An ever-pressing challenge, your insurance company’s IT network security faces an even greater threat given the stubborn persistence of the coronavirus, security professionals say.
The reason: Hackers who send emails with malicious links are exploiting your employees’ coronavirus fears by sending them official-looking emails that claim to outline new coronavirus business policies.
Moreover, hackers also impersonate your employees by emailing them fake COVID-19 announcements from government agencies along with fake updates about free government financial support during the pandemic.
Inside all those emails: innocuous-looking malicious links that, once clicked, automatically download and activate ransomware and other malware on your insurance company’s computer system.
This hacking onslaught has become so acute that it has triggered an executive order from US President Joe Biden to all American businesses: take ransomware protection seriously.
Says Biden: The order “calls on federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks. It outlines innovative ways the government will use to deliver security and software by using federal purchasing power to jump-start the market and improve the products all Americans use.
The result: Insurance companies and brokers need to be aware of the new wave of computer network security threats and take the necessary steps to protect their systems and data.
To that end, here are the key steps cybersecurity experts need to ensure your insurance company’s IT network is protected against the coming storm:
*Securing employees’ remote computers: With more and more employees working from home these days, your insurance company’s IT department needs to take extra care to protect the network connections they make between home and work.
A good place to start is to require employees to connect to your company’s computer network through a virtual private network VPN, according to Kaspersky’s report, “How Covid-19 Has Changed the Way People Work.”
Essentially, a VPN is a relatively secure encrypted network that your employees can use to access your company’s computer system over the Internet.
Since VPNs are a private gateway to the Internet, they make it much harder for hackers to investigate how your employees use the Internet, including how your employees share files or how they use your video conferencing software.
* Securing employee smartphones: Phones used at home by employees are also vulnerable. Ideally, you’ll want employees to use business cell phones for work. If that’s not possible, you’ll want to consider purpose-built software that separates — and protects — business data from personal data on smartphones.
Lost phones mean lost business data. You will therefore also want to install software on all employee mobile phones that provides anti-theft features, such as remote device location, screen lock, biometric security features such as Face ID or Touch lock ID and the ability to erase all data from the phone. it’s lost.
*Double-down on email security: Security professionals say compromised employee emails remain one of the most common ways hackers break into a corporate network. So you’ll want to harden your defenses in this vector, according to Cybriant Managed Security Services.
In total, more than 27% of employees and managers surveyed in the first months of the pandemic said they had received malicious coronavirus-themed emails while working from home, according to the Kaspersky report.
As always, the best defense against email hacks is to continually refresh employee awareness of the problem. Some security consulting firms specialize in ongoing training for your employees, including remote employee testing via email, with the latest email hacks. For more information, just Google “Employee Email Security Education”.
*Beware of cloud-jacking: With more companies moving to the cloud, it was inevitable that hackers would follow them there, according to Greg Young, vice president of cybersecurity at Trend Micro.
Hacker’s tip here: These days, even novice hackers can purchase automated scripts on the Dark Web that allow them to take complete control of the cloud infrastructure for an insurer’s business.
“Cybercriminals have adapted to take advantage of misconfigured or mismanaged cloud environments,” says Young.
And once inside an insurer’s cloud, a hacker is often able to steal your cloud’s system administrator credentials. These credentials are essentially the “keys to the kingdom” and can be used to further penetrate your cloud network, steal corporate data, and wreak other havoc.
The decision here is for insurers to review the security agreements they have with their cloud provider and ensure that the provider is keeping its end of the bargain. Calling your cloud provider’s representative to ask about any special precautions the provider takes against the latest hacker tricks should also help.
* Consider passwordless authentication: Despite years of warnings, too many employees still insist on using passwords that are child’s play to crack.
Year after year, for example, one of the most common passwords used by business users is “123456”, according to a report by Splash Data, an internet security company.
Employees looking to be a little “smarter” use “123456789”. And other ridiculously easy-to-guess commonly used passwords include “qwerty”, the ever-imaginative “password”, and “1234567”.
No wonder more and more businesses are turning to password alternatives to secure their networks. Popular techniques include Touch ID, Face ID, and ID using a call or text to an employee’s smartphone.
Other companies use one-time passwords, which are generated and sent to an employee’s email address after entering an employee ID.
* Forget the fears of Zoom bombings: Early in the pandemic, web video conferencing software company Zoom got a bad rap from pranksters who started popping up in Zoom-hosted business video conferences to cause trouble. They were yelling swear words, exposing body parts and generally acting like six-year-olds.
To be fair, Zoom has always had privacy controls, but they were just a little hard to find.
Thankfully, Zoom has since improved its video conferencing security and made its security controls much easier to find and use.
*Consider an AI upgrade: As with virtually every other aspect of enterprise software, some of the newer network security systems have a component of artificial intelligence.
These new artificial intelligence systems often lurk in the background, watching hackers as they snoop around corporate networks, taking note of the tricks and techniques hackers use, and then automatically building scripts to thwart these same pirate moves the next time they appear.
For more information on protecting your data and preventing system intrusions, Google “AI computer security” or “AI cloud security”.
Joe Dysart is a Manhattan-based internet speaker and business consultant. Contact him at [email protected].