Independent agents are a prime and focused target of cyber criminals. Over 12% of all breaches are now within the financial sector, and this focus is only growing.
Further, cybercriminals are thought to be working to track and collect the email addresses of insurance agency employees, and even targeting the identities and passwords used by insurance agency employees on carrier portals.
For example, if obtained, hackers could potentially use identity and password combinations to access quoting applications for new auto policies or use application prefills to run quotes for a list of consumer names or their vehicles—thus allowing a driver's license number to be obtained, among other personally identifiable information.
And increasingly, phishing e-mails are sent to employees and consumers using agency and insurance company email addresses and logos to collect additional information.
Agency security training is crucial. Please be vigilant in the following areas:
- Never respond to password reset requests you did not initiate. Note that most insurance companies do not send password reset requests without being prompted by the agency or policyholder.
- Immediately investigate unusual quote activity during non-office work hours, such as late nights and weekends.
- Investigate incidents where large amounts of quotes attributable to a single employee identification have occurred within one day.
- Constantly evaluate emails that have links or attachments that were sent to you and do not appear to be legitimate. Bring these to the attention of the security coordinator within your office. Never open the attachments or click the links to review.
For more background on cybercrime trends, potential cost and penalties, and a roadmap to protecting your agency, use the Agents Council for Technology's Agency Cyber Guide 3.0.