During Cyber Awareness month in October the Agents Council for Technology (ACT) and ID Federation surveyed agents to build awareness of cyberthreats.
The good news: Most respondents are aware of the growing cyber exposure climate and are taking active steps to mitigate this risk.
The bad news: Agents continue to have to log in separately to multiple insurance transaction sites: 25% of respondents say they access 7 to 11 systems daily, and 38% access more than 12 systems each day. To add MFA protection, more than half of respondents say that they must use separate MFA verifications for more than 60% of the systems they use. The volume of logins and MFA verifications is becoming increasingly burdensome for agents.
At the same time, more than a third (34%) say that phishing, by email or voice, is their greatest security concern, and 44% report that ransomware or malware attacks are their greatest worry.
The importance of MFA
Because it is effective, multifactor authentication (MFA) usage is growing. The highest number of respondents indicate they use MFA to authenticate for most system access. MFA is both a simple and effective tool to reduce the risk of cyberbreach. ACT and ID Federation encourage use of MFA for 100% of system access, and this is especially important for access for external networks. Microsoft reports that providing an extra layer of security with MFA makes it more difficult for attackers to get past the security barrier — as MFA can block over 99.9% of account compromise attacks.
Making security simpler and more efficient for agents
To ease the growing burden of multiple logins and MFA verifications, an industry nonprofit — ID Federation — was formed by peers in the insurance industry to provide both a secure and operational efficient authentication method. Technology providers, carriers and agents are cooperating to leverage their agent management system sign-on for access to carrier agent portals. Both Applied Systems and Vertafore, who represent over 75% of the independent agent force, are members of ID Federation. Leading carriers, including The Hartford and Nationwide, have implemented this solution. Encourage your carriers to participate in ID Federation.
The importance of easily implemented security cannot be overstressed. Recent high-profile breaches, like the MGM attack, show how even security conscious organizations are vulnerable to human manipulation. Ongoing awareness and training for your staff is key to minimizing ongoing risk related to phishing (or voice phishing) attacks.
Alvito Vaz is executive director of ID Federation. He is a long-time participant in AUGIE and has held business and technology leadership roles at Progressive and Travelers. He can be reached at alvito@idfederation.com.
