Keys to securing your computer network and insurance data

Insurers, brokers and agents handle information that makes them key targets for hackers.

Insurance companies and brokers need to be knowledgeable about the new surge in computer network security threats and take the necessary steps to protect their systems and data. (Photo: Maksim Shmeljov/Shutterstock)

Always a pressing challenge, the security of your insurance business’ computer network is facing an even greater threat given the stubborn persistence of the coronavirus, according to security pros.

The reason:  Hackers sending emails with malicious links are preying on your workers’ coronavirus fears by sending them official-looking emails that pretend to feature new business policies on the coronavirus.

Plus, hackers are also spoofing your workers by emailing them fake COVID-19 announcements from government agencies as well as fake updates on free government financial support during the pandemic.

Inside all those emails:  Innocuous-looking malicious links that once clicked on will auto-download and activate ransomware and other malware on your insurance business’ computer system.

This onslaught of hacking has become so pitched, it triggered an executive order from U.S. President Joe Biden to all U.S. businesses:  Get serious about ransomware protection.

Says Biden:  The order “calls for federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks. It outlines innovative ways the government will drive to deliver security and software using federal buying power to jumpstart the market and improve the products that all Americans use.”

The upshot:  Insurance companies and brokers need to be knowledgeable about the new surge in computer network security threats and take the necessary steps to protect their systems and data.

To that end, here are the key moves cybersecurity experts say you need to ensure your insurance company’s computer network is protected from the coming storm:

*Secure employees’ remote computers:  With so many more employees working from home these days, your insurance company’s IT department needs to take special care to safeguard the network connections they’re making between home and work.

A good place to start is to require employees to log into your company computer network via a Virtual Private Network VPN, according to the Kaspersky report, “How Covid-19 Changed the Way People Work”.

Essentially, a VPN is a relatively secure, encrypted network that your employees can use to access your company’s computer system over the internet.

Given that VPNs are a private gateway to the internet, they make it much tougher for hackers to study how your employees are using the internet — including how your employees are sharing files or how they’re using your video meeting software.

*Secure employees’ smartphones: Phones used from home by employees are also vulnerable. Ideally, you’ll want employees to use business-issued mobile phones for work. If that’s not possible, you’ll want to consider specially designed software that separates — and protects — business data from personal data on smartphones.

Lost phones mean lost business data. So you’ll also want to install software on all employee mobile phones offering anti-theft capabilities, such as remote device location, screen locking, biometric security features like Face ID or Touch ID locking and the ability to wipe all data from the phone should it be lost.

*Double-down on email security:  Security pros say compromised employee email remains one of the most common ways hackers penetrate a business network. So you’ll want to shore up your defenses in this vector, according to Cybriant Managed Security Services.

All told, more than 27% of employees and managers surveyed during the early months of the pandemic said they had received malicious, coronavirus-themed emails while working from home, according to the Kaspersky report.

As always, the best defense against email hacks is to continually refresh employee awareness about the problem. Some security consulting companies specialize in providing ongoing education for your employees — including remote testing of employees by email — featuring the latest email hacks. For more info, simply Google “Employee Email Security Education.”

*Beware of cloud-jacking:  With increasing numbers of companies moving to the cloud, it was inevitable that hackers would follow them there, according to Greg Young, vice president of cybersecurity, Trend Micro.

The hacker trick here:  These days, even novice hackers can buy automated scripts on the Dark Web that enable them to take complete control of the cloud infrastructure for an insurer’s business.

“Cybercriminals have adapted to capitalize on misconfigured or mismanaged cloud environments,” says Young.

And once inside an insurer’s cloud, a hacker is often able to steal the ID credentials of your cloud’s system administrator. Those credentials are essentially the ‘keys to the kingdom’ and can be used to further penetrate your cloud network, steal company data and wreak other havoc.

The move here is for insurers to review the security agreements they have with their cloud provider and ensure the provider is holding up its end of the bargain. Giving your cloud provider representative a call to ask about special precautions the provider is taking against the latest hacker cloud tricks should help too.

*Consider passwordless authentication:  Despite years of admonishments, too many employees still insist on using passwords that are child’s play to crack.

Year after year, for example, one of the most common passwords in use by business users is “123456,” according to a report from Splash Data, an internet security firm.

Employees looking to be a bit more ‘clever’ employ “123456789.”  And other ridiculously easy-to-guess passwords in general use include “qwerty,” the ever-imaginative “password” and “1234567.”

No wonder increasing numbers of firms are turning to password alternatives to secure their networks. Popular techniques include Touch ID, Face ID and ID using a call or text to an employee smartphone.

Other companies are using one-time passwords, which are generated and sent to an employees’ email address after an employee ID is entered.

*Forget Zoom-bombing fears:  Early on in the pandemic, web video meeting software firm Zoom got a bad rap from pranksters who began popping into Zoom-facilitated business video meetings to cause trouble. They screamed expletives, exposed body parts and generally acted like six-year-olds.

To be fair, Zoom always had privacy controls but they were simply a bit tough to find.

Fortunately, Zoom has since enhanced the security of its video meetings and made its security controls much easier to find and use.

*Consider an AI upgrade:  As with virtually every other aspect of business software, some of the newest network security systems come with an artificial intelligence component.

These new AI systems often lurk in the background, watching hackers as they poke around business networks, taking note of tricks and techniques hackers are using and then auto-building scripts to frustrate those same hacker moves the next time they pop up.

For more info on protecting your data and preventing system intrusions, Google “AI computer security” or “AI cloud security.”

Joe Dysart is an internet speaker and business consultant based in Manhattan. Contact him at joe@breakingnewsintech.com

Related: