ACT Alert – Agency Hacking Security Alert

What’s Happening

We know from real data that independent agents (IAs) are a prime and focused target of cyber criminals. Over 12% of all breaches are now within the Financial sector*, and this is focus is only growing.

Further, the ‘bad actors’ (hackers, cyber criminals) are thought to be working to track and collect the email addresses of insurance agency employees, and even targeting the IDs & passwords used by insurance agency employees on carrier portals.

For example, if obtained, hackers could potentially use ID/password combos to access quoting applications for new auto policies, and also use application prefill to run quotes for a list of consumer names or their vehicles – thus allowing driver’s license number to be obtained, among other personally identifiable information.

And increasingly, “phishing” e-mails are sent to employees and consumers using agency and insurance company email addresses and logos to collect additional information.

Areas where your agency should be vigilant:

• Never respond to password reset requests you did not initiate – Note that most insurance companies do not send password reset requests without being prompted by the agency or policyholder.

• Immediately investigate unusual quote activity during non-office work hours – late-nights and weekends.

• Investigate incidents where large amounts of quotes attributable to a single employee ID have occurred within one day.

• Agency security training is crucial: Constantly evaluate emails that have links or attachments that were sent to you and do not appear to be legitimate. Bring these to the attention of the security coordinator within your office (never open to review).

For more background on IA cybercrime trends, potential cost & penalties, and a roadmap to most full protect your agency, use our free ACT ‘Agency Security Cyber Guide‘.

*Source: Risk-Based Security; Data Breach Trends in 2020