Earlier this month, the country watched in horror as NHS computer systems were hit by a debilitating cyber attack. The ransomware, known as Wanna Decryptor or WannaCry, hit trusts in England and Scotland and has infected 200,000 machines in 150 countries since it was released.
Essentially WannaCry is a virus planted on your server by cyber attackers which locks you out of your system until you pay a ransom to regain access.
The WannaCry attack prevented thousands of people accessing their own computers and demanded a ransom – to be paid in Bitcoin – for the device to be decrypted and the files within it released.
Ransomware of this nature can be difficult to detect and will often look like a normal email, internet download or PDF. However, once you’ve clicked there’s no going back.
The malware will be installed on your computer, potentially giving full access to the cyber criminal and enabling them to extract and send themselves valuable business and client data, including bank details, passwords and account information.
Brokers store a lot of data about their clients so this is an important point to consider. With the ever-evolving nature of cyber risk, protecting company and client data is something that insurers and brokers often fall short at. However, there are simple things a broker or insurer can do to prevent cyber attacks having an impact.
We have put together five key steps that should help those in the insurance industry in this plight for protection.
1. Be on your guard
Even with everyday email correspondence, you should be on the lookout for unfamiliar language and content that doesn’t seem quite right. Make sure you look closely at the sender’s domain and never click on attachments if you are even remotely unsure of their origin.
2. Keep up to date
Your IT manager or company should be regularly and proactively reviewing your anti-virus and anti-malware software to make sure it continues to give you the protection you need. Make sure that you update it when they tell you and also keep on top of updates for your computer operating system.
3. Ensure daily backups
By backing up your data (offsite or in the cloud) you are ensuring that, if you fall victim to a cyber attack, you will be able to get your business up and running again with minimal disruption. Moving data backups to the cloud gives your businesses a ‘ready to go’ disaster recovery solution, with all data stored securely offsite.
4. Educate users
By offering regular webinars, online training and refresher courses as part of your wider IT security strategy, you will be making sure that everyone in the business has the knowledge they need to safeguard your company, and in turn your clients, from cyber attack.
5. Test disaster recovery plans
Testing your disaster recovery plan regularly will help you understand the time it will take to restore systems to a useable state and what data is likely to be lost due to back-up schedules. You can then adjust your backup schedules accordingly.
Of course, it isn’t just malicious attacks from hackers that brokers can fall victim to. The problems following the SSP outage last summer which left their broker customers unable to work fully for some weeks highlights the need for strong disaster recovery plans too.
The process of developing and instilling cyber security is not a one-off deal, but rather an ongoing and constantly evolving project. You shouldn’t feel embarrassed or nervous to admit to any gaps in your knowledge, and a quick check with your IT company or IT manager could make all the difference. After all, that’s what they’re there for.