Cybercrime is becoming more and more common – and no business is immune. Smaller businesses don’t always have the money or resources to protect themselves properly and are more vulnerable to attacks. Large businesses tend to overlook threats and end up just as susceptible to hackers looking for information. Insurance agencies’ collections of personal and financial data make them a uniquely attractive target for cybercrime – hacking for theft. What measures are in place to protect your insurance agency?
Cybersecurity is essential to keep information safe and secure. These 5 basic measures can go a long way in safeguarding your company against attacks.
1. Keep your antivirus and spyware updated
Yes, this seems impossibly basic and obvious, but many people forget to do it. Cyber criminals are always adapting and finding new ways to get past your firewalls. Updating these firewalls is a good way to counter this. Most antivirus programs update themselves and carry out quick system scans. Adding total system scans regularly can often fix an issue before it becomes a problem. If you create a website for your agency, make sure all the pages are protected with security applications.
2. Create strong passwords
Again, a simple step but very effective. Stolen passwords are one of the most common ways to gain entry into your system, and often stealing them isn’t necessary – 123456 can just be guessed, but believe it or not, along with ‘password’ and 12345678, it’s one of the top 5 most common passwords in America. Put policies in place to ensure that passwords are regularly changed and are complex enough to not be easily guessed – an employee’s middle name or household pet isn’t going to be that secure! When making or taking payments online, have different passwords – and if possible choose a different device from the one you regularly use, that hasn’t been used to download from the internet. Choosing a company or office-wide ‘financials device’ for online money transfers that’s heavily protected and used for nothing else can be effective.
3. Secure WiFi networks
Ensure your business network is hidden and secure, especially if you work from home. Instructions on how to do this can be found in the settings on your device. You’d be amazed how many people don’t look at basic network security, leaving the whole network easily accessible to any passing hacker with a smartphone. Think I’m kidding? There are easy ways to gain administrator-level control over the whole WiFi network. Network passwords – a different thing from router admin passwords – are short enough that random string generators can crack them easily and quickly: there’s an app for that. Choose a different password from the one on the bottom of your router, and change it regularly. If your network admin changes it office-wide, don’t tell everyone by email: it’s the least secure communications system you ever use, sent over the web unencrypted and easy to intercept. Having a backup and recovery plan in place is essential: find a secure network provider whose networks are protected by the latest antivirus measures and constantly monitored.
4. Control access
Another simple step – but making sure only the authorized people use your devices is another layer in your defenses. If possible, have a card login system, or different passwords for different levels of users. How many people actually need admin level access to networks or devices? Probably fewer than have the passwords. Portable devices such as phones, tablets and laptops are more likely to be stolen so extra care must be taken when setting security settings for those.
5. Train your employees
Finally, make sure your employees understand safety procedures to protect against the dangers of cybercrime. Put guidelines about employee’s interactions on social media and mentioning your company. If you aren’t able to finance outsourced training, build your own. Include issues such as safe document storage – never on an unsecured device or drive. Other points could be not sharing their password with friends, family or coworkers and making sure customer’s personal and financial data is always password protected, preferably stored on a separate network.