Protecting insurance information when you are most vulnerable
Cyber attackers won’t hesitate to target companies during the most devastating times, so preparation is vital to protect company data.
When a natural disaster strikes, the first thing most people are concerned with is the safety and well-being of those in the direct path of the hit. First responders and bystanders alike are focused on saving lives, but businesses, unfortunately, must also focus on additional dangers that lurk in the unseen realm of hurricanes, earthquakes, fires and other natural disasters.
Cyberattacks happen when companies least expect it, and the insurance industry is a vault for
sensitive information cyber attackers won’t hesitate to target even during the most devastating times. In fact, hackers are more likely to strike when people and business owners are in a panic during the crisis of a storm. For instance, 2005’s Hurricane Katrina and 2018’s Hurricane Florence both sparked a spike in phishing scams that added to the incurred damage of the tragedies.
Don’t allow these cyber threats to creep in when your guard is down. Now is the time to implement a strategy that is strong enough to withstand vulnerable seasons, such as during and after a natural disaster. There are a few key elements to protect information and data even the most skilled hackers cannot penetrate.
Identify risks
For insurance companies and other businesses, the loss of data and customer information is a great threat, so it’s crucial to have a full understanding of data storage. In a digital world where technology is implemented to streamline operations, cybersecurity is a top risk.
Although it’s typically unknown when a natural disaster will hit, businesses can assess risks and anticipate issues in advance. Identify threats, vulnerabilities and the value of the secured information to determine a cybersecurity risk prior to a potential natural disaster. Whether this process is performed by an internal IT team or outsourced to a professional cybersecurity firm, it’s imperative to identify weaknesses to prepare responses that will hold up during catastrophic events.
Implement proper data backup
Cybercriminals will target software vulnerabilities when they expect insurance companies’ attention to be focused elsewhere during a disaster. With the amount of important information that is stored — from customer social security numbers to credit card information — hackers expect to find this critical data during an attack. First, data must always be stored on encrypted devices and networks to prevent security breaches, and there should be no access to the encryption keys. This means employees should not save important information to their laptops or USB drives. Also, insurance companies must ensure the latest security software is installed on computers and networks before a natural disaster strikes.
Create a disaster recovery plan
For insurance businesses to quickly recover from an unforeseen disaster, a disaster recovery plan must be in place. Data infrastructure can be protected with the right plan, which may include an audit of IT resources, specific responsibilities of team members in the case of a natural disaster, IT backup infrastructure information, and test results of this recovery plan to audit the backup data. Whether caused by a natural disaster or malware infections and other vulnerabilities, cybercriminals are on the prowl for private data. A proactive disaster recovery plan can serve as a strong shield to ensure minimum loss and a quick recovery.
Protect sensitive data
The aftermath of a natural disaster can leave companies vulnerable to data breaches, so protecting sensitive data is of utmost importance. Names and phone numbers of clients should be as secure as social security numbers and other important information. This means anti-virus software should be updated regularly, firewalls should be managed, and intrusion detection systems should be monitored for signs of suspicious activity.
Natural disasters can strike at a moment’s notice, causing cyber threats due to power outages, infrastructure damage, scarce resources and more. Agents, brokers and insurers must be on guard with a proactive approach to guard against cyber criminals who act during these opportune times. From phishing attacks, ransomware attacks and data breaches, insurance professionals are responsible for mitigating these threats through risk identification, proper data backup, a disaster recovery plan, and protection of sensitive data. While there may not be much warning with a storm, the right plan can prepare insurance businesses for all conditions.
Grant Gibson has more than a decade of experience in the cybersecurity industry and is the chief information security officer at CIBR Ready, a cybersecurity think tank. Gibson also serves as chair of National Initiative for Cybersecurity Education where he provides a voice of leadership to emerging cyber technology education standards in the United States.
Join our LinkedIn group, ALM’s Small Business Adviser, a space where small business owners can gather to network, have discussions and keep up with the trends and issues affecting their industries.
Related: