Combat Cyber Crime and Protect Your Agency
With Simple Security Steps
by Danielle Johnson
hile no tools or automated software is
100 percent effective, the best solutions
to protect your agency are to be well
informed and use common sense. Using a multiple-
vendor, multi-layer approach to system design can
significantly reduce your chances of being a victim of
cyber crime. To assess the risks associated with a cyber
intrusion of your agency’s online systems and critical
client data, ask yourself the following questions:
W
1. Does your agency have a hardware-based firewall
at the network level?
2. Does the network firewall include anti-virus,
anti-spyware and anti-spam services along with
content filtering and intrusion prevention,
detection and real-time reporting?
3. At the individual PC level, does each computer
have centrally updated and monitored anti-virus,
anti-spyware and anti-spam software loaded?
4. Are your computers set up to automatically
update your operating system and
applications for the latest available security
and critical updates?
5. Do you consider your browser security
setting to determine how much or how little
information the browser can accept from, or
transmit to, a website?
6. Does your agency have a security policy in place
that includes such policies as disaster recovery,
use/storage of passwords, use of social media on
work computers, etc.?
7. Does your agency back-up critical files in case of
an issue that disables your systems?
8. Has your agency identified an individual to
review security policies and practices on an
ongoing basis?
9. Are you aware of the laws governing the
protection of personal information in your state?
10. Do you have cyber crime insurance to protect
your data and liability exposure in the event of
an intrusion?
11. Does your agency have a training program to
educate employees on best practices to avoid
becoming a victim?
12. Does your online banking system provide
multiple layers of security tools to prevent
intrusions into the system such as token-based
authentication? Agency principals should
consider the types of transactions they conduct
within online banking and check with their
banking institution for available security
enhancements.
These are just some of the basic steps an agency
can implement to assess and protect itself from
cyber crime. Your agency should have a network
security assessment and review conducted by
a certified information technology firm that
specializes in network security. This evaluation will
help you to identify the “next steps” in securing
your network and data from unauthorized access
and distribution.
If Your Agency Becomes a Victim
If you discover, or even suspect, your agency has
fallen victim to corporate identity theft, you should
proceed as follows:
• Immediately cease all online activity and contact
your IT administrator.
• Remove the affected computer from the network
and any other computer stations involved.
• Contact your financial institution to disable
online access to the accounts and close affected
accounts. You can then open new accounts and
reset passwords.
Consult your counsel and your state’s data breach
notification law and regulations to asce rtain the
process you need to follow.
• Notify other business partners that may have
been affected, such as your insurance carriers.
• File a report with the police department.
Danielle Johnson is the VP, Director of Information
Technology at InsurBanc. Danielle prepared this article for
the Agents Council for Technology (ACT), and she can be
reached at [email protected].
| September - October 2017 | KANSAS INSURANCE AGENT & BROKER
7