The threat of COVID-19 to your digital health

Insurance brokers are some of the most vulnerable targets of cyber crime. Brokers hold sensitive information about their clients that is attractive to cyber criminals. They also need frequent access to it, leading to increased cyber security risks.

The pandemic has only heightened brokers’ vulnerability: according to a threat report by Proofpoint, 99% of cyber attacks need human interaction to work – which makes you and your team your business’s cyber defence. That means COVID-19 is dangerous for both brokers’ physical health, and their digital health.

Research from Chubb Insurance found that over 60% of Australian SMEs have experienced a cyber incident in the past 12 months. Yet small businesses are still not taking cyber security seriously.

Cyber security requires immediate attention. You need to understand the cyber security risks associated with your business – after all, if you don’t manage your cyber risks, how can you help your clients manage theirs?

What are my risks?

The need to protect confidential, proprietary and client information has never been more important. Ransomware groups target insurance brokers, and once inside they can stealthily explore company networks for weeks or months without detection. When they decide time is right, they’ll encrypt your data so only they can access it and demand a ransom for its return. They may also threaten to make company data public, either to ratchet up the ransom demand or as a second part of the scam.

Ransomware attacks have successfully targeted big players such as Xchanging, the insurance procurement arm of global IT services firm DXC Technology, and Insurance House Group’s ProRisk underwriting agency in 2019; as well as smaller regional brokerages such as Andrew Agencies.

Insurance firms using older software and technology are more vulnerable to cyber attack. The web services your clients use can also put both you and your client at risk, with significant disruption if impacted. It’s important to safeguard not just your own platforms, but to ensure your clients’ private information is also secure from their end.

The most common scams targeting businesses are invoice scams: fake invoices sent by a known supplier/customer after hacking their email. Businesses also get hit by phishing scams, where info is stolen through a malicious website that is designed to look legitimate; and by attacks on remote access systems such as remote desktop or VPNs.

What can I do?

1. Get Cyber Fit: Just like getting physically fit doesn’t happen with one workout, Cyber Fitness is all about taking small incremental steps to improve your cyber security every day. The first step is understanding what you have to lose and what tech you rely on. What data do you hold and what is valuable?
2. Remember your own reputation: A core part of an insurance broker’s appeal is trust. Misuse of an insurer’s brand or reputation from hacking can be disastrous. Protect your personal information and accounts with the same rigour applied to your firm.
3. Protect your passwords: Often cyber security comes down to poor password management. Start using a password manager and enable two-factor authentication. Don’t share your passwords with anyone.
4. Double-check invoices: If an invoice you’ve received comes from a different contact than usual or just looks different or feels off, avoid being tricked by calling the business in question to confirm the invoice is legitimate.
5. Don’t think it won’t happen to you: Scammers don’t discriminate, and can hit thousands of businesses at the same time

Insurance brokers and small business owners can sign-up today for a free online Cyber Boot Camp to help them understand their risks and what can be done to protect their business. Alternatively, reach out to Cynch to see how they can support you and your small business clients to better manage cyber risks.

Susie Jones is the co-founder and CEO of Cynch Security. She was also an insurance broker in Melbourne from 2005-2014.