Blog
How to increase security & better protect your insurance firm
November 7th, 2016
In recent years insurance firms have been targeted by numerous cyber attacks, both internal and external, including those by disgruntled former employees and organised cybercriminals. With the UK insurance industry alone managing investments of £1.9 trillion it is no surprise these firms are such an attractive target. Not only do these firms have a lot of capital funds on their systems at any one time, but they also have access to a wealth of customer data – the perfect tool for hackers to use for blackmail or to release to the public with the intent of causing reputational damage.
How do cybercriminal target insurance firms?
Gone are the days when individuals just hacked for “fun” or to prove that they could access a company’s system. Now their motives are far more calculated. This, in turn, has also changed the method of attack. Cyber attacks are rapidly becoming more sophisticated and for the hacker who is willing to be patient and clever the rewards stand to be substantial, whether that’s financial gain or the potential to damage – in some cases irreparably – a firm’s identity and reputation.
While insurance firms can be exploited through software vulnerabilities, social engineering is another popular tactic for many hackers. It essentially involves using tricks or tactics to gain information from legitimate users of a system in order to gain unauthorised access, without having to break in. Examples include calling targeting employees pretending to be from IT or maintenance, and requesting login details in order to “fix a problem”. As this can be a common helpdesk request some users may respond, which highlights the need for continual end-user training. Employees are often a firm’s first line of defence and, as such, must be able to recognise any red flags – such as suspicious emails or calls – and understand the appropriate escalation process.
How can insurance firms protect themselves?
When it comes to determining a security strategy, and overall IT strategy, the insurance sector faces pressure from multiple angles. The sector faces additional regulatory burdens, in comparison to some other sectors. They are also under continual pressure, from a technical aspect, to modernise their systems to ensure customer data is highly secure. Yet this data still remains accessible for review and processing.
These pressures combined can result in increased overheads and reduced margins, which can lead to decreased technical investment. However, when it comes to cybersecurity, technology should actually be the last piece of the puzzle.
Determining a security strategy should really begin with a firm understanding what their assets are, and then assessing them to determine potential risks. A reliable starting point is the ISO 27001 standard. This is a global accreditation which essentially covers best practice in regards to information security. It helps firms manage security by reviewing assets, assigning controls and monitoring processes.
Education will always be a key element of any security strategy. Social engineering is developing at a rapid pace and employees remain vulnerable as these attacks essentially manipulate trust. A comprehensive security policy should cover basic elements such as password strength, disclosing confidential information and physical security. You should then share the policy with the whole company. A security-aware culture will mean that potential threats will flag up with employees, who can then make the correct decisions. Even when the request seems genuine.
Recent high-profile breaches must serve as a warning that they are a prominent target for cybercriminals. This is likely to continue, if not increase. Taking steps to protect customer and financial data will protect your brand reputation and profitability. Therefore it makes sense to implement policies and systems to secure your business and review these regularly. The consequences of failure can be devastating, or even fatal, so cybersecurity must be a priority.
NEXT>> What is malware?
4 common problems for IT Managers and how co-sourcing can help
What are the most common problems for IT Managers? Problem One: Keeping up with everything Hardware, software, telephony, IT security, servers, emails… all this requires monitoring and maintenance, and keeping everything on track can be challenging. Not to mention trying to keep up with technological advancements, new security threats and the latest strategic developments. One […]
How to calculate the financial cost of downtime
It’s concerning how few businesses understand how much downtime costs, be it for an hour, a week or a day. Fortunately, understanding these costs at a notepad level is easy and having the figures on hand allows you to make measured business decisions about how much to spend to improve your operations and to mitigate […]
Cloud adoption: Understanding and avoiding the challenges
QuoStar’s Rob Rutherford shares a few helpful hints and tips. Certain issues can arise around cloud adoption. However the risks can be mitigated when you know what to look out for. The increasing popularity of cloud services and software. There’s been a huge move onto the cloud recently, particularly around providers such as […]