So, there you are Zooming just like everybody else who can work remotely. And working from home is turning out pretty much OK, right?
Well, not so OK if are an insurance agent or advisor not taking precautions that other laptop jockeys don’t have to observe, according to Roger Hayashi, a principal with Summit Compliance.
“As we're dealing with the COVID-19 crisis and a lot more people are working remotely, probably from their homes, this is really adding an additional opportunity for cyber criminals,” Hayashi said during “Extraordinary Times call for Extraordinary Measures,” a National Association for Fixed Annuities webinar on compliance risks.
At home, people are working with more devices. Along with laptops and home computers, cell phones, tablets are getting into the picture, provided by the business or they are the advisor’s own.
The measures that are in place at home might not be as robust as they are at the office,” he said.
Here are some ideas to keep cyber secure at home that Hayashi provided:
Change the default username and password on your router, to make it harder for somebody to gain access to your system.
Use the highest level of encryption available on your router. Go into the settings and select the highest level of encryption. If it's set for encryption at the WEP, you want to upgrade to WPA. If you have it, you want to go to WPA2, because that's a higher level of encryption. All this is easily accessible through Google search. Or you can contact the internet service provider for help.
You or your staff and advisors might be using their personal devices at home. Some of those devices might not have anti-virus software and might be used by the kids of the household for gaming or they’re constantly downloading apps. They might not ever load any security patches, all those kinds of things. If that’s the case, Hayashi said, “you'll want to consider how you can make those security measures more robust.”
Use strong passwords, at least eight characters, upper and lower case letters, numbers and symbols.
Using a VPN when working remotely is critical. A virtual private network encrypts the data when it's in transit, and it allows safer connection to remote systems. When accessing a CRM remotely, using the VPN will increase data security substantially.
“There is a ton of them VPNs out there, you can Google them,” Hayashi said. “There's NordVPN and TunnelBear, Norton Secure, tons of them out there, and frankly they are really inexpensive.”
Working remotely means relying more on email. Transferring documents, especially with private information, should be done on a secure email system Some examples of providers are: Posteo, ProtonMail and MailHippo.
Videoconferencing has taken the place of in-person seminars and meetings, but medium presents a new set of problems along with the convenience.
Heard about Zoombombing? That’s when you have somebody crash your Zoom meeting and say inappropriate things and share inappropriate images or videos. There are some simple steps to avoid that and other problems.
“You want to send invitations directly to people that you're inviting to the meeting, instead of posting that link publicly where anybody could click on the link and gain access to the meeting,” Hayashi said.
Make the meetings private, and change the settings within the software to be able to prohibit the sharing of any links or sharing of files. And you want to set that screen-sharing option to “host only” so that somebody else can't choose to share their screen with everyone else that's in the conference.
When working from home or a different remote location, take a look at what’s behind you.
“You don't want to unintentionally display, say, another client's information, or have family members in the same room,” Hayashi said. “If you had a spouse or the kids walking behind you at a critical moment where your client's sharing some personal financial information with you, they might not appreciate having other people procure that information.”
CAREFUL WITH THE CAMERA
Cover the camera when it’s not in use, so that no one can access it to spy. Even a post-it note over the camera on the laptop will do it, or a plastic cover made to cover the camera.
LOCK IT UP
Consider who has access to your home. Besides family, friends and neighbors might stop by, and they should not able to access any client information.
So, how are those documents being stored at home? They should be secured in a file cabinet or something that locks. And lock the house.
“That’s something that always astonishes me,” Hayashi said. “A lot of people I've found, don't take the time to lock their doors or anything when they leave the house. So anybody could walk in and access any client information or non-public information.”
SHRED IT UP
If noting a person’s personal information, such as a Social Security number, enter that information into a system and then shred that note.
LET’S BE CAREFUL OUT THERE
States are passing more insurance data and security laws and regulations.
New York was the first to come out with a law involving data security requirement specific to the insurance industry, Hayashi said. The National Association of Insurance Commissioners issued a model law quickly after that.
Eight states have now passed some version of the NAIC model law. Many others are expected to pass a version this year, if COVID-19 does not delay them.
So far, New York’s cybersecurity law has the sharpest teeth.
A violation of New York's Cybersecurity Regulation could potentially result in a fine of:
A: $500 to $1500.
B: $1000 to $2500
C: No fines.
D: $2,500 per day, all the way up to $75,000 per day.
The answer: D.
“There are a number of experts who have analyzed the New York Cybersecurity Reg and incredibly there's the possibility for these enormous fines to take place,” Hayashi said. “Up to $75,000 per day for every day that you're out of compliance with that New York Reg.”
Steven A. Morelli is editor-in-chief for InsuranceNewsNet. He has more than 25 years of experience as a reporter and editor for newspapers and magazines. He was also vice president of communications for an insurance agents’ association. Steve can be reached at [email protected]
© Entire contents copyright 2020 by InsuranceNewsNet. All rights reserved. No part of this article may be reprinted without the expressly written consent from InsuranceNewsNet.