Your Data May Be Safe Today: 10 Things That Will Keep It That Way

Share This TechTip

How confident are you that your data is secure? Would you bet your agency on it? You might think you have your bases covered with anti-virus software and a password-protected network. But are you protected from what can often be the biggest threat—people? Most employee-triggered data breaches are actually accidents caused by people just trying to do their jobs. Agencies need to make sure they not only have the right technology in place to protect data but also the right training to make sure employees can recognize possible cyberattacks.

Here are ten ways to keep your data safe from Xanatek.

1. Stop threats at the door with strong password management

Use strong, unguessable passwords and store them in a secure location. It’s one of the easiest ways to protect information. Avoid common passwords like 00000000 and ABCDE. Avoid using information that is easily searchable, like pets’ names, street addresses, or birthdays, and don’t use the same login for every account.

If staff need to write down passwords to remember them, keep them in a locked drawer, or consider using technology solutions that specialize in storing passwords and protecting them. And, most importantly, set the right password management policies with your teams.

2. When it comes to security, two is better than one

Take passwords a step further with two-factor authentication. These services require users to provide another form of authentication to access critical systems. This might be inputting a code sent via email or text message after the password is submitted correctly. This tool is becoming more common in peoples’ everyday lives, so getting employees accustomed to it should be easy.

3. Show people what to watch out for

In a phishing attack, hackers pose as legitimate sources and send an email with an encrypted file or malware link.  Conduct training to help employees identify phishing scams. Suspicious signs include emails sent from generic accounts rather than individuals, misspellings, or opening with Sir/Madam instead of the recipient’s name.

Teach employees that if they have any doubts, don’t click on it. It’s always better to reach out to confirm whether or not a message is legitimate. There are also services that can test—sending employees fake phishing emails to see how they respond and help them learn first-hand about the scams to look for.

4. Vet your vendors

It’s important to talk about security with your vendors, especially your agency management system. You want to understand the protections and safeguards they have in place to prevent breaches. Ask them about network security, past breaches, and how they responded. You should have a specific understanding of what your responsibilities are if the vendor is attacked. For example, if data is stolen from the AMS system, will they help you notify your impacted customers? Will they provide financial assistance to cover any costs? Having a holistic understanding of your vendors’ security protocols and limits will better prepare your business if a breach occurs.

5. Keep software up-to-date

This can sound simple, and it’s very effective. Software developers regularly release patches and updates as they uncover security flaws in their programs. By continuously updating your software, your data will have one more line of protection and further decrease the chances of infiltration. Make this a policy for all employees.

6. Prohibit non-agency technology devices from connecting to your network

More devices mean more risk. Not everyone follows the same security protocols on their own devices that you use at the agency. If an infected device is connected to the company network, malware can spread to the agency systems. Develop a clear policy about the types of devices employees can’t use to connect to the network.

7. Train employees to stay on alert

There are many types of security breakdowns, and it’s important to demonstrate the scale and scope of potential issues to employees. A criminal might pose as an agency principal requesting a money transfer or pretend to be a customer closing an account. There are myriad ways hackers can trick employees. Teach employees about different risks and show them how to spot suspicious activity. Have secure controls in place regarding payments, such as in-person confirmation for large money transfers. Let employees know it is always okay to double-check payment requests.

8. Consider using VPNs

This is especially true if employees are working from home. Remote work increases opportunities for hackers to infiltrate systems. In the office, employees benefit from the agency’s network security. At home, they most likely don’t have the same security tools. Agencies should consider using VPNs (virtual private networks) to add another level of security for network traffic. These systems enable agents to log in and have a secure connection no matter where they are working.

9. Consider cyber insurance

No protection is foolproof. Hackers are more sophisticated, and they’re developing new techniques every day. Cyber insurance can protect agencies if a breach does occur. Policies help recoup losses if the business is interrupted and can assist in recoveries from ransomware attacks.

10. Understand data limitations

Cyberattacks aren’t the only risk for data. Challenges can come from legitimate sources, such as how a vendor uses your data and your ability to move that data to additional systems and solutions. Get a clear understanding of how much you can freely access your data in a system. For example, some providers charge for data exports or don’t make them readily available.  Before entering a partnership, ask your vendor: are there any fees to store and export information?

Cyber risks present new and evolving challenges for agents. It’s important to be aware and take action. From network security to password management to well-trained employees, it’s important to have all of your bases covered.

More TechTips To Explore

Cybersecurity

Pitfalls to Avoid in Your Cyber Journey

Many businesses are sitting down right now to finalize budgets and lay out their plans and goals for the new year. For those focused on creating a more formal cybersecurity approach to address cyber risk, Ryan Smith shares a few tips to help you through the process.

Read More »

Unleash Your Agency's Potential

Check out our Platinum & Premium Solution Providers.

Forgot Password?

Forgot Password?

Sign up for your free 30-day free trial!

 

Let's do this

Together

We’re thrilled to invite you into Catalyit. Fill out the form to get your free, limited access – your community awaits!

Already a Basic or Full Access Subscriber?

ALERT!

Vault videos are only visible to Full Access subscribers!

Sign in or upgrade now to unlock all Catalyit content and watch this webinar on-demand.

ALERT!

This content is only visible to Catalyit Full Access subscribers!

Sign in or upgrade now to unlock all Catalyit content.

ALERT!

This content is only visible to Catalyit subscribers!

Sign in, get started free, or upgrade now to unlock all Catalyit content.

ALERT!

Vault videos are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and watch this webinar on-demand.

Let's do this

 

Let's do this

Fill out the form below to get free Basic Access to Catalyit and activate your Trava account.

 

ALERT!

Solution Provider Profiles are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and learn more about this Solution Provider.