First off, this stuff can be confusing and daunting… it is for everyone. Take 1 step at a time, together with your technical resource you will figure it out together. Remember you don’t have to be first when it comes to cybersecurity .. just don’t be in the last place. Why? because the bull (or bad guys) go after the weakest/slowest target because it is the easiest.
- Wi-Fi Router: This is the easiest way for bad guys to gain access to your digital universe. At the very minimum, you should change the admin password and hide the SSID from being broadcast. Instructions for doing both are easy to find through a simple Google search on your router’s make and model. Also, it is important to ensure the encryption is set to the highest available level which currently is WPA2 Personal (AES). If your router is 5 years old or more, it is probably best to invest in a new one that will inherently have better security and less vulnerability.
- Private Email Servers vs. Public Free Email: Encourage your agents to adopt the franchise or agency email address. Contrary to the recent presidential election news cycle, private email servers are better 😉 compared to free public email addresses. Private emails have addresses that look like [email protected] or [email protected]. These are email systems that you rent or own through an IT provider. Conversely, [email protected] [email protected] or [email protected] are free addresses from webmail or ISP providers which are inherently less secure, a more attractive target, and easier for hackers to create similar looking email addresses that appear like the original. For example, at a quick glance which is the real email address [email protected] or [email protected] ? See more on yahoo’s breach. Having a private email server is no guarantee that bad actors will not attempt to create a similar email address that appears like the real email as evident in this attempted fraud situation against ourselves at PBI Group.
- Security Awareness Training: This is akin to business ethics training or sexual harassment awareness training but specific to cyber risks. The agents are your weakest security link but can become an asset by being trained to spot red flags associated with social engineering phishing scams. PBI Group is working to develop a best-in-class offering where we can train your agents incrementally over 6 months to be more cyber aware which will decrease your chances of being breached.
- Hardware Inventory: Maintain a list of equipment with identifiers (MAC addresses, Service Tags, Manufactures Build Date, Assigned User). This is especially important for shared assets like an office laptop that may float around from agent to agent. When laptops are not in use they should be locked up. Restricting physical access to digital or paper-based information is a low-tech and easy way to keep things from falling into the wrong hands.
- Backups: This is a basic IT function that should be happening regularly to protect against hardware failure but it can also protect you against Ransomware. What is a Ransomware attack? It is when a hacker gains access to your system and locks it down with encryption and holds access to the information ransom until you pay $XX,XXX amount for the decryption key. It can also be more about extortion… pay $XX,XXX or the hackers will publish the information on the internet. A backup allows you to revert to an older set of data and continue your business.