TAKING THE HOOKS OUT OF PHISHING
WHEN IT comes to cybersecurity threats, the insurance industry is at greater risk than most.
According to the 19th EY Global Information Security Survey by Ernst & Young, nearly half the insurers surveyed had faced some form of cyberattack in the preceding 12 months.
That insurers represent such a lucrative target to cybercriminals is hardly surprising. These companies have vast amounts of data that is incredibly valuable to cybercriminals. So lucrative is the data held by insurers that one attack even targeted people who weren’t customers but had simply requested a quote.
Preventing cybercriminals from getting hold of this data is an ongoing battle and one which requires constant vigilance on the part of the insurers’ security teams.
Two of the most important fronts in this battle are documentation and communication. After all, so much of the information that insurers have on their customers resides in personal, confidential documents such as bills, policies and claim forms that they send out. And documents can reside in multiple places, both within the organisation and on customer devices.
At the recent InsureTech conference in Las Vegas, insurers were asked what their biggest challenge or concern is and it’s no surprise that data, cyber and trust were in the top concerns.
Here are some of the latest cybersecurity trends insurers should be thinking about when it comes to their document and communication strategies.
For a long time, organisations of all kinds (including insurers) would adopt technological solutions and then figure out ways to make them secure afterwards. Digital documentation was no exception, with many putting accessibility to those documents ahead of security.
Later on, organisations moved to involving security at various points in the development of their digital document and communication solutions. Ultimately, though, it was still an afterthought in comparison to all the other features.
Increasingly, however, organisations have realised that security needs to be built into these systems from the ground up.
While users must shoulder some responsibility for document security, organisations must, at the very least, take steps to encrypt and protect the sensitive documents they make available on the web or by email.
Adopting security by design doesn’t have to be overly complex either. Organisations can, for example, enable the viewing of a document (such as a policy or bill) as either an interactive Web or PDF experience, allowing a user to securely view the contents, while the information remains secure should the document be part a breach.
Over the years, cybercriminals have become increasingly sophisticated. The generic phishing emails of the past have become largely redundant, replaced by convincing spoofs that would fool even the most careful email users.
The next phase of this evolution will see cybercriminals making their phishing efforts personalised, tailoring their attacks to each individual target.
It’s therefore critical that organisations continue to invest heavily in educating consumers on the latest phishing methods and how to avoid them.
Mia Papanicolaou is the chief operating officer of Striata.