“This time of year is a candy store for threat actors.”
So says Keith Savino, principal, managing partner, and national cyber & technology practice leader for PCF Insurance Services. His words encouraged me to continue posting about cyber risk as people focus on this festive season — and cybercriminals take advantage of them.
It only takes one cyberbreach to ruin your holidays and continue to frustrate you for months into next year. And it only takes a few seconds of inattention to allow this to happen.
We all are busier and we are rushing — so the chance of missing something is higher. Maybe it’s a response to a fake UPS text message asking for personal information to confirm delivery of a package. Or maybe it’s an unthinking click on a Facebook link offering “an 80% discount” on Cotopaxi gear.
Consumer spending this holiday season will likely exceed pre-pandemic spending: Deloitte predicts a 95% participation rate in holiday activities and predicts that gift givers will spend an average of $1,652. This is a target-rich season for nefarious actors.
Give the gift of cyber-awareness
As insurance industry participants, we have a responsibility to not only protect our agencies but also educate our customers about the risks around cyber threats. And this time of year, the threat profile is even higher — personally and professionally. Often this is an area that insurance agents approach with trepidation.
Cowbell, a company that provides small and medium-sized enterprises with advance warning of cyber-risk exposures, states that 48% of insurance agents are uncomfortable explaining cyber insurance to their clients. To help educate insurance professionals, the company has established the Cowbell Academy, an e-learning center dedicated to cyber-insurance. Leading insurance carriers like Travelers also provide training — Travelers Cyber Academy — to help businesses and organizations learn about emerging cyber-trends along with prevention tips to help address these unique risks.
According to Microsoft’s resilience guide, basic cyber-hygiene prevents 99% of attacks. The first principle is enabling multifactor authentication (MFA). Compromising more than one authentication factor presents a significant challenge for attackers because knowing a password won’t be enough to gain access to a system.
Improve cyber-protection with operational security
ID Federation is an organization created by peers in the insurance industry to help agents be both cybersecure and maintain operational efficiency. Use of MFA is recommended. But with 10-plus carrier connections, using a different MFA process for each is cumbersome. To address this issue ID Federation has created a Trust Framework — and SignOn OnceTM process — to share credentials from your agency management system with carrier partners. This enables access to carrier agent portals without having to re-enter the ID, password and MFA information. ID Federation supports MFA for improved security with operational efficiency. Working together — agents, carriers and technology providers can have cybersecurity and operational efficiency.
Agencies’ No. 1 holiday gift request
Encourage your carriers to participate in ID Federation. It’s the best holiday gift you can ask for — for insurance carriers to help make the industry more secure with operational efficiency for independent agents.
Agents should not need a different MFA sign on with each carrier partner. With SignOn Once by ID Federation, you can use your management system credentials to securely access carrier agent portals.
SignOn Once by ID Federation is in production today with the two primary management system providers — Applied Systems and Vertafore — and with carrier partners like The Hartford and Nationwide.
Alvito Vaz is executive director of ID Federation. He is a long-time participant in AUGIE and has held business and technology leadership roles at Progressive and Travelers. He can be reached at alvito@idfederation.com.
