An ever-pressing challenge, the security of your insurance company’s computer network faces an even greater threat given the stubborn persistence of the coronavirus, security professionals say.
The reason: Hackers who send emails with malicious links are exploiting your employees’ fears of the coronavirus by sending them official-looking emails that claim to present new business policies on the coronavirus.
Additionally, hackers are also spoofing your employees by emailing them fake COVID-19 announcements from government agencies as well as fake updates on free government financial support during the pandemic.
Inside all of these emails: seemingly harmless malicious links that, when clicked, will automatically download and activate ransomware and other malware on your insurance company’s IT system.
This hacking attack became so intense that it triggered an executive order from US President Joe Biden to all US businesses: Take Ransomware Protection Seriously.
Says Biden: The ordinance “calls on federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase confidence against cyber attacks.” It describes innovative ways the government will take to deliver security and software using federal purchasing power to revive the market and improve the products all Americans use.
The result: Insurance companies and brokers must be made aware of the new wave of threats to computer network security and take the necessary steps to protect their systems and data.
To that end, here are the key measures that cybersecurity experts say you need to make sure your insurance company’s computer network is protected from the coming storm:
* Secure remote employee computers: With so many employees working from home these days, your insurance company’s IT department must take special care to protect the network connections they make between home and work.
A good place to start is to require employees to connect to your company’s computer network through a VPN VPN, according to Kaspersky report, “How Covid-19 Has Changed the Way People Work” .
Essentially, a VPN is a relatively secure, encrypted network that your employees can use to access your company’s computer system over the Internet.
Since VPNs are a private gateway to the Internet, they make it much more difficult for hackers to study how your employees use the Internet, including how your employees share files or how they use your video conferencing software.
* Secure employees’ smartphones: Phones used in the home by employees are also vulnerable. Ideally, you’ll want employees to use company-issued cell phones for work. If that’s not possible, you might want to consider specially designed software that separates and protects business data from personal data on smartphones.
Lost phones mean loss of business data. So you’ll also want to install software on all employee mobile phones that offer anti-theft features like remote device tracking, screen lock, biometric security features like Face ID or Touch ID lock. and the ability to erase all data from the phone. let him be lost.
* Double-down on email security: Security professionals say compromised employee emails remain one of the most common ways for hackers to break into a corporate network. So you’ll want to strengthen your defenses in this vector, according to Cybriant Managed Security Services.
In total, more than 27% of employees and managers surveyed in the first months of the pandemic said they received malicious coronavirus-themed emails while working from home, according to the Kaspersky report.
As always, the best defense against email hacking is to continually refresh employee awareness of the problem. Some security consulting companies specialize in on-going training for your employees, including remote testing of employees via email, with the latest email hacks. For more information, just search Google for “Employee Email Security Education”.
* Beware of cloud-jacking: With an increasing number of businesses migrating to the cloud, it was inevitable that hackers would follow them there, according to Greg Young, vice president of cybersecurity, Trend Micro.
Hacker’s Tip Here: These days, even novice hackers can purchase automated scripts from the dark web that allow them to take complete control of the cloud infrastructure for an insurer’s business.
“Cybercriminals have adapted to take advantage of poorly configured or poorly managed cloud environments,” Young says.
And once inside an insurer’s cloud, a hacker is often able to steal your cloud’s system administrator credentials. These credentials are essentially the “keys to the kingdom” and can be used to further penetrate your cloud network, steal company data, and wreak other havoc.
The decision here is for insurers to look at the security agreements they have with their cloud provider and make sure the provider is sticking to their end of the bargain. Calling your cloud provider’s representative to ask what special precautions the provider is taking against hackers’ latest cloud tricks should also help.
* Consider authentication without a password: Despite years of scolding, too many employees still insist on using passwords that are a snap to crack.
Year after year, for example, one of the most common passwords used by business users is “123456,” according to a report by Splash Data, an internet security company.
Employees looking to be a little “smarter” use “123456789”. And other ridiculously easy-to-guess passwords in general use include “qwerty”, the ever-imaginative “password”, and “1234567”.
No wonder a growing number of businesses are turning to password alternatives to secure their networks. Popular techniques include Touch ID, Face ID, and ID using a call or text to an employee’s smartphone.
Other companies use one-time passwords, which are generated and sent to an employee’s email address after entering an employee ID.
* Forget the fears of Zoom bombing: At the start of the pandemic, web-based video meeting software company Zoom got a bad rap from pranksters who started showing up in Zoom-facilitated business video meetings to cause trouble. They were yelling curses, exposing body parts, and generally acting like six-year-olds.
To be fair, Zoom has always had privacy controls, but they were just a little hard to find.
Fortunately, Zoom has since improved the security of its video meetings and made its security controls much easier to find and use.
* Consider an AI upgrade: As with virtually every other aspect of business software, some of the newer network security systems have an artificial intelligence component.
These new AI systems often lurk in the background, watching hackers as they scour corporate networks, taking note of the tricks and techniques they use, and then automatically creating scripts to thwart those same ones. hacker movements the next time they appear.
For more information on the protection of your data and the prevention of intrusions into the system, Google “AI computer security” or “AI cloud security”.
Joe Dysart is an Internet speaker and business consultant based in Manhattan. Contact him at [email protected].
Is cyber insurance a profitable investment?
2021 Cyber Insurance Market Update
3 steps to building a strong cybersecurity culture