Insurance Industry Must Confront Data Breaches on Two Fronts
The overwhelming number of data breaches over the last few years has every private company and government agency desperately trying to guard its system against cyber criminals.
But unlike most other professions, the insurance industry is affected in two ways by the threat. Insurance companies themselves can be the target of a breach that would shut down their network, at least temporarily, or put the personal and private information of customers at risk.
At the same time, insurance companies that offer cybersecurity policies can be impacted by how well their customers protect their own systems.
That’s a staggering amount. The good thing is that those in the insurance business are starting to realize just how serious the problem is and that, just like the businesses they insure, they face costs not only in terms of the breach itself, but also in terms of their firm’s reputation.
Sometimes those breaches are ridiculously easy. A cyber criminal can gain access by sending a company an email with an attachment called a Remote Access Trojan, or RAT, that looks like a normal file. All it takes is for an unsuspecting employee to open that file and security is compromised. Certainly, hackers can be very clever and very skilled, but often all they need to be is patient.
For better protection against those cyber criminals out to do harm insurance companies should:
•Train their staffs. Those employees sitting at their computers each day are a company’s first line of defense. If they click on an attachment or a link in the wrong email, they have essentially unlocked the front door. Employees should be made aware of the dangers and told what do about suspicious email.
• Routinely update their defenses. Outdated technology and outdated security software make a company’s computers vulnerable to attack. It’s important that insurance companies periodically review their IT operations to make sure what worked last year still provides the needed security.
•Enforce better password management policies. Employees often aren’t creative enough with their passwords, making it easier for cyber criminals to work their way in. In setting a password, employees should use any unique characters they can think of, such as a dollar sign ($) or an exclamation mark (!) or replace a letter “O” with a 0 (zero). Employees also should be directed to change their passwords often.
• Be prepared for the worst. It’s essential to have a backup and recovery plan in case data is lost or corrupted. That plan should be tested frequently.
Because of their unique position, insurance companies also should make sure that their cybersecurity policy holders are taking these steps to protect themselves as well. This is definitely a situation where an ounce of cyber prevention is worth a pound of cure.
About the Author
Gary S. Miliefsky is founder of SnoopWall Inc., a cutting edge counter-intelligence technology company offering free consumer-based software to secure personal data on cell-phones and tablets, while generating revenues helping banks and government agencies secure their networks. He has been active in the INFOSEC arena, as the Executive Producer of Cyber Defense Magazine and a regular contributor to Hakin9 Magazine.
Edited by Peter Bernstein