By Joyce Sigler
According to the U.S. Small Business Administration’s Office of Advocacy’s article “Frequently Asked Questions about Small Business 2023,” a small business is one that has fewer than 500 employees — a definition that fits most independent insurance agencies.
As small businesses, the same agencies that sell cyber coverage often don’t believe they’re targets of hackers. They don’t recognize cybersecurity as a valid exposure because they don’t think that they have anything a hacker would want.
What’s the attraction?
There are several reasons for hackers to be interested in independent insurance agencies. It’s not an agency’s size but its capabilities and access to its data that make it attractive to hackers. They don’t always know what they’re going to find, so they’re going on a treasure hunt.
Remember, hackers are motivated by money. Their goal is not to put an agency out of business or hold the agency hostage. They’re looking for any data that has value on the dark web so they can sell it. They might be searching for ways to launder money, perhaps through the agency’s commission payments or bank accounts.
Hackers are also interested in learning who the agency does business with and whom they’re connected to. Think of the information that the agency has collected on high-net-worth clients or owner entrepreneurs, for instance. The agency also has connections to banks, carriers and other agencies that hackers might be able to exploit.
Don’t overlook the small things
Agencies don’t always think about the ways they’re exposing personally identifiable information (PII). Many agencies still have some form of paper files that may not be stored or disposed of correctly. Think of how many times an employee writes down a client’s credit card number and saves it in a file or keeps sticky notes with passwords on the desk or wall for anyone to read.
COVID also made us complacent about where we work or conduct business, and it has blurred the lines between personal and professional. When we work from home, smart devices like Amazon’s Alexa, Google Assistant or Apple’s Siri are always listening and a smartphone’s microphone may have access to all your apps.
Not many people turn off the geolocator or Bluetooth when they’re not being used. How many conversations have you overheard in a coffee shop, in an elevator, on the commuter train, in an airport or even in your own agency that disclose confidential information?
Another common source of a data breach can be the electronic equipment an agency uses, trades in or upgrades. Often, we don’t erase a printer’s memory when it’s replaced, which is critical when the machine is an all-in-one that also scans, faxes and emails documents.
An agency is likely to provide employees with company-owned computers or tablets with appropriate security; however, many don’t provide …
Read more of the Rough Notes article, including Sigler’s top tools to increase cybersecurity.
