Whatever your license type—life or health insurance, securities broker, registered investment advisor, property-casualty agent, or real estate broker owner—cybersecurity should top your list of risk-management concerns. As recent news has repeatedly shown, financial professionals of all stripes face increasing cyber risks. And those who continue doing business as usual are setting themselves up for potentially catastrophic outcomes.
The good news is agents and advisors have two powerful avenues of self-defense: insurance and security best practices.
Now, if you thought E&O insurance didn’t protect against cyberattacks, you’re not alone. Many financial professionals assume they need dedicated cyberinsurance to receive the most comprehensive protection. And they’re correct. However, you can still receive basic coverage through your E&O insurance policy. Here’s how that works:
Today’s E&O insurance policies not only protect you against the standard risks of making a mistake or failing to do something important, they now also cover you against certain cyberrisks. For example, EOforLess’s life insurance agent E&O has a client network damage and privacy claim endorsement. This means you will have protection against plaintiff lawsuits relating to an alleged electronic infection that harms a client’s network. The loss must result from you providing covered professional services to the client. In other words, if a client picks up a computer virus (and sustains a financial loss as a result) from having accessed your computer network, your E&O policy can indemnify that person or entity within the limits and definitions of your policy (and the specific wording of its network endorsement). However, it’s important to realize that standalone cyberinsurance offers much more comprehensive protection.
What about common-sense security practices? Actually, implementing a surprisingly short list of measures can go a long way toward keeping you and your clients safe. Here are some of the best measures to implement:
-
- Threat awareness. Part of having secure computers and networks is being aware of the threats you face. To this end, follow industry trade publications to stay current on the cyberattacks and breaches financial entities have suffered recently. Also, visit the Financial Services Information Sharing and Analysis Center to learn more about recent incidents.
- Secure passwords. Even in this day and age, a surprising number of people still have poor password hygiene. They use their names and birthdays, rely on simplistic words and phrases, and fail to lock down their passwords against prying eyes and thieving hands. By mandating the use of a password management application, you can vastly augment your firm’s cybersecurity. Such apps simply ask you and your staff to remember one master password. Then through an Internet browser extension, they automatically serve up longer, more complex passwords when you visit websites. This means you’ll no longer need to know or save potentially hundreds of passwords.
- Multi-factor authentication (MFA). MFA is a security approach that depends on two or more methods of authenticating a user’s identity before allowing a log-in or other transaction. It typically combines what the user knows (i.e., a password), what the user has (a security token or code), and what the user is (biometric verification as in a smartphone’s built-in fingerprint reader). Having multiple security layers makes it harder for intruders to break into a device or network, since they need to have not only your password, but also your token device and biometric data.
- Security best practices. A large number of cyberbreaches occur due to employees’ unsafe computing practices. For example, they often fall prey to e-mail phishing attacks in which they clink on a URL within an email. This then infects their computer with a virus or other code that can lead to unauthorized break-ins. Even worse, online criminals now use increasingly plausible approaches to dupe employees into clicking on malicious links. Solution? Constant employee training on security awareness and best defensive practices.
- Data encryption. Make it your business to learn how to encrypt all client data before sending it over e-mail or via other channels. This is a critical element for safeguarding business and customer data.
- Destroy old hardware. If you are disposing of obsolete computers or other devices, make sure to magnetically erase the equipment. Otherwise, criminals may find a way to access the data on the computers or devices and use it to perpetrate a breach to your current hardware and networks.
- Install software patches (updates). As the latest cyberattacks are foiled, computer and system vendors typically update their software to fix bugs and close back doors that lead to breaches. However, if you don’t take advantage of those updates, your data will remain susceptible to attack.
The point is this: Cybersecurity is no longer the province of information technology (IT) professionals. Insurance and financial advisors need to stay abreast of the latest threats and adopt protective measures as soon as possible. By keeping informed, adopting best practices, and relying on their E&O and cyberinsurance policies as backstops, they should be well protected against potentially devastating cyberattacks. Good luck!
