MANAGE & LEAD CYBER SECURITY flaws directly to your organization . This service is also free to Coalition policyholders through HackerOne . It can help members stay ahead of the curve on cybersecurity .
Update your company ’ s systems and defenses . It is said that “ you don ’ t have to be faster than the bear ; you just have to run faster than the person next to you .” The same can prove true for cybersecurity . Even if you lack the most expensive and sophisticated cybersecurity tools , you need to keep up with the rest of the pack .
Some necessary precautions include updating your computer software , ensuring that your systems have antivirus and firewalls installed , and using strong passwords and device encryption . Agents should also consider other defenses that are becoming increasingly common , such as multi-factor authentication ( MFA ).
Provide education and review protocols for employees and their devices . “ All the firewalls , operating system patches , and defenses are still insufficient if your agency staff is not properly trained on security protocol . One errant click can leave your data vulnerable , as well as that of your customers ,” says Ron Berg , ACT executive director . Periodic and consistent employee cybersecurity training is not only good practice but also may be expressly required under certain laws such as the New York Department of Financial Services ( NY DFS ) Cybersecurity Regulations .
In addition to regular training and testing , agencies should also pay particular attention to policies and protocols relating to employee devices , especially if employees bring their devices for work activities . The COVID-19 pandemic also means that many employees work remotely from home , which poses additional security vulnerabilities . Visit the ACT website for more on the opportunities and risks associated with BYOD and work from home .
Consider third-party service providers as sources of help and risk . Many reputable cybersecurity service providers may be able to assist your agency . As noted above , Coalition policyholders have access to several
!
Additional resources on cybersecurity education and training include Agency Security Education & Training , and the Security Awareness Training available to Coalition policyholders .
helpful tools to improve their agency ’ s security . Conversely , some of the largest data breaches have occurred due to a third-party service provider with weak cybersecurity . The 2013 Target data breach occurred due to hackers breaking into the retail store ’ s systems by connecting with its HVAC company . Similar breaches through third-party systems continue to occur with increasing frequency .
Review applicable state , local or contractual requirements . Many federal , state , local and contractual cybersecurity rules , regulations , and requirements may apply to an insurance agent and broker . These include the Gramm-Leach-Bliley Act ( GLBA ), the New York Department of Financial Services ( NYDFS ), and other state insurance data security laws ( generally based on the National Association of Insurance Commissioners Insurance Data Security Model Law ).
Some state privacy laws also attempt to import cybersecurity requirements . Additionally , carriers increasingly propose more stringent cybersecurity requirements in their appointment contracts .
Do not fear — the Big “ I ” has your back !
First , the Government Affairs team is constantly working with state and federal legislators and regulators to ensure any future rules and requirements are fair and reasonable .
Second , the Big “ I ” Office of General Counsel offers both formal and informal reviews with general guidance on company appointment contracts and works with carriers to ensure cybersecurity provisions that are reasonable and mutually beneficial .
19