Listen to this article, read by Steve’s Digital Doppelganger:
If you’re like most insurance agents, you’re using cloud or browser-based technology solutions to operate your business. I’ve talked to many agencies about their existing cybersecurity, and I’ve learned that there is a prevailing attitude that leans toward not needing increased levels of protection. Many agents think that because everything is in the cloud, cybersecurity beyond the basic level of protection isn’t necessary. Here are two reasons why I disagree.
First, you still have a good amount of your clients’ personal data on various devices in your office. I know that it’s common practice to scan documents, attach them to your management system, and delete the documents afterward. The problem is that not all employees are strictly following this process, which leaves behind documents with personal identifiable information (PII). I have challenged countless agencies that say they have no client personal information on their network, and I’ve never lost the challenge.
Second, if you get hacked, there is a chance the hacker will put “key logger” software on your device that tracks all your keystrokes, including passwords. When hackers get the password to your management system in the cloud, they will have total access to your client data and the ability to run and download reports on client information. This results in a data breach that will require you to contact all those clients and provide services to keep track of their credit records at no cost to them. This is costly and erodes confidence in your agency.
All this to say, it is very important that you review the cybersecurity resources Catalyit solution providers offer. It also means that you will likely need to increase the amount you spend on cyber protection, but it’s money well spent. Remember, if you get hacked, it can cause a catastrophic ripple effect with significant financial implications; not only does it impact your data security (where you probably won’t be able to access your cloud-based solutions), but it also interferes with your clients’ ability to operate normally and can potentially halt their business entirely. For instance, your clients won’t be able to obtain certificates of insurance, mortgage closings can’t be processed due to a lack of an insurance binder, etc. This will continue for a minimum of two to three days, sometimes up to a week, while a team of cyber forensics, foreign negotiators, and technology specialists work to settle with the hackers and get your systems back up and running. There will also be a team determining the potential liability of your data being accessed from your cloud management system.
My advice: Perform a risk analysis now and avoid this costly interruption.