs for Big I in Washington, shared insights on national politics; Steve Anderson challenged agents to think about the difference between innovation and disruption; Carey Wallace, IntellAgents, updated agents on the benefits of participating in RISE surveys and reports; and Chris Paradiso, agency owner, advised agents on developing their brand and presence on social media. All of these presentations were recorded and available for replay on the IIAT website.
Recent Comments