Blog
How to increase security & better protect your insurance firm
November 7th, 2016
In recent years insurance firms have been targeted by numerous cyber attacks, both internal and external, including those by disgruntled former employees and organised cybercriminals. With the UK insurance industry alone managing investments of £1.9 trillion it is no surprise these firms are such an attractive target. Not only do these firms have a lot of capital funds on their systems at any one time, but they also have access to a wealth of customer data – the perfect tool for hackers to use for blackmail or to release to the public with the intent of causing reputational damage.
How do cybercriminal target insurance firms?
Gone are the days when individuals just hacked for “fun” or to prove that they could access a company’s system. Now their motives are far more calculated. This, in turn, has also changed the method of attack. Cyber attacks are rapidly becoming more sophisticated and for the hacker who is willing to be patient and clever the rewards stand to be substantial, whether that’s financial gain or the potential to damage – in some cases irreparably – a firm’s identity and reputation.
While insurance firms can be exploited through software vulnerabilities, social engineering is another popular tactic for many hackers. It essentially involves using tricks or tactics to gain information from legitimate users of a system in order to gain unauthorised access, without having to break in. Examples include calling targeting employees pretending to be from IT or maintenance, and requesting login details in order to “fix a problem”. As this can be a common helpdesk request some users may respond, which highlights the need for continual end-user training. Employees are often a firm’s first line of defence and, as such, must be able to recognise any red flags – such as suspicious emails or calls – and understand the appropriate escalation process.
How can insurance firms protect themselves?
When it comes to determining a security strategy, and overall IT strategy, the insurance sector faces pressure from multiple angles. The sector faces additional regulatory burdens, in comparison to some other sectors. They are also under continual pressure, from a technical aspect, to modernise their systems to ensure customer data is highly secure. Yet this data still remains accessible for review and processing.
These pressures combined can result in increased overheads and reduced margins, which can lead to decreased technical investment. However, when it comes to cybersecurity, technology should actually be the last piece of the puzzle.
Determining a security strategy should really begin with a firm understanding what their assets are, and then assessing them to determine potential risks. A reliable starting point is the ISO 27001 standard. This is a global accreditation which essentially covers best practice in regards to information security. It helps firms manage security by reviewing assets, assigning controls and monitoring processes.
Education will always be a key element of any security strategy. Social engineering is developing at a rapid pace and employees remain vulnerable as these attacks essentially manipulate trust. A comprehensive security policy should cover basic elements such as password strength, disclosing confidential information and physical security. You should then share the policy with the whole company. A security-aware culture will mean that potential threats will flag up with employees, who can then make the correct decisions. Even when the request seems genuine.
Recent high-profile breaches must serve as a warning that they are a prominent target for cybercriminals. This is likely to continue, if not increase. Taking steps to protect customer and financial data will protect your brand reputation and profitability. Therefore it makes sense to implement policies and systems to secure your business and review these regularly. The consequences of failure can be devastating, or even fatal, so cybersecurity must be a priority.
NEXT>> What is malware?
QuoStar & Inspire Christmas Lunch raises £21,000 for four Dorset charities
For the third year running we have teamed up with local professional services firm Inspire to host our annual Christmas Charity Lunch, and we are thrilled to say that thanks to the generous donations by local business people we have managed to raise £21,000 for charity – doubling what we raised at last year’s event! This […]
Meltdown and Spectre: The two new security vulnerabilities explained
Various researchers, including Google Project Zero, have today disclosed two critical processor vulnerabilities, named “Meltdown” and “Spectre”. These vulnerabilities affect laptops and workstations from all major manufacturers including HP, Dell, Microsoft, Apple etc. Essentially, they allow programs to steal data which is currently processed on a computer. This could include passwords stored in a password […]
Is it possible to have a 100% cloud environment?
Many experts are predicting a “second wave” for cloud services. Public, private and hybrid cloud implementations are reported to be accelerating, according to Forrester, as CIOs seek to take advantage of cloud’s economies of scale to build on core applications. In fact, Gartner predicts that by 2020 “no-cloud” policies will be as scarce as “no-internet” policies are today. With this […]