Cybersecurity Essentials for Insurance Agents - Western Asset Protection
cybersecurity for insurance agents

Cybersecurity Essentials for Insurance Agents

October marks the start of Medicare AEP, but it’s also Cybersecurity Awareness Month. As a Medicare insurance agent, you may access valuable data and conduct a significant portion of your work online. That’s why it’s essential to take steps to protect yourself and your clients’ personal information from social engineering, ransomware, and other online threats.

Insurance Agents Are Tempting Targets

You may have heard that scammers tend to target seniors, but in reality, anyone who possesses valuable information or money can become a victim of online fraud. This includes insurance professionals. Insurance Business lists multiple cyberattacks that have hit insurance companies recently.

Although cyberattacks tend to only make the news when they target large companies, smaller companies and individuals are also at risk. Verizon says 43% of all data breaches involve small businesses, often because these businesses don’t bother with good cybersecurity because they don’t think they are targets. After a cyberattack, 60% of small businesses close within six months.

A cyberattack could drain your bank accounts, destroy your records, and put your clients at risk of identity theft. It could also damage your reputation. This is a risk insurance agents must take seriously.

Cyberattacks Come in Many Forms

As you go about your daily tasks, it is important to be aware of potential cyber threats that may come your way. It is also important to train your team and family members to be cautious when it comes to clicking on links or responding to requests. Instead of clicking email links, go directly to the company’s website or call them directly at the number the phone number listed on their website.

  • Ransomware: If ransomware infects your system, your files may be inaccessible, making it hard for you to do your job. Ransomware hackers typically demand a ransom before they give you the files back. They may also threaten to publish or sell the files, exposing your clients’ sensitive information and leaving them vulnerable to identity theft.
  • Phishing: Most people receive countless phishing emails and text messages. Cyber security’s comprehensive news site, Dark Reading warns that new AI tools are making it easier for scammers to launch high-volume attacks.
  • Business Email Compromise: BEC scams are a type of social engineering scheme in which a cybercriminal pretends to be someone you know (such as a boss or client) and convinces you to make a wire transfer or commit some other act that benefits the scammer.
  • Voice Cloning and Deepfakes: With new technology, anyone can copy a person’s voice or appearance to make convincing audio and video material. For instance, Gizmodo says a man in China was duped into making a wire transfer to a scammer who used deepfake technology to pose as a friend. The FTC says scammers use voice cloning to pose as family members who need urgent financial help.
  • Regular phone calls. Many times, scams originate with a phone call. A person says they are with the fraud division of your bank, or they’re calling from Amazon, and they’ve noticed a potentially fraudulent purchase. They may even claim to be your IT consultant. By asking a few questions, they can gain access to your accounts.

How to Stay Safe

You can take steps to reduce the risk of a cyberattack:

  • Use multifactor authentication and strong passwords. CISA has tips on keeping your passwords safe.
  • Avoid malware by using security software and firewalls. In addition, be careful about the links and downloads you click. The FTC has tips on avoiding, recognizing, and removing malware.
  • Stay vigilant against phishing attempts. The FTC has more tips on recognizing phishing attempts and securing your devices.
  • Since many insurance agents work from home sometimes, they need to create a secure home office. The National Cybersecurity Alliance has tips for remote workers, which include separating your personal and work Wi-Fi networks and limiting device access.
  • Make sure your website is secure. If you use a WordPress website (as many agents do), follow the Dark Reading tips on how to secure it.
  • Consider security when selecting a cloud-based email provider. Dark Reading says businesses that use Microsoft 365 are more likely to experience a cyberattack than those that use Google Workspace.
  • Protect your personal information on public Wi-Fi by taking precautions. Although websites are encrypted with HTTPS, public Wi-Fi isn’t completely safe. Use a VPN for extra security.

Cyberattack risks can be scary, but technology can make your job easier if you’re proactive and follow security best practices.

Western Asset Protection does not endorse any specific security vendors but recommends agents to find resources that will provide them the protection they seek and serve their best interests. WAP offers many free secure technology tools, including the Medicare Engine and MedicareCenter, to give agents a safe and competitive advantage. See all the tools available to WAP agents >