Havoc Shield Blog

Phishing Attacks Against Insurance Agencies: How You Can Protect Your Company

Written by Brian Fritton | Apr 6, 2022 2:51:51 PM

How well would the staff at your insurance agency fare against a phishing attempt? According to an AWPG report, phishing attempts doubled in 2020. Keep in mind that it only takes one successful effort for hackers to successfully make their way inside your systems and start wreaking havoc. Because of the ongoing pandemic, you may have more workers than ever working from home. That’s led to a rise in phishing attempts and other cyber attacks.

The Threat of Phishing Against Insurance Agencies

One big reason that insurance companies have become such a ripe target for attackers is the kind of information you hold. Think about the data you collect when a client decides to take out a policy. You’re gathering quite a bit of personally identifiable information (PII) like birthdates, emails, and social security numbers.

Other information you might end up collecting from policyholders include:

  • Income
  • Personal property owned
  • Street address
  • Medical data  

Imagine the kind of damage a hacker could do if they managed to plant ransomware in your computer system. That’s what could happen if an employee gets an email from someone posing as the head of marketing. With the right phrasing, the cybercriminal could fool someone into providing them with information that helps them figure out the employee’s login credentials.

Reasons Your Insurance Company May Be Vulnerable

Let’s look at why your insurance agency could become a tempting target for hackers.

1. Outdated Technology

Many small insurance companies try to make do with outdated IT infrastructure. As long as it’s working, there’s no problem, right? Nope. It could be only a matter of time before an employee clicks a link that opens the door to outside security threats.

2. More Online Transactions

With the internet playing such a big role in signing up new policyholders, many insurance agencies have taken the time to invest in more robust security software. However, it takes more than technology to protect your organization. A false sense of security could leave you blind to social engineering attempts leveraged against your employees.

3. Unsuspecting Employees

Most attackers exploit vulnerabilities by sending emails containing malicious attachments. At first glance, they may seem legitimate. Bad actors often go so far as to spoof the credentials of someone your employee trusts. When taken at face value, the email may look exactly like one that comes from a legitimate source.

Attackers may also try sending a link to what appears to be a legitimate company website page to try and get an employee to enter their credentials. Once they get hold of those, they can make their way into other vulnerable company areas.

Tips on Protecting Your Insurance Agency From Cyber Attacks

Here are some steps you can take to make sure you don’t end up as the next insurance company in the headlines because of a data breach.

Educate your Employees with Cybersecurity Training

Your workers play a crucial role in defending your company from attacks. The more you educate them on what to watch for when it comes to phishing attempts, the better prepared they will be to reject those attempts.

Don’t limit yourself to talking about emails. Workers may be approached while using one of their social media platforms. You should also try and execute random scenarios that test how well workers have absorbed the security knowledge.  

Scan Everything

Every link and attachment that makes its way into your company, whether through email or attached to a reply on social media, should get thoroughly scanned for malicious software. Having software that automatically scans for malicious software lets you delete anything potentially dangerous before a worker ever sets eyes on the item.

Keep in mind that there are new viruses and malware launched every day. That makes it vital that you continuously update your security protocols to help you manage evolving cyber threats.

Create Backups

The last thing you want to tell a policyholder is that you can’t get to their billing information because someone hijacked your system. By having daily backups of critical information, you have a better chance of not giving in to demands from attackers. Another option is to invest in a security solution that immediately backs up files when created or updated.

Get 360-Degree Cyber Security Protection with Havoc Shield

Havoc Shield provides insurance agencies and other small and medium-sized companies with an all-in-one security platform. For brokers, wholesalers and agencies, you also reduce the time being cybersecurity experts for your insurers and write more cyber policies with our Cyber Fitness Assessment.

You get everything you need to keep your company safe from inside and outside threats. Learn more about our cybersecurity program by setting up a demo with a Havoc Shield representative.