Some may think insurance firms don’t have much to worry about when it comes to cybersecurity—but you know better. Today’s cybercriminals aren’t just attacking companies with online stores. They’ll target any company that has vast amounts of personal data—and insurance firms certainly fit the description.
Everywhere you look, there are cyber risks for insurance companies. They’re similar to the cyber risks every company faces today, but the nuances of the insurance industry leave firms more vulnerable in certain ways. That’s why insurance companies need to look beyond every day file sharing platforms and encrypted email when they’re trying to protect their data and systems.
What are the major cyber risks for insurance companies? Like companies in other industries, insurance firms are susceptible to hackers. Cybercriminals try to gain access to corporate networks in the hopes of capturing consumers’ personal information.
Think of the billing information your firm may have on file, such as bank account numbers and credit card information. Think also of the many Social Security numbers associated with your life insurance policies. A cybercriminal who breaks into your life insurance system could capture detailed financial information for an entire family. And because so many insurance systems are homegrown, it’s a challenge for companies to keep them fully compliant with security regulations—especially as the original developers move on from the company and new hires inherit their code and documentation.
“But our insurance software isn’t homegrown,” some IT professionals in the insurance industry may protest. “It’s commercial, and it’s highly secure. It’s compliant with PCI and SOC 2.”
Yes, using insurance software that boasts impressive security credentials will do much to keep your data safe from criminals—when the data is resting in these systems. But as we all know, business only moves when data moves. Your employees spend much of their time collaborating with each other as well as with partners outside your network. Every time they send a file by email or upload it to a commercial file sharing system, they expose it to criminals. This includes information on mergers and acquisitions, call center information, and executive communications.
Email is relatively easy for cybercriminals to intercept—and they can read any attachments, too. Now, you can use encrypted email to render the text unreadable to anyone who doesn’t have the necessary key, but they’ll still be able to read the attachments. End-to-end encryption (E2EE) also scrambles the text of attachments—but it requires a significant investment and only addresses one of the top cyber risks for insurance companies.
Meanwhile, simple file sharing systems are only as good as the passwords your employees and partners choose. Perhaps you’ve seen the recent chart entitled “How Safe Is Your Password?” It highlights the grim fact that a computer can crack an eight-character all-lowercase-letters password instantly. Even if you swap in an uppercase letter, a number, and a symbol among those eight characters, the computer will be able to crack the password in just eight hours. Once a criminal gets in, they’ll most likely be able to access not just one file, but an entire folder full of confidential documents. The effect on your business could be devastating.
The recent rise in working at home has only intensified the cyber risks for insurance companies. As other industries slowly return to the office, many insurance companies are holding out, citing the greater productivity and better work/life balance their employees can achieve by working at home. There’s nothing wrong with this, but it poses data security challenges. As your customer service agents exchange emails or engage in online chats with customers, can you trust that their home broadband connections are as secure as what you provide in your offices? Can you be sure that employees won’t blur the line between business systems and personal systems by checking work email on an iPad in the backyard as they watch the kids play?
When you use an encrypted file sharing platform such as Cocoon Data, you no longer need to obsess over the strength of your employees’ passwords. And there’s no opportunity for your files to get intercepted over email. That’s because once you upload a file, your recipient must use a secure link to access it. You maintain total control over where and how they access the file, which is protected by a unique encryption key. Our platform also boasts highly secure features such as geofencing, date and time stamps, and historical reporting, so you can easily track who, when and where data has been accessed.
Intrigued? Request a demo and ask us your questions.
Sep 19, 2022