It’s probably fair to say that you can’t protect your insurance brokerage against all cyber-attacks, but it’s also fair to say that you may not need to. There will always be an incredibly clever bunch of coders out there who, if they’re determined enough, can hack your systems. However, unless you’ve done something to upset the Russian Mob this week; it’s pretty unlikely that those resources will be brought to bear on your business.
Simple Risk Management
The truth is that most cyber-attacks are the results of some simple basic flaws in the way businesses operate. The vast majority of these attacks are easy to prevent. It’s just that in the madness of day-to-day operations, the precautions required are neglected.
There are three key areas of threat management; people, process and technology.
Getting people to stop being a major risk to your information security is simply a process of education and reinforcement. How often have you reviewed your cyber-security processes with your whole team? When they started? If then?
If you haven’t made it clear how seriously your brokerage takes information security in the last few months; it’s probably a good idea to go back and do so. Refresh people’s memories about the most important things they can do to protect your business. Provide training where necessary. Keep revisiting the topic on a regular basis. If you don’t promote cyber-security as important – how are people supposed to know that it is?
Developing process controls for cyber-security should be easy really. It’s a question of going through each process and operation and asking; what risks does this/might this introduce?
Once you can answer that question, you can start to take standard risk management proceedings to minimize or ideally – eliminate – that risk.
The earlier you focus on cyber-security when introducing new processes to the business; the easier it will be to manage the risks too. If you can get suppliers to introduce risk controls then so much the better.
The shocking thing is that 75% of cyber-crime is estimated to have a single root cause. A failure to patch systems with security patches when they are released.
Managing technology is the final part of the puzzle when it comes to managing the risks of cyber-crime. Patching is the most important piece of that puzzle. Ensuring your IT team have a maintenance cycle and adhere to it – could save you a lot of trouble.
Of course, you also need up to date firewalls, anti-virus, encryption and perhaps, in the days of smartphones and remote access, most importantly a focus on two-step authentication processes for access to data.
You cannot guarantee that your insurance brokerage will be immune to cyber-attacks. However, the truth is that a few simple precautions can dramatically reduce the risks and make your business a much less attractive target for attack.