How confident are you that your data is secure? Would you bet your agency on it? You might think you have your bases covered with anti-virus software and a password-protected network. But are you protected from what can often be the biggest threat—people? Most employee-triggered data breaches are actually accidents caused by people just trying to do their jobs. Agencies need to make sure they not only have the right technology in place to protect data but also the right training to make sure employees can recognize possible cyberattacks.
Here are ten ways to keep your data safe from Xanatek.
1. Stop threats at the door with strong password management
Use strong, unguessable passwords and store them in a secure location. It’s one of the easiest ways to protect information. Avoid common passwords like 00000000 and ABCDE. Avoid using information that is easily searchable, like pets’ names, street addresses, or birthdays, and don’t use the same login for every account.
If staff need to write down passwords to remember them, keep them in a locked drawer, or consider using technology solutions that specialize in storing passwords and protecting them. And, most importantly, set the right password management policies with your teams.
2. When it comes to security, two is better than one
Take passwords a step further with two-factor authentication. These services require users to provide another form of authentication to access critical systems. This might be inputting a code sent via email or text message after the password is submitted correctly. This tool is becoming more common in peoples’ everyday lives, so getting employees accustomed to it should be easy.
3. Show people what to watch out for
In a phishing attack, hackers pose as legitimate sources and send an email with an encrypted file or malware link. Conduct training to help employees identify phishing scams. Suspicious signs include emails sent from generic accounts rather than individuals, misspellings, or opening with Sir/Madam instead of the recipient’s name.
Teach employees that if they have any doubts, don’t click on it. It’s always better to reach out to confirm whether or not a message is legitimate. There are also services that can test—sending employees fake phishing emails to see how they respond and help them learn first-hand about the scams to look for.
4. Vet your vendors
It’s important to talk about security with your vendors, especially your agency management system. You want to understand the protections and safeguards they have in place to prevent breaches. Ask them about network security, past breaches, and how they responded. You should have a specific understanding of what your responsibilities are if the vendor is attacked. For example, if data is stolen from the AMS system, will they help you notify your impacted customers? Will they provide financial assistance to cover any costs? Having a holistic understanding of your vendors’ security protocols and limits will better prepare your business if a breach occurs.
5. Keep software up-to-date
This can sound simple, and it’s very effective. Software developers regularly release patches and updates as they uncover security flaws in their programs. By continuously updating your software, your data will have one more line of protection and further decrease the chances of infiltration. Make this a policy for all employees.
6. Prohibit non-agency technology devices from connecting to your network
More devices mean more risk. Not everyone follows the same security protocols on their own devices that you use at the agency. If an infected device is connected to the company network, malware can spread to the agency systems. Develop a clear policy about the types of devices employees can’t use to connect to the network.
7. Train employees to stay on alert
There are many types of security breakdowns, and it’s important to demonstrate the scale and scope of potential issues to employees. A criminal might pose as an agency principal requesting a money transfer or pretend to be a customer closing an account. There are myriad ways hackers can trick employees. Teach employees about different risks and show them how to spot suspicious activity. Have secure controls in place regarding payments, such as in-person confirmation for large money transfers. Let employees know it is always okay to double-check payment requests.
8. Consider using VPNs
This is especially true if employees are working from home. Remote work increases opportunities for hackers to infiltrate systems. In the office, employees benefit from the agency’s network security. At home, they most likely don’t have the same security tools. Agencies should consider using VPNs (virtual private networks) to add another level of security for network traffic. These systems enable agents to log in and have a secure connection no matter where they are working.
9. Consider cyber insurance
No protection is foolproof. Hackers are more sophisticated, and they’re developing new techniques every day. Cyber insurance can protect agencies if a breach does occur. Policies help recoup losses if the business is interrupted and can assist in recoveries from ransomware attacks.
10. Understand data limitations
Cyberattacks aren’t the only risk for data. Challenges can come from legitimate sources, such as how a vendor uses your data and your ability to move that data to additional systems and solutions. Get a clear understanding of how much you can freely access your data in a system. For example, some providers charge for data exports or don’t make them readily available. Before entering a partnership, ask your vendor: are there any fees to store and export information?
Cyber risks present new and evolving challenges for agents. It’s important to be aware and take action. From network security to password management to well-trained employees, it’s important to have all of your bases covered.