October is National Cybersecurity Awareness Month and a perfect time to review your agency procedures and conduct staff training to minimize your risk of cyber-attack. Launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004, this is a broad effort to help all Americans stay safer and more secure online. When it first began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time.
With the proliferation of privacy and security concerns, the effort has evolved and now features an annual theme along with weekly topics to review during the month. At the AIMS Society, we encourage professional insurance agents to approach cyber security awareness and education from two angles and with this post we hope to provide content that will help agents:
- Protect their own organizations, and
- Advise clients on cyber liability exposure.
Businesses face significant financial loss when a cyber-attack occurs. In 2019, the U.S. business sector had a 17% increase in data breaches: 1,473 breaches.
Cybercriminals often rely on human error-employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.
To encourage a culture of cybersecurity at your organization, follow these tips:
- Treat business information as personal information. Business information typically include a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee and client personally identifiable information (PII). Do not share PII with unknown parties or over unsecured networks.
- Don't make passwords easy to guess. As "smart" or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices to prevent data breaches. For more information about smart technology, review the Internet of Things Tip Sheet.
- Be up to date. Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don't have to think about it. Set your security software to run regular scans.
- Social media is part of the fraud toolset. By searching Google and scanning your organization's social media sites, cybercriminals can gather information about your employees, partners, and vendors. Employees should avoid oversharing on social media and should not conduct official business, exchange payment details, or share PII on social media platforms. Read the Social Media Cybersecurity Tip Sheet for more information.
- It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization's infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown, links, and delete suspicious messages immediately. For more information about email and phishing scams see the Phishing Tip Sheet.
For a comprehensive, step-by-step resource, access the National Cybersecurity Alliances' CyberSecure My Business program. This free resource walks business owners through the steps to Identify, Protect, Detect, Respond, and Recover from a cyber-attack.